Dalnet IRC Server “SUMMON”缓冲区溢出漏洞

漏洞信息详情

Dalnet IRC Server “SUMMON”缓冲区溢出漏洞

• CNNVD编号：CNNVD-200006-112
• 危害等级： 超危
  
  
• CVE编号：
  CVE-2000-0586
  
• 漏洞类型：
  
  
  缓冲区溢出
  
• 发布时间：
  
  2000-06-29
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-05-02
  
• 厂        商：
  
  dalnet
• 漏洞来源：
  First reported in …

Dalnet IRC server 4.6.5版本存在缓冲区溢出漏洞。远程攻击者借助SUMMON命令导致拒绝服务或执行任意命令。

Matt Conover provided this patch:
Apply the patch to following to s_bsd.c:
— s_bsd.old.c Mon Nov 1 17:34:19 1999
+++ s_bsd.c Mon Nov 1 17:35:39 1999
@@ -2327,7 +2327,7 @@
sendto_one(who, wrerr, who->name);
return;
}
– (void)sprintf(line, “ircd: Channel %s, by %s@%s (%s) %s\n\r”,
+ (void)snprintf(line, sizeof(line), “ircd: Channel %s, by %s@%s (%s) %s\n\r”,
chname, who->user->username, who->user->host, who->name, who->info);
if (write(fd, line, strlen(line)) != strlen(line))
{
Currently the SecurityFocus staff are not ware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.
@cannabis.dataforce.net>

来源: BID
名称: 1404
链接:http://www.securityfocus.com/bid/1404

来源: VULN-DEV
名称: 20000628 dalnet 4.6.5 remote vulnerability
链接:http://archives.neohapsis.com/archives/vuln-dev/2000-q2/1092.html