1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200709-07 / eggdrop |
| Release Date | September 15, 2007 |
| Latest Revision | September 26, 2007: 02 |
| Impact | normal |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| net-irc/eggdrop | < 1.6.18-r3 | >= 1.6.18-r3 | All supported architectures |
Related bugreports: #179354
A remote stack-based buffer overflow has been discovered in Eggdrop.
Eggdrop is an IRC bot extensible with C or Tcl.
Bow Sineath discovered a boundary error in the file mod/server.mod/servrmsg.c when processing overly long private messages sent by an IRC server.
A remote attacker could entice an Eggdrop user to connect the bot to a malicious server, possibly resulting in the execution of arbitrary code on the host running Eggdrop.
There is no known workaround at this time.
All Eggdrop users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=net-irc/eggdrop-1.6.18-r3" |