A remote stack-based buffer overflow has been discovered in Eggdrop.
Package | net-irc/eggdrop on all architectures |
---|---|
Affected versions | < 1.6.18-r3 |
Unaffected versions | >= 1.6.18-r3 |
Eggdrop is an IRC bot extensible with C or Tcl.
Bow Sineath discovered a boundary error in the file mod/server.mod/servrmsg.c when processing overly long private messages sent by an IRC server.
A remote attacker could entice an Eggdrop user to connect the bot to a malicious server, possibly resulting in the execution of arbitrary code on the host running Eggdrop.
There is no known workaround at this time.
All Eggdrop users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-irc/eggdrop-1.6.18-r3"
Release date
September 15, 2007
Latest revision
September 26, 2007: 02
Severity
normal
Exploitable
remote
Bugzilla entries