Joined: 25 Feb 2003
Location: Essen, Germany
|Posted: Fri Jan 28, 2005 11:10 pm Post subject: [ GLSA 200501-40 ] ngIRCd: Buffer overflow
|Gentoo Linux Security Advisory
Title: ngIRCd: Buffer overflow (GLSA 200501-40)
Date: January 28, 2005
Updated: May 22, 2006
ngIRCd is vulnerable to a buffer overflow that can be used to crash the daemon and possibly execute arbitrary code.
ngIRCd is a free open source daemon for Internet Relay Chat (IRC).
Vulnerable: < 0.8.2
Unaffected: >= 0.8.2
Architectures: All supported architectures
Florian Westphal discovered a buffer overflow caused by an integer underflow in the Lists_MakeMask() function of lists.c.
A remote attacker can exploit this buffer overflow to crash the ngIRCd daemon and possibly execute arbitrary code with the rights of the ngIRCd daemon process.
There is no known workaround at this time.
All ngIRCd users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-irc/ngIRCd-0.8.2"
ngIRCd Release Annoucement
Last edited by GLSA on Mon May 22, 2006 4:18 am; edited 2 times in total