漏洞信息详情

Dalnet IRC Server "SUMMON"缓冲区溢出漏洞

漏洞简介

Dalnet IRC server 4.6.5版本存在缓冲区溢出漏洞。远程攻击者借助SUMMON命令导致拒绝服务或执行任意命令。

漏洞公告

Matt Conover provided this patch: Apply the patch to following to s_bsd.c: --- s_bsd.old.c Mon Nov 1 17:34:19 1999 +++ s_bsd.c Mon Nov 1 17:35:39 1999 @@ -2327,7 +2327,7 @@ sendto_one(who, wrerr, who->name); return; } - (void)sprintf(line, "ircd: Channel %s, by %s@%s (%s) %s\n\r", + (void)snprintf(line, sizeof(line), "ircd: Channel %s, by %s@%s (%s) %s\n\r", chname, who->user->username, who->user->host, who->name, who->info); if (write(fd, line, strlen(line)) != strlen(line)) { Currently the SecurityFocus staff are not ware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.

参考网址

来源: BID 名称: 1404 链接:http://www.securityfocus.com/bid/1404 来源: VULN-DEV 名称: 20000628 dalnet 4.6.5 remote vulnerability 链接:http://archives.neohapsis.com/archives/vuln-dev/2000-q2/1092.html

受影响实体

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多