Re: eggdrop/windrop remote crash vulnerability

[Nico Golde <fd () ngolde de>]

Hi,
* Thomas Sader <thommey () gmail com> [2009-05-15 11:52]:
> Affected software
> -----------------
>
> eggdrop (1.6.19 only, not 1.6.19+ctcpfix)
> windrop (1.6.19 only, not 1.6.19+ctcpfix)
> all eggdrop/windrop versions and packages which apply Nico Goldes
> patch for CVE-2007-2807/SA25276 See: [1]
>
> Vulnerability details
> ---------------------
>
> The SA25276 patch ([1]) uses strncpy to fix a buffer overflow vulnerability
> in src/mod/server.mod/servmsg.c (gotmsg). The last argument is not checked
> for being non-negative, but that can happen if ctcpbuf is "". That causes
> a remote crash vulnerability to be exploited by anyone connected to the same
> IRC network as eggdrop. The SA25276 patch has been applied to the eggdrop1.6.18
> debian package and was later adopted by Eggheads into eggdrop1.6.19.

Dang, nice find.

Cheers
Nico
-- 
Nico Golde - JAB: nion () jabber ccc de | GPG: 0x73647CFF
Forget about that mouse with 3/4/5 buttons -
gimme a keyboard with 103/104/105 keys!

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/