Support / Security / Advisories / Mandriva Linux 2008.0 / MDVSA-2009:126-1

Package name: eggdrop
Date: 2009-12-08
Advisory ID: MDVSA-2009:126-1
Affected versions: 2008.0 i586 , 2008.0 x86_64

Problem description

mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and
earlier allows remote attackers to cause a denial of service (crash)
via a crafted PRIVMSG that causes an empty string to trigger a negative
string length copy. NOTE: this issue exists because of an incorrect
fix for CVE-2007-2807 (CVE-2009-1789).

Update:

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

Updated packages

2008.0 i586

 68249102091467a9728996fae0b42d5a  2008.0/i586/eggdrop-1.6.18-3.1mdv2008.0.i586.rpm 
 04a498693e2625f4346760bade69db4f  2008.0/SRPMS/eggdrop-1.6.18-3.1mdv2008.0.src.rpm

2008.0 x86_64

 082f3dbc6bbdb3fdd345447ae629e46a  2008.0/x86_64/eggdrop-1.6.18-3.1mdv2008.0.x86_64.rpm 
 04a498693e2625f4346760bade69db4f  2008.0/SRPMS/eggdrop-1.6.18-3.1mdv2008.0.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1789