Published: 26/05/2009 Updated: 29/09/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and previous versions allows remote malicious users to cause a denial of service (crash) via a crafted PRIVMSG that causes an empty string to trigger a negative string length copy. NOTE: this issue exists because of an incorrect fix for CVE-2007-2807.

Vulnerable Product	Search on Vulmon	Subscribe to Product
eggheads eggdrop 1.6.15
eggheads eggdrop 1.6.16
eggheads eggdrop 1.6.17
eggheads eggdrop 1.6.11
eggheads eggdrop 1.6.10
eggheads eggdrop 1.6.3
eggheads eggdrop 1.6.2
eggheads eggdrop 1.6.18
eggheads eggdrop irc bot
eggheads eggdrop 1.6.9
eggheads eggdrop 1.6.8
eggheads eggdrop 1.6.1
eggheads eggdrop 1.6.0
philip moore windrop 1.6.10
philip moore windrop 1.6.9
philip moore windrop 1.6.1
philip moore windrop 1.6.0
philip moore windrop 1.6.2\\+bindsfix
philip moore windrop 1.6.19\\+ctcpfix
eggheads eggdrop 1.6.13
eggheads eggdrop 1.6.12
eggheads eggdrop 1.6.5
eggheads eggdrop 1.6.4
philip moore windrop 1.6.17
philip moore windrop 1.6.16
philip moore windrop 1.6.15
philip moore windrop 1.6.6
philip moore windrop 1.6.4
philip moore windrop 1.5.4a
philip moore windrop 1.5.4
eggheads eggdrop 1.6.14
eggheads eggdrop 1.6.7
eggheads eggdrop 1.6.6
philip moore windrop
philip moore windrop 1.6.18
philip moore windrop 1.6.8
philip moore windrop 1.6.7
philip moore windrop 1.4.4
philip moore windrop 1.6.12
philip moore windrop 1.6.13
philip moore windrop 1.4.6
philip moore windrop 1.6.3

Debian Bug report logs - #528778 eggdrop: incomplete patch for CVE-2007-2807 Package: eggdrop; Maintainer for eggdrop is Cédric Barboiron <ced@winkiefr>; Source for eggdrop is src:eggdrop (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> Date: Fri, 15 May 2009 12:21:04 UTC Severity: grave Tags: secur ...

Several vulnerabilities have been discovered in eggdrop, an advanced IRC robot The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-2807 It was discovered that eggdrop is vulnerable to a buffer overflow, which could result in a remote user executing arbitrary code The previous DSA (DSA-1448-1) did not fix ...

eggdrop/windrop remote crash vulnerability * This message: [ Message body ] [ More options ] * Related messages: [ Next message ] [ Previous message ] [ Next in thread ] [ Replies ] From: Thomas Sader <thommey_at_gmailcom> Date: Fri, 15 May 2009 05:54:08 +0200 Affected software ----------------- eggdrop (1619 only, not 1619+c ...

eggdrop-sploit My super long and complex mIRC implementation of CVE-2009-1789 wwwcvedetailscom/cve/CVE-2009-1789/

NVD-CWE-Other http://www.vupen.com/english/advisories/2009/1340 http://cvs.eggheads.org/viewvc/viewvc.cgi/eggdrop1.6/doc/Changes1.6?revision=1.20&view=markup http://www.securityfocus.com/archive/1/503574 http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0129.html http://osvdb.org/54460 http://secunia.com/advisories/35104 http://www.securityfocus.com/bid/34985 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528778 https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01333.html http://secunia.com/advisories/35158 https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01337.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:126 http://secunia.com/advisories/35690 http://www.debian.org/security/2009/dsa-1826 https://exchange.xforce.ibmcloud.com/vulnerabilities/50547 https://www.exploit-db.com/exploits/8695 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528778 https://nvd.nist.gov https://www.exploit-db.com/exploits/8695/https://www.debian.org/security/./dsa-1826

CVE-2009-1789

Vulnerability Summary

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect