CVE-2007-4584

Summary

CVE	CVE-2007-4584
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2007-08-29 01:17:00 UTC
Updated	2017-09-29 01:29:00 UTC
Description	Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC servers to execute arbitrary code via a long string in a MODE command, related to the p_mode variable.

Risk And Classification

Problem Types: CWE-119

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Bitchx	Bitchx	1.1-final	All	All	All
Application	Bitchx	Bitchx	1.1-final	All	All	All

References

Reference	Source	Link	Tags
Gentoo Linux Documentation -- BitchX: Multiple vulnerabilities	GENTOO	security.gentoo.org
BitchX IRC MODE Remote Buffer Overflow Vulnerability	BID	www.securityfocus.com
Slackware bitchx Multiple Vulnerabilities - Secunia.com	SECUNIA	secunia.com
Webmail - OVH	VUPEN	www.vupen.com
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
37480	OSVDB	osvdb.org
Gentoo BitchX Multiple Vulnerabilities - Advisories - Secunia	SECUNIA	secunia.com
The Slackware Linux Project: Slackware Security Advisories	SLACKWARE	slackware.com
BitchX 1.1 Final - MODE Remote Heap Overflow - Linux remote Exploit	EXPLOIT-DB	www.exploit-db.com
BitchX "MODE" Buffer Overflow - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Organization	Published	Contributor	Statement
Red Hat	2007-09-24	Mark J Cox	Not vulnerable. This issue did not affect the version of IrcII as shipped with Red Hat Enterprise Linux 2.1. IrcII was not shipped in Enterprise Linux 3, 4, or 5.

There are currently no legacy QID mappings associated with this CVE.