IrcII DCC Chat缓冲区溢出漏洞

漏洞信息详情

IrcII DCC Chat缓冲区溢出漏洞

• CNNVD编号：CNNVD-200003-020
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2000-0183
  
• 漏洞类型：
  
  
  缓冲区溢出
  
• 发布时间：
  
  2000-03-10
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-05-02
  
• 厂        商：
  
  michael_sandrof
• 漏洞来源：
  First posted to Bu…

ircII 4.4版本IRC客户端存在缓冲区溢出漏洞。远程攻击者借助DCC聊天功能可以执行命令。

bladi suggested upgrading to IrcII version 4.4M in his post to BugTraq on March 10, 2000.
A fix was made available for the FreeBSD port of IrcII 4.4. From the advisory:
1) Upgrade your entire ports collection and rebuild the ircII port.
2) Reinstall a new package dated after the correction date, obtained from:
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/irc/ircII-4.4S.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/irc/ircII-4.4S.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-3-stable/irc/ircII-4.4S.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/irc/ircII-4.4S.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/irc/ircII-4.4S.tgz
3) download a new port skeleton for the ircII port from:
http://www.freebsd.org/ports/
and use it to rebuild the port.
4) Use the portcheckout utility to automate option (3) above. The
portcheckout port is available in /usr/ports/devel/portcheckout or the
package can be obtained from:
ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz
Michael Sandrof IrcII 4.4 -7
@euskalnet.net>

• Michael Sandrof IrcII 4.4M
  ftp://ircftp.au.eterna.com/pub/ircII/ircii-4.4M.tar.gz

来源: BID
名称: 1046
链接:http://www.securityfocus.com/bid/1046

来源: REDHAT
名称: RHSA-2000:008
链接:http://www.redhat.com/support/errata/RHSA-2000-008.html

来源: BUGTRAQ
名称: 20000310 Fwd: ircii-4.4 buffer overflow
链接:http://archives.neohapsis.com/archives/bugtraq/2000-03/0093.html