Published: 10/03/2007 Updated: 29/07/2017

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Multiple stack-based buffer overflows in the (1) ExtractRnick and (2) decrypt_topic_332 functions in FiSH allow remote malicious users to execute arbitrary code via long strings.

Vulnerable Product	Search on Vulmon	Subscribe to Product
fish fish

FiSH-irssi version 099 evil ircd buffer overflow exploit ...

# FiSH IRC encryption evil ircd PoC exploit # Abuses CVE-2007-1397 # Bad ircd, nasty bnc provider, nicknames over 100 char --> ruin # Runs arbitrary code which which in this case shuts down irssi # Tested on my own compiled FiSH with irssi/fedora/x86 # There are a lot more problems like this one, you should /unload fish # Caleb James DeLisle ...

source: wwwsecurityfocuscom/bid/22880/info FiSH is prone to multiple remote buffer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer An attacker can exploit these issues to execute arbitrary code within the context of the affected application ...

NVD-CWE-Other http://blogs.23.nu/ilja/stories/14493/http://www.securityfocus.com/bid/22880 http://secunia.com/advisories/24495 http://www.vupen.com/english/advisories/2007/0910 http://securityreason.com/securityalert/8216 https://exchange.xforce.ibmcloud.com/vulnerabilities/32892 https://nvd.nist.gov https://packetstormsecurity.com/files/100517/FiSH-irssi-0.99-Buffer-Overflow.html https://www.exploit-db.com/exploits/17181/

CVE-2007-1397

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect