Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200709-07
HistorySep 15, 2007 - 12:00 a.m.

Eggdrop: Buffer overflow

2007-09-1500:00:00
Gentoo Foundation
security.gentoo.org
13

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.7%

JSON

Background

Eggdrop is an IRC bot extensible with C or Tcl.

Description

Bow Sineath discovered a boundary error in the file mod/server.mod/servrmsg.c when processing overly long private messages sent by an IRC server.

Impact

A remote attacker could entice an Eggdrop user to connect the bot to a malicious server, possibly resulting in the execution of arbitrary code on the host running Eggdrop.

Workaround

There is no known workaround at this time.

Resolution

All Eggdrop users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-irc/eggdrop-1.6.18-r3"
OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-irc/eggdrop< 1.6.18-r3UNKNOWN

Related

nessus 9
openvas 25
debiancve 2
securityvulns 3
cvelist 2
packetstorm 1
debian 3
cve 2
fedora 4
altlinux 2
prion 2
nvd 2
ubuntucve 2
seebug 1
exploitpack 1
exploitdb 1
osv 1
nessus
nessus
Fedora 8 : eggdrop-1.6.18-12.fc8 (2007-4305)
2007-12-11 00:00:00
GLSA-200709-07 : Eggdrop: Buffer overflow
2007-09-24 00:00:00
Fedora 7 : eggdrop-1.6.18-12.fc7 (2007-4325)
2007-12-11 00:00:00
openvas
openvas
Eggdrop < 1.6.19 Server Module Message Handling Remote Buffer Overflow Vulnerability
2009-07-08 00:00:00
Fedora Update for eggdrop FEDORA-2007-4325
2009-02-27 00:00:00
Fedora Update for eggdrop FEDORA-2007-4325
2009-02-27 00:00:00
debiancve
debiancve
CVE-2007-2807
2007-05-22 19:30:00
CVE-2009-1789
2009-05-26 16:30:02
securityvulns
securityvulns
Eggdrop IRC client buffer overflow
2007-09-08 00:00:00
[ MDKSA-2007:175 ] - Updated eggdrop package fix remote buffer overflow
2007-09-08 00:00:00
eggdrop/windrop remote crash vulnerability
2009-05-18 00:00:00
cvelist
cvelist
CVE-2007-2807
2007-05-22 19:00:00
CVE-2009-1789
2009-05-26 16:00:00
packetstorm
packetstorm
Eggdrop/Windrop 1.6.19 Denial Of Service
2009-05-15 00:00:00
debian
debian
[SECURITY] [DSA 1448-1] New eggdrop packages fix arbitrary code execution
2008-01-05 14:52:44
[SECURITY] [DSA 1448-1] New eggdrop packages fix execution of arbitrary code
2008-01-05 15:11:22
[SECURITY] [DSA 1826-1] New eggdrop packages fix several vulnerabilities
2009-07-04 02:53:03
cve
cve
CVE-2007-2807
2007-05-22 19:30:00
CVE-2009-1789
2009-05-26 16:30:02
fedora
fedora
[SECURITY] Fedora 7 Update: eggdrop-1.6.18-12.fc7
2007-12-11 00:51:12
[SECURITY] Fedora 8 Update: eggdrop-1.6.18-12.fc8
2007-12-11 00:50:34
[SECURITY] Fedora 10 Update: eggdrop-1.6.19-4.fc10
2009-05-28 08:03:42
altlinux
altlinux
Security fix for the ALT Linux 6 package eggdrop version 1.6.18-alt2
2007-09-20 00:00:00
Security fix for the ALT Linux 6 package eggdrop version 1.6.19-alt2
2009-05-18 00:00:00
prion
prion
Stack overflow
2007-05-22 19:30:00
Design/Logic Flaw
2009-05-26 16:30:00
nvd
nvd
CVE-2007-2807
2007-05-22 19:30:00
CVE-2009-1789
2009-05-26 16:30:02
ubuntucve
ubuntucve
CVE-2007-2807
2007-05-22 00:00:00
CVE-2009-1789
2009-05-26 00:00:00
seebug
seebug
Eggdrop/Windrop 1.6.19 ctcpbuf Remote Crash Vulnerability
2009-05-17 00:00:00
exploitpack
exploitpack
EggdropWindrop 1.6.19 - ctcpbuf Remote Crash
2009-05-15 00:00:00
exploitdb
exploitdb
Eggdrop/Windrop 1.6.19 - ctcpbuf Remote Crash
2009-05-15 00:00:00
osv
osv
eggdrop - several vulnerabilities
2009-07-04 00:00:00

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.7%

JSON
Related for GLSA-200709-07
nessus9openvas25debiancve2securityvulns3cvelist2packetstorm1debian3cve2fedora4altlinux2prion2nvd2ubuntucve2seebug1exploitpack1exploitdb1osv1