Launchpad.net

CVE 2009-1789

mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PRIVMSG that causes an empty string to trigger a negative string length copy. NOTE: this issue exists because of an incorrect fix for CVE-2007-2807.

Related bugs and status

CVE-2009-1789 (Candidate) is related to these bugs:

Bug #377054: eggdrop/windrop remote crash vulnerability

		In	Importance	Status
377054	eggdrop/windrop remote crash vulnerability	eggdrop (Ubuntu)	Low	Fix Released
377054	eggdrop/windrop remote crash vulnerability	eggdrop (Debian)	Unknown	Fix Released
377054	eggdrop/windrop remote crash vulnerability	eggdrop (Ubuntu Dapper)	Undecided	Invalid
377054	eggdrop/windrop remote crash vulnerability	eggdrop (Ubuntu Hardy)	Low	Fix Released
377054	eggdrop/windrop remote crash vulnerability	eggdrop (Ubuntu Karmic)	Low	Fix Released
377054	eggdrop/windrop remote crash vulnerability	eggdrop (Ubuntu Jaunty)	Low	Fix Released
377054	eggdrop/windrop remote crash vulnerability	eggdrop (Ubuntu Intrepid)	Low	Fix Released

See the

CVE page on Mitre.org for more details.

References

BUGTRAQ: 20090515 eggdrop/windr...
FULLDISC: 20090514 eggdrop/windr...
BID: 34985
OSVDB: 54460
SECUNIA: 35104
VUPEN: ADV-2009-1340
CONFIRM: http://bugs.debian.org...
FEDORA: FEDORA-2009-5568
FEDORA: FEDORA-2009-5572
SECUNIA: 35158
MANDRIVA: MDVSA-2009:126
DEBIAN: DSA-1826
SECUNIA: 35690
CONFIRM: http://cvs.eggheads.or...
XF: eggdrop-servmsg-dos(50...
EXPLOIT-DB: 8695