blob: 253ff53139f45ae512dff5a486ebbcda85839691 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200709-07">
<title>Eggdrop: Buffer overflow</title>
A remote stack-based buffer overflow has been discovered in Eggdrop.
<product type="ebuild">eggdrop</product>
<announced>September 15, 2007</announced>
<revised>September 26, 2007: 02</revised>
<package name="net-irc/eggdrop" auto="yes" arch="*">
<unaffected range="ge">1.6.18-r3</unaffected>
<vulnerable range="lt">1.6.18-r3</vulnerable>
Eggdrop is an IRC bot extensible with C or Tcl.
Bow Sineath discovered a boundary error in the file
mod/server.mod/servrmsg.c when processing overly long private messages
sent by an IRC server.
<impact type="normal">
A remote attacker could entice an Eggdrop user to connect the bot to a
malicious server, possibly resulting in the execution of arbitrary code
on the host running Eggdrop.
There is no known workaround at this time.
All Eggdrop users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=net-irc/eggdrop-1.6.18-r3&quot;</code>
<uri link="">CVE-2007-2807</uri>
<metadata tag="requester" timestamp="Thu, 23 Aug 2007 09:04:09 +0000">
<metadata tag="bugReady" timestamp="Thu, 23 Aug 2007 09:04:22 +0000">
<metadata tag="submitter" timestamp="Fri, 07 Sep 2007 09:43:27 +0000">