Key Information Vulnerability Name: Eggdrop/Windrop 1.6.19 - ctcpbuf Remote Crash EDB-ID: 8695 CVE: 2009-1789 Author: Thomas Sader Type: DOS Platform: Multiple Date: 2009-05-15 Affected Application: Eggdrop/Windrop Affected Software Eggdrop 1.6.19 (excluding 1.6.19+ctcpfix) Windrop 1.6.19 (excluding 1.6.19+ctcpfix) All Eggdrop/Windrop versions and packages that applied Nico Goldes' CVE-2007-2807/SA25276 patch Vulnerability Details The SA25276 patch fixes a buffer overflow in (gotmsg) using . If is , the last parameter is not checked for being non-negative, allowing anyone to trigger a remote crash vulnerability. Possible Exploitation Send to the IRC server to crash eggdrop. Solution Upgrade to eggdrop/windrop 1.6.19+ctcpfix, or apply the ctcpfix patch before compiling. Disclosure Timeline 2009-05-06: Discovered and reported to Eggheads. 2009-05-06: Patch submitted to CVS. 2009-05-14: New eggdrop and windrop versions with fix released. 2009-05-14: Public disclosure. References [1] http://bugzilla.eggheads.org/show_bug.cgi?id=462 [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=427157 [1] https://www.securityfocus.com/bid/24070 [1] http://secunia.com/advisories/25276 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2807 [2] http://www.eggheads.org/downloads/ [3] http://windrop.sourceforge.net/downloads.html