GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Sat Sep 15, 2007 4:26 pm Post subject: [ GLSA 200709-07 ] Eggdrop: Buffer overflow |
 |
|
Gentoo Linux Security Advisory
Title: Eggdrop: Buffer overflow (GLSA 200709-07)
Severity: normal
Exploitable: remote
Date: September 15, 2007
Updated: September 26, 2007
Bug(s): #179354
ID: 200709-07
Synopsis
A remote stack-based buffer overflow has been discovered in Eggdrop.
Background
Eggdrop is an IRC bot extensible with C or Tcl.
Affected Packages
Package: net-irc/eggdrop
Vulnerable: < 1.6.18-r3
Unaffected: >= 1.6.18-r3
Architectures: All supported architectures
Description
Bow Sineath discovered a boundary error in the file mod/server.mod/servrmsg.c when processing overly long private messages sent by an IRC server.
Impact
A remote attacker could entice an Eggdrop user to connect the bot to a malicious server, possibly resulting in the execution of arbitrary code on the host running Eggdrop.
Workaround
There is no known workaround at this time.
Resolution
All Eggdrop users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-irc/eggdrop-1.6.18-r3" |
References
CVE-2007-2807
Last edited by GLSA on Thu Sep 27, 2007 4:18 am; edited 1 time in total |
|
News & Announcements
