GLSA
Bodhisattva
Joined: 25 Feb 2003
Posts: 3829
Location: Essen, Germany
|
 Posted: Fri Jan 28, 2005 11:10 pm Post subject: [ GLSA 200501-40 ] ngIRCd: Buffer overflow |
 |
|
Gentoo Linux Security Advisory
Title: ngIRCd: Buffer overflow (GLSA 200501-40)
Severity: high
Exploitable: remote
Date: January 28, 2005
Updated: May 22, 2006
Bug(s): #79705
ID: 200501-40
Synopsis
ngIRCd is vulnerable to a buffer overflow that can be used to crash the daemon and possibly execute arbitrary code.
Background
ngIRCd is a free open source daemon for Internet Relay Chat (IRC).
Affected Packages
Package: net-irc/ngircd
Vulnerable: < 0.8.2
Unaffected: >= 0.8.2
Architectures: All supported architectures
Description
Florian Westphal discovered a buffer overflow caused by an integer underflow in the Lists_MakeMask() function of lists.c.
Impact
A remote attacker can exploit this buffer overflow to crash the ngIRCd daemon and possibly execute arbitrary code with the rights of the ngIRCd daemon process.
Workaround
There is no known workaround at this time.
Resolution
All ngIRCd users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-irc/ngIRCd-0.8.2" |
References
ngIRCd Release Annoucement
CVE-2005-0199
Last edited by GLSA on Mon May 22, 2006 4:18 am; edited 2 times in total |
|
News & Announcements
