«
»

Vulnerability in Eggdrop / Windrop 1.6.19

A vulnerability in the Eggdrop and Windrop bot has been found which prompts a new release.

The vulnerabilitiy is present in both latest versions of the bot software 1.6.19 which has been released back in April 2008.

A posting on the Full Disclosure mailinglist goes into more detail, describing how one can at least crash vulnerable bots:

One possible exploit anyone can send to the IRC server to crash eggdrop:

PRIVMSG eggdrop :\1\1

The only resolution at this time is upgrading old bots with the provided fix.

Related posts:

  1. mIRC Local DCC Issue: Exploit, Vulnerability or Neither? mIRC has seen issues with DCC exploits in the past....
  2. Quassel IRC CTCP Command Injection Vulnerability Another day, another IRC client vulnerability… Researchers have found a...
  3. Update on the Development of Eggdrop Development has been going slowly lately around the popular Eggdrop...
  4. KVIrc 3.4.0 irc:// URI handler format string vulnerability – reloaded No, not only mIRC has bugs For the second time,...
  5. Eggdrop 1.6.19 Released It took almost 2 years for a new release, and...

Tags: , , ,

This entry was posted on Friday, May 15th, 2009 at 5:56 pm and is filed under Hack, IRC, Software. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Vulnerability in Eggdrop / Windrop 1.6.19”

  1. Gravatar Elmaron Says:
    May 20th, 2009 at 4:21 pm Quote

    Those spreading CTCP parser bugs in multiple projects start to get ashaming I find (I also heard of Linkinus having issues, although not crashing).

Leave a Reply