ALT-PU-2015-1839-1
Closed vulnerabilities
Published: 2009-05-26
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2009-1789
mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PRIVMSG that causes an empty string to trigger a negative string length copy. NOTE: this issue exists because of an incorrect fix for CVE-2007-2807.
Severity: MEDIUM (4.3)
References:
- 20090514 eggdrop/windrop remote crash vulnerability
- 20090514 eggdrop/windrop remote crash vulnerability
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528778
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528778
- http://cvs.eggheads.org/viewvc/viewvc.cgi/eggdrop1.6/doc/Changes1.6?revision=1.20&view=markup
- http://cvs.eggheads.org/viewvc/viewvc.cgi/eggdrop1.6/doc/Changes1.6?revision=1.20&view=markup
- 54460
- 54460
- 35104
- 35104
- 35158
- 35158
- 35690
- 35690
- DSA-1826
- DSA-1826
- MDVSA-2009:126
- MDVSA-2009:126
- 20090515 eggdrop/windrop remote crash vulnerability
- 20090515 eggdrop/windrop remote crash vulnerability
- 34985
- 34985
- ADV-2009-1340
- ADV-2009-1340
- eggdrop-servmsg-dos(50547)
- eggdrop-servmsg-dos(50547)
- 8695
- 8695
- FEDORA-2009-5568
- FEDORA-2009-5568
- FEDORA-2009-5572
- FEDORA-2009-5572