Stay Secure with the Latest Linux Advisories

security advisorydenial of servicefedora

Fedora 10: FEDORA-2009-5572 Critical Eggdrop Remote DoS

mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PRIVMSG that causes an empty string to trigger a negative string length copy. NOTE: this issue exists because of an incorrect fix for CVE-2007-2807. The current remote denial of service is tracked as CVE-2009-1789.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-5572 2009-05-28 07:01:50 -------------------------------------------------------------------------------- Name : eggdrop Product : Fedora 10 Version : 1.6.19 Release : 4.fc10 URL : http://www.eggheads.org/ Summary : The world's most popular Open Source IRC bot Description : Eggdrop is the world's most popular Open Source IRC bot, designed for flexibility and ease of use. It is extendable with Tcl scripts and/or C modules, has support for the big five IRC networks and is able to form botnets, share partylines and userfiles between bots. -------------------------------------------------------------------------------- Update Information: mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PRIVMSG that causes an empty string to trigger a negative string length copy. NOTE: this issue exists because of an incorrect fix for CVE-2007-2807. The current remote denial of service is tracked as CVE-2009-1789. -------------------------------------------------------------------------------- ChangeLog: * Tue May 26 2009 Robert Scheck 1.6.19-4 - Added upstream ctcpfix to solve CVE-2009-1789 (#502650) * Mon Feb 23 2009 Robert Scheck 1.6.19-3 - Rebuild for gcc 4.4 and rpm 4.6 -------------------------------------------------------------------------------- References: [ 1 ] Bug #502650 - CVE-2009-1789 eggdrop DoS (crash) https://bugzilla.redhat.com/show_bug.cgi?id=502650 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update eggdrop' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Urgent notice regarding Fedora 10 Eggdrop vulnerability leading to remote DoS attacks impacting IRC bots. Prompt measures are advised for those affected.. Eggdrop Update,Fedora Security,Remote Attack Fix. . Severity: Critical. LinuxSecurity.com Team

May 28, 2009 •Critical Fedora