Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 29 May 2009 17:22:59 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request -- Eggdrop


======================================================
Name: CVE-2009-1789
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1789
Reference: BUGTRAQ:20090515 eggdrop/windrop remote crash vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/503574
Reference: FULLDISC:20090514 eggdrop/windrop remote crash vulnerability
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0129.html
Reference: MILW0RM:8695
Reference: URL:http://www.milw0rm.com/exploits/8695
Reference: CONFIRM:http://cvs.eggheads.org/viewvc/viewvc.cgi/eggdrop1.6/doc/Changes1.6?revision=1.20&view=markup
Reference: BID:34985
Reference: URL:http://www.securityfocus.com/bid/34985
Reference: OSVDB:54460
Reference: URL:http://osvdb.org/54460
Reference: SECUNIA:35104
Reference: URL:http://secunia.com/advisories/35104
Reference: VUPEN:ADV-2009-1340
Reference: URL:http://www.vupen.com/english/advisories/2009/1340
Reference: XF:eggdrop-servmsg-dos(50547)
Reference: URL:http://xforce.iss.net/xforce/xfdb/50547

mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and
earlier allows remote attackers to cause a denial of service (crash)
via a crafted PRIVMSG that causes an empty string to trigger a
negative string length copy.  NOTE: this issue exists because of an
incorrect fix for CVE-2007-2807.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.