oss-sec mailing list archives
Re: CVE Request -- Eggdrop
From: "Steven M. Christey" <coley () linus mitre org>
Date: Fri, 29 May 2009 17:22:59 -0400 (EDT)
====================================================== Name: CVE-2009-1789 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1789 Reference: BUGTRAQ:20090515 eggdrop/windrop remote crash vulnerability Reference: URL:http://www.securityfocus.com/archive/1/503574 Reference: FULLDISC:20090514 eggdrop/windrop remote crash vulnerability Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0129.html Reference: MILW0RM:8695 Reference: URL:http://www.milw0rm.com/exploits/8695 Reference: CONFIRM:http://cvs.eggheads.org/viewvc/viewvc.cgi/eggdrop1.6/doc/Changes1.6?revision=1.20&view=markup Reference: BID:34985 Reference: URL:http://www.securityfocus.com/bid/34985 Reference: OSVDB:54460 Reference: URL:http://osvdb.org/54460 Reference: SECUNIA:35104 Reference: URL:http://secunia.com/advisories/35104 Reference: VUPEN:ADV-2009-1340 Reference: URL:http://www.vupen.com/english/advisories/2009/1340 Reference: XF:eggdrop-servmsg-dos(50547) Reference: URL:http://xforce.iss.net/xforce/xfdb/50547 mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PRIVMSG that causes an empty string to trigger a negative string length copy. NOTE: this issue exists because of an incorrect fix for CVE-2007-2807.
Current thread:
- CVE Request -- Eggdrop Jan Lieskovsky (May 15)
- Re: CVE Request -- Eggdrop Steven M. Christey (May 29)