CGI:IRC Client.C Remote Buffer Overflow and Denial Of Service Vulnerabilities
BID:17799
Info
CGI:IRC Client.C Remote Buffer Overflow and Denial Of Service Vulnerabilities
| Bugtraq ID: | 17799 |
| Class: | Unknown |
| CVE: |
CVE-2006-2148 |
| Remote: | Yes |
| Local: | No |
| Published: | May 02 2006 12:00AM |
| Updated: | Dec 01 2006 07:59PM |
| Credit: | The vendor disclosed these vulnerabilities. |
| Vulnerable: |
Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 CGI:IRC CGI:IRC 0.5.7 CGI:IRC CGI:IRC 0.5.4 |
| Not Vulnerable: |
CGI:IRC CGI:IRC 0.5.8 |
Discussion
CGI:IRC Client.C Remote Buffer Overflow and Denial Of Service Vulnerabilities
CGI:IRC is susceptible to multiple remote vulnerabilities.
A buffer-overflow vulnerability and denial-of-service vulnerability affect CGI:IRC, and potentially allow remote attackers to execute arbitrary machine code and to crash the affected application.
Version 0.5.7 is vulnerable to these issues; other versions may also be affected.
CGI:IRC is susceptible to multiple remote vulnerabilities.
A buffer-overflow vulnerability and denial-of-service vulnerability affect CGI:IRC, and potentially allow remote attackers to execute arbitrary machine code and to crash the affected application.
Version 0.5.7 is vulnerable to these issues; other versions may also be affected.
Exploit / POC
CGI:IRC Client.C Remote Buffer Overflow and Denial Of Service Vulnerabilities
This issue can be exploited through a web client.
Currently we are not aware of any exploits for these issues. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
This issue can be exploited through a web client.
Currently we are not aware of any exploits for these issues. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
Solution / Fix
CGI:IRC Client.C Remote Buffer Overflow and Denial Of Service Vulnerabilities
Solution:
The vendor has released version 0.5.8 to address this issue; please see the reference section for further details.
Please see the referenced advisories for further information on obtaining and applying fixes.
CGI:IRC CGI:IRC 0.5.4
Solution:
The vendor has released version 0.5.8 to address this issue; please see the reference section for further details.
Please see the referenced advisories for further information on obtaining and applying fixes.
CGI:IRC CGI:IRC 0.5.4
-
Debian cgiirc_0.5.4-6sarge1_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/cgiirc/cgiirc_0.5.4-6sa rge1_alpha.deb -
Debian cgiirc_0.5.4-6sarge1_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/cgiirc/cgiirc_0.5.4-6sa rge1_amd64.deb -
Debian cgiirc_0.5.4-6sarge1_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/cgiirc/cgiirc_0.5.4-6sa rge1_arm.deb -
Debian cgiirc_0.5.4-6sarge1_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/cgiirc/cgiirc_0.5.4-6sa rge1_hppa.deb -
Debian cgiirc_0.5.4-6sarge1_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/cgiirc/cgiirc_0.5.4-6sa rge1_i386.deb -
Debian cgiirc_0.5.4-6sarge1_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/cgiirc/cgiirc_0.5.4-6sa rge1_ia64.deb -
Debian cgiirc_0.5.4-6sarge1_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/cgiirc/cgiirc_0.5.4-6sa rge1_m68k.deb -
Debian cgiirc_0.5.4-6sarge1_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/cgiirc/cgiirc_0.5.4-6sa rge1_mips.deb -
Debian cgiirc_0.5.4-6sarge1_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/cgiirc/cgiirc_0.5.4-6sa rge1_mipsel.deb -
Debian cgiirc_0.5.4-6sarge1_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/cgiirc/cgiirc_0.5.4-6sa rge1_powerpc.deb -
Debian cgiirc_0.5.4-6sarge1_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/cgiirc/cgiirc_0.5.4-6sa rge1_s390.deb -
Debian cgiirc_0.5.4-6sarge1_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/c/cgiirc/cgiirc_0.5.4-6sa rge1_sparc.deb
References
CGI:IRC Client.C Remote Buffer Overflow and Denial Of Service Vulnerabilities
References:
References:
- CGI:IRC Web Site (CGI:IRC)
- Duh, sizeof doesn't make sense for a pointer! (cvs.cgiirc.org)
- Fix a couple of buffer overflows. (cvs.cgiirc.org)