hook.c in BitchX 1.1-final allows remote IRC servers to execute arbitrary commands by sending a client certain data containing NICK and EXEC strings, which exceeds the bounds of a hash table, and injects an EXEC hook function that receives and executes shell commands.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Bitchx | Bitchx | 1.1-final (including) | 1.1-final (including) |
| Ircii-pana | Ubuntu | dapper | * |
| Ircii-pana | Ubuntu | devel | * |
| Ircii-pana | Ubuntu | edgy | * |
| Ircii-pana | Ubuntu | feisty | * |
References
- http://osvdb.org/37479
- http://secunia.com/advisories/25759
- http://secunia.com/advisories/34870
- http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.285737
- http://www.securityfocus.com/bid/24579
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34969
- https://www.exploit-db.com/exploits/4087
- http://osvdb.org/37479
- http://secunia.com/advisories/25759
- http://secunia.com/advisories/34870
- http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.285737
- http://www.securityfocus.com/bid/24579
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34969
- https://www.exploit-db.com/exploits/4087