Fedora 10: FEDORA-2009-5572 Critical Eggdrop Remote DoS
fedora
May 28, 2009
mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier
allows remote attackers to cause a denial of service (crash) via a crafted
PRIVMSG that causes an empty...
Summary
Eggdrop is the world's most popular Open Source IRC bot, designed
for flexibility and ease of use. It is extendable with Tcl scripts
and/or C modules, has support for the big five IRC networks and is
able to form botnets, share partylines and userfiles between bots.
Update Information:
mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PRIVMSG that causes an empty string to trigger a negative string length copy. NOTE: this issue exists because of an incorrect fix for CVE-2007-2807. The current remote denial of service is tracked as CVE-2009-1789.
Topics Covered
Change Log
* Tue May 26 2009 Robert Scheck
References
[ 1 ] Bug #502650 - CVE-2009-1789 eggdrop DoS (crash)
https://bugzilla.redhat.com/show_bug.cgi?id=502650
Update Instructions
This update can be installed with the "yum" update program. Use su -c 'yum update eggdrop' at the command line. For more information, refer to "Managing Software with yum", available at .
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Name: eggdrop
Product: Fedora 10
Version: 1.6.19
Release: 4.fc10
Summary: The world's most popular Open Source IRC bot
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!