ngIRCd Remote Buffer Overflow Vulnerability
BID:12397
Info
ngIRCd Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 12397 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 28 2005 12:00AM |
| Updated: | Jan 28 2005 12:00AM |
| Credit: | Discovery is credited to Florian Westphal. |
| Vulnerable: |
ngIRCd ngIRCd 0.8.1 ngIRCd ngIRCd 0.8 ngIRCd ngIRCd 0.7.7 ngIRCd ngIRCd 0.7.6 ngIRCd ngIRCd 0.7.5 ngIRCd ngIRCd 0.7.1 ngIRCd ngIRCd 0.7 ngIRCd ngIRCd 0.6.1 ngIRCd ngIRCd 0.6 |
| Not Vulnerable: |
ngIRCd ngIRCd 0.8.2 |
Discussion
ngIRCd Remote Buffer Overflow Vulnerability
ngIRCd is reported prone to a remote buffer overflow vulnerability. This issue presents itself because the application fails to perform proper boundary checks before copying user-supplied data into process buffers.
A successful attack may allow the attacker to crash the server or gain unauthorized access to a vulnerable computer.
ngIRCd 0.8.1 and prior versions are affected by this vulnerability.
ngIRCd is reported prone to a remote buffer overflow vulnerability. This issue presents itself because the application fails to perform proper boundary checks before copying user-supplied data into process buffers.
A successful attack may allow the attacker to crash the server or gain unauthorized access to a vulnerable computer.
ngIRCd 0.8.1 and prior versions are affected by this vulnerability.
Exploit / POC
ngIRCd Remote Buffer Overflow Vulnerability
A denial of service proof of concept is available:
A denial of service proof of concept is available:
Solution / Fix
ngIRCd Remote Buffer Overflow Vulnerability
Solution:
The vendor has released ngIRCd 0.8.2 to address this issue.
Gentoo has released advisory GLSA 200501-40 to address this issue. Gentoo users may carry out the following commands to update their computers:
emerge --sync
emerge --ask --oneshot --verbose ">=net-irc/ngIRCd-0.8.2"
Please see the referenced advisory for more information.
Solution:
The vendor has released ngIRCd 0.8.2 to address this issue.
Gentoo has released advisory GLSA 200501-40 to address this issue. Gentoo users may carry out the following commands to update their computers:
emerge --sync
emerge --ask --oneshot --verbose ">=net-irc/ngIRCd-0.8.2"
Please see the referenced advisory for more information.