Lucene search
Gentoo FoundationGLSA-200709-07HistorySep 15, 2007 - 12:00 a.m.
Eggdrop: Buffer overflow
2007-09-1500:00:00
Gentoo Foundation
security.gentoo.org
11
0.019 Low
EPSS
Percentile
88.6%
Background
Eggdrop is an IRC bot extensible with C or Tcl.
Description
Bow Sineath discovered a boundary error in the file mod/server.mod/servrmsg.c when processing overly long private messages sent by an IRC server.
Impact
A remote attacker could entice an Eggdrop user to connect the bot to a malicious server, possibly resulting in the execution of arbitrary code on the host running Eggdrop.
Workaround
There is no known workaround at this time.
Resolution
All Eggdrop users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-irc/eggdrop-1.6.18-r3"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | net-irc/eggdrop | < 1.6.18-r3 | UNKNOWN |
Related
nessus
nessus
Fedora 8 : eggdrop-1.6.18-12.fc8 (2007-4305)
2007-12-11 00:00:00
Mandrake Linux Security Advisory : eggdrop (MDKSA-2007:175)
2007-09-07 00:00:00
GLSA-200709-07 : Eggdrop: Buffer overflow
2007-09-24 00:00:00
securityvulns
securityvulns
Eggdrop IRC client buffer overflow
2007-09-08 00:00:00
[ MDKSA-2007:175 ] - Updated eggdrop package fix remote buffer overflow
2007-09-08 00:00:00
eggdrop/windrop remote crash vulnerability
2009-05-18 00:00:00
debiancve
debiancve
CVE-2007-2807
2007-05-22 19:30:00
CVE-2009-1789
2009-05-26 16:30:00
openvas
openvas
Eggdrop < 1.6.19 Server Module Message Handling Remote Buffer Overflow Vulnerability
2009-07-08 00:00:00
Fedora Update for eggdrop FEDORA-2007-4325
2009-02-27 00:00:00
Fedora Update for eggdrop FEDORA-2007-4305
2009-02-27 00:00:00
packetstorm
packetstorm
Eggdrop/Windrop 1.6.19 Denial Of Service
2009-05-15 00:00:00
debian
debian
[SECURITY] [DSA 1448-1] New eggdrop packages fix arbitrary code execution
2008-01-05 15:18:11
[SECURITY] [DSA 1448-1] New eggdrop packages fix execution of arbitrary code
2008-01-05 15:11:30
[SECURITY] [DSA 1826-1] New eggdrop packages fix several vulnerabilities
2009-07-04 02:53:15
cve
cve
CVE-2007-2807
2007-05-22 19:30:00
CVE-2009-1789
2009-05-26 16:30:00
fedora
fedora
[SECURITY] Fedora 8 Update: eggdrop-1.6.18-12.fc8
2007-12-11 00:50:34
[SECURITY] Fedora 7 Update: eggdrop-1.6.18-12.fc7
2007-12-11 00:51:12
[SECURITY] Fedora 10 Update: eggdrop-1.6.19-4.fc10
2009-05-28 08:03:42
seebug
seebug
Eggdrop/Windrop 1.6.19 ctcpbuf Remote Crash Vulnerability
2009-05-17 00:00:00
exploitpack
exploitpack
EggdropWindrop 1.6.19 - ctcpbuf Remote Crash
2009-05-15 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 6 package eggdrop version 1.6.19-alt2
2009-05-18 00:00:00
Security fix for the ALT Linux 6 package eggdrop version 1.6.18-alt2
2007-09-20 00:00:00
prion
prion
Stack overflow
2007-05-22 19:30:00
Design/Logic Flaw
2009-05-26 16:30:00
ubuntucve
ubuntucve
CVE-2007-2807
2007-05-22 00:00:00
CVE-2009-1789
2009-05-26 00:00:00
exploitdb
exploitdb
Eggdrop/Windrop 1.6.19 - ctcpbuf Remote Crash
2009-05-15 00:00:00
osv
osv
eggdrop - several vulnerabilities
2009-07-04 00:00:00