Vulnerability in Eggdrop / Windrop 1.6.19
A vulnerability in the Eggdrop and Windrop bot has been found which prompts a new release.
The vulnerabilitiy is present in both latest versions of the bot software 1.6.19 which has been released back in April 2008.
A posting on the Full Disclosure mailinglist goes into more detail, describing how one can at least crash vulnerable bots:
One possible exploit anyone can send to the IRC server to crash eggdrop:
PRIVMSG eggdrop :\1\1
The only resolution at this time is upgrading old bots with the provided fix.
Related posts:
- mIRC Local DCC Issue: Exploit, Vulnerability or Neither? mIRC has seen issues with DCC exploits in the past....
- Quassel IRC CTCP Command Injection Vulnerability Another day, another IRC client vulnerability… Researchers have found a...
- Update on the Development of Eggdrop Development has been going slowly lately around the popular Eggdrop...
- KVIrc 3.4.0 irc:// URI handler format string vulnerability – reloaded No, not only mIRC has bugs For the second time,...
- Eggdrop 1.6.19 Released It took almost 2 years for a new release, and...
May 20th, 2009 at 4:21 pm Quote
Those spreading CTCP parser bugs in multiple projects start to get ashaming I find (I also heard of Linkinus having issues, although not crashing).