MDVSA-2009:126
- Package name
- eggdrop
- Date
- 2009-06-01
- Advisory ID
- MDVSA-2009:126
- Affected versions
- 2009.0 x86_64 , 2009.1 i586 , 2009.0 i586 , 2008.1 i586 , CS3.0 x86_64 , CS3.0 i586 , 2008.1 x86_64 , 2009.1 x86_64
Problem description
mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and
earlier allows remote attackers to cause a denial of service (crash)
via a crafted PRIVMSG that causes an empty string to trigger a negative
string length copy. NOTE: this issue exists because of an incorrect
fix for CVE-2007-2807 (CVE-2009-1789).
Updated packages
2009.0 x86_64
cd9215461dee9c0f628531a75595f9fd 2009.0/x86_64/eggdrop-1.6.19-2.1mdv2009.0.x86_64.rpm d1cca08f9930bbfe6c54c0433495105d 2009.0/SRPMS/eggdrop-1.6.19-2.1mdv2009.0.src.rpm
2009.1 i586
6a46846372e2a1df2261dcc1f03192d1 2009.1/i586/eggdrop-1.6.19-3.1mdv2009.1.i586.rpm c9692b23909736c4ab591366f0e9866f 2009.1/SRPMS/eggdrop-1.6.19-3.1mdv2009.1.src.rpm
2009.0 i586
779c10d0cb61fab2777d7faa7648b22e 2009.0/i586/eggdrop-1.6.19-2.1mdv2009.0.i586.rpm d1cca08f9930bbfe6c54c0433495105d 2009.0/SRPMS/eggdrop-1.6.19-2.1mdv2009.0.src.rpm
2008.1 i586
cc805ed693bd02aa5d20b1a7743231a3 2008.1/i586/eggdrop-1.6.18-5.1mdv2008.1.i586.rpm 82ed73d46c5f43cce66ab1ca822a3de6 2008.1/SRPMS/eggdrop-1.6.18-5.1mdv2008.1.src.rpm
CS3.0 x86_64
ba29bd8f14eaadeab7727ee7aea14b86 corporate/3.0/x86_64/eggdrop-1.6.15-3.2.C30mdk.x86_64.rpm 0c717fd83e2ed782bfbd1ec16b11250c corporate/3.0/SRPMS/eggdrop-1.6.15-3.2.C30mdk.src.rpm
CS3.0 i586
64d17abb0b6eb47c8d79675b88462e59 corporate/3.0/i586/eggdrop-1.6.15-3.2.C30mdk.i586.rpm 0c717fd83e2ed782bfbd1ec16b11250c corporate/3.0/SRPMS/eggdrop-1.6.15-3.2.C30mdk.src.rpm
2008.1 x86_64
e0bc2b8e6bf113e3fd1ca90478c46b91 2008.1/x86_64/eggdrop-1.6.18-5.1mdv2008.1.x86_64.rpm 82ed73d46c5f43cce66ab1ca822a3de6 2008.1/SRPMS/eggdrop-1.6.18-5.1mdv2008.1.src.rpm
2009.1 x86_64
0d62d2fd40a927b7a4bd39bb5a84a718 2009.1/x86_64/eggdrop-1.6.19-3.1mdv2009.1.x86_64.rpm c9692b23909736c4ab591366f0e9866f 2009.1/SRPMS/eggdrop-1.6.19-3.1mdv2009.1.src.rpm