FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2009-1789

This CVE name corresponds to:

Entered Topic
2009-05-30 eggdrop -- denial of service vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2009-1789 at cve.mitre.org

Details

Type Candidate
Name CVE-2009-1789
Phase Assigned(20090526)

Description

mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PRIVMSG that causes an empty string to trigger a negative string length copy. NOTE: this issue exists because of an incorrect fix for CVE-2007-2807.

References

Source Reference
BUGTRAQ 20090515 eggdrop/windrop remote crash vulnerability
FULLDISC 20090514 eggdrop/windrop remote crash vulnerability
MILW0RM 8695
CONFIRM http://cvs.eggheads.org/viewvc/viewvc.cgi/eggdrop1.6/doc/Changes1.6?revision=1.20&view=markup
CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528778
DEBIAN DSA-1826
FEDORA FEDORA-2009-5568
FEDORA FEDORA-2009-5572
MANDRIVA MDVSA-2009:126
BID 34985
OSVDB 54460
SECUNIA 35104
SECUNIA 35158
SECUNIA 35690
VUPEN ADV-2009-1340
XF eggdrop-servmsg-dos(50547)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.