Joined: 12 May 2004
|Posted: Sat Sep 15, 2007 4:26 pm Post subject: [ GLSA 200709-07 ] Eggdrop: Buffer overflow
|Gentoo Linux Security Advisory
Title: Eggdrop: Buffer overflow (GLSA 200709-07)
Date: September 15, 2007
Updated: September 26, 2007
A remote stack-based buffer overflow has been discovered in Eggdrop.
Eggdrop is an IRC bot extensible with C or Tcl.
Vulnerable: < 1.6.18-r3
Unaffected: >= 1.6.18-r3
Architectures: All supported architectures
Bow Sineath discovered a boundary error in the file mod/server.mod/servrmsg.c when processing overly long private messages sent by an IRC server.
A remote attacker could entice an Eggdrop user to connect the bot to a malicious server, possibly resulting in the execution of arbitrary code on the host running Eggdrop.
There is no known workaround at this time.
All Eggdrop users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-irc/eggdrop-1.6.18-r3"
Last edited by GLSA on Thu Sep 27, 2007 4:18 am; edited 1 time in total