lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 15 May 2009 13:40:50 +0200
From: Nico Golde <fd@...lde.de>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: eggdrop/windrop remote crash vulnerability

Hi,
* Thomas Sader <thommey@...il.com> [2009-05-15 11:52]:
> Affected software
> -----------------
> 
> eggdrop (1.6.19 only, not 1.6.19+ctcpfix)
> windrop (1.6.19 only, not 1.6.19+ctcpfix)
> all eggdrop/windrop versions and packages which apply Nico Goldes
> patch for CVE-2007-2807/SA25276 See: [1]
> 
> Vulnerability details
> ---------------------
> 
> The SA25276 patch ([1]) uses strncpy to fix a buffer overflow vulnerability
> in src/mod/server.mod/servmsg.c (gotmsg). The last argument is not checked
> for being non-negative, but that can happen if ctcpbuf is "". That causes
> a remote crash vulnerability to be exploited by anyone connected to the same
> IRC network as eggdrop. The SA25276 patch has been applied to the eggdrop1.6.18
> debian package and was later adopted by Eggheads into eggdrop1.6.19.

Dang, nice find.

Cheers
Nico
-- 
Nico Golde - JAB: nion@...ber.ccc.de | GPG: 0x73647CFF
Forget about that mouse with 3/4/5 buttons -
gimme a keyboard with 103/104/105 keys!

Content of type "application/pgp-signature" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ