| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20090515114050.GC20697@ngolde.de>
Date: Fri, 15 May 2009 13:40:50 +0200
From: Nico Golde <fd@...lde.de>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: eggdrop/windrop remote crash vulnerability
Hi,
* Thomas Sader <thommey@...il.com> [2009-05-15 11:52]:
> Affected software
> -----------------
>
> eggdrop (1.6.19 only, not 1.6.19+ctcpfix)
> windrop (1.6.19 only, not 1.6.19+ctcpfix)
> all eggdrop/windrop versions and packages which apply Nico Goldes
> patch for CVE-2007-2807/SA25276 See: [1]
>
> Vulnerability details
> ---------------------
>
> The SA25276 patch ([1]) uses strncpy to fix a buffer overflow vulnerability
> in src/mod/server.mod/servmsg.c (gotmsg). The last argument is not checked
> for being non-negative, but that can happen if ctcpbuf is "". That causes
> a remote crash vulnerability to be exploited by anyone connected to the same
> IRC network as eggdrop. The SA25276 patch has been applied to the eggdrop1.6.18
> debian package and was later adopted by Eggheads into eggdrop1.6.19.
Dang, nice find.
Cheers
Nico
--
Nico Golde - JAB: nion@...ber.ccc.de | GPG: 0x73647CFF
Forget about that mouse with 3/4/5 buttons -
gimme a keyboard with 103/104/105 keys!
Content of type "application/pgp-signature" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists