Date: Fri, 29 May 2009 17:22:59 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security@...ts.openwall.com Subject: Re: CVE Request -- Eggdrop ====================================================== Name: CVE-2009-1789 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1789 Reference: BUGTRAQ:20090515 eggdrop/windrop remote crash vulnerability Reference: URL:http://www.securityfocus.com/archive/1/503574 Reference: FULLDISC:20090514 eggdrop/windrop remote crash vulnerability Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0129.html Reference: MILW0RM:8695 Reference: URL:http://www.milw0rm.com/exploits/8695 Reference: CONFIRM:http://cvs.eggheads.org/viewvc/viewvc.cgi/eggdrop1.6/doc/Changes1.6?revision=1.20&view=markup Reference: BID:34985 Reference: URL:http://www.securityfocus.com/bid/34985 Reference: OSVDB:54460 Reference: URL:http://osvdb.org/54460 Reference: SECUNIA:35104 Reference: URL:http://secunia.com/advisories/35104 Reference: VUPEN:ADV-2009-1340 Reference: URL:http://www.vupen.com/english/advisories/2009/1340 Reference: XF:eggdrop-servmsg-dos(50547) Reference: URL:http://xforce.iss.net/xforce/xfdb/50547 mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PRIVMSG that causes an empty string to trigger a negative string length copy. NOTE: this issue exists because of an incorrect fix for CVE-2007-2807.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.