IRC-Junkie.org – IRC News

A vulnerability in the Eggdrop and Windrop bot has been found which prompts a new release.

The vulnerabilitiy is present in both latest versions of the bot software 1.6.19 which has been released back in April 2008.

A posting on the Full Disclosure mailinglist goes into more detail, describing how one can at least crash vulnerable bots:

One possible exploit anyone can send to the IRC server to crash eggdrop:

PRIVMSG eggdrop :\1\1

The only resolution at this time is upgrading old bots with the provided fix.

A vulnerability in the Eggdrop and Windrop bot has been found which prompts a new release. The vulnerabilitiy is present in both latest versions of the bot software 1.6.19 which has been released back in April 2008. A posting on the Full Disclosure mailinglist goes into more detail, describing how one can at least crash vulnerable ...

Related posts:

1. KVIrc 3.4.2 URI handler in combination with IE exploitable [Updated] Not even a month ago, it was KVIrc 3.4.0 in...
2. KVIrc 3.4.0 irc:// URI handler format string vulnerability – reloaded No, not only mIRC has bugs ;) For the second...
3. Quassel IRC CTCP Command Injection Vulnerability Another day, another IRC client vulnerability... Researchers have found a...
4. phpDenora fixes XSS vulnerability After getting notified about a Cross-site scripting vulnerability in phpDenora...
5. mIRC Local DCC Issue: Exploit, Vulnerability or Neither? mIRC has seen issues with DCC exploits in the past....

Tags: Eggdrop, Hack, IRC, Software

This entry was posted on Friday, May 15th, 2009 at 5:56 pm and is filed under Hack, IRC, Software. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.