Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 29 May 2009 17:22:59 -0400 (EDT)
From: "Steven M. Christey" <>
Subject: Re: CVE Request -- Eggdrop

Name: CVE-2009-1789
Status: Candidate
Reference: BUGTRAQ:20090515 eggdrop/windrop remote crash vulnerability
Reference: URL:
Reference: FULLDISC:20090514 eggdrop/windrop remote crash vulnerability
Reference: URL:
Reference: MILW0RM:8695
Reference: URL:
Reference: CONFIRM:
Reference: BID:34985
Reference: URL:
Reference: OSVDB:54460
Reference: URL:
Reference: SECUNIA:35104
Reference: URL:
Reference: VUPEN:ADV-2009-1340
Reference: URL:
Reference: XF:eggdrop-servmsg-dos(50547)
Reference: URL:

mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and
earlier allows remote attackers to cause a denial of service (crash)
via a crafted PRIVMSG that causes an empty string to trigger a
negative string length copy.  NOTE: this issue exists because of an
incorrect fix for CVE-2007-2807.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.