正文

Dalnet IRC Server "SUMMON"缓冲区溢出漏洞

admin
admin V管理员 /0 评论 /6 阅读
1230
此篇文章发布距今已超过1268天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

Dalnet IRC Server "SUMMON"缓冲区溢出漏洞

  • CNNVD编号:CNNVD-200006-112
    • <!--
  • 危害等级: 超危-->
  • 危害等级: 超危
  • CVE编号: CVE-2000-0586
  • 漏洞类型: 缓冲区溢出
  • 发布时间: 2000-06-29
  • 威胁类型: 远程
  • 更新时间: 2005-05-02
  • 厂        商: dalnet
  • 漏洞来源: on June 29, 2000.');">First reported in ...

漏洞简介

Dalnet IRC server 4.6.5版本存在缓冲区溢出漏洞。远程攻击者借助SUMMON命令导致拒绝服务或执行任意命令。

漏洞公告

Matt Conover provided this patch: Apply the patch to following to s_bsd.c: --- s_bsd.old.c Mon Nov 1 17:34:19 1999 +++ s_bsd.c Mon Nov 1 17:35:39 1999 @@ -2327,7 +2327,7 @@ sendto_one(who, wrerr, who->name); return; } - (void)sprintf(line, "ircd: Channel %s, by %s@%s (%s) %s\n\r", + (void)snprintf(line, sizeof(line), "ircd: Channel %s, by %s@%s (%s) %s\n\r", chname, who->user->username, who->user->host, who->name, who->info); if (write(fd, line, strlen(line)) != strlen(line)) { Currently the SecurityFocus staff are not ware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

参考网址

来源: BID 名称: 1404 链接:http://www.securityfocus.com/bid/1404 来源: VULN-DEV 名称: 20000628 dalnet 4.6.5 remote vulnerability 链接:http://archives.neohapsis.com/archives/vuln-dev/2000-q2/1092.html

受影响实体

  • Dalnet Ircd:4.6.5  
    <!--
    2000-1-1
    -->

补丁

    暂无