Vulnerability in Eggdrop / Windrop 1.6.19

A vulnerability in the Eggdrop and Windrop bot has been found which prompts a new release.

The vulnerabilitiy is present in both latest versions of the bot software 1.6.19 which has been released back in April 2008.

A posting on the Full Disclosure mailinglist goes into more detail, describing how one can at least crash vulnerable bots:

One possible exploit anyone can send to the IRC server to crash eggdrop:

PRIVMSG eggdrop :\1\1

The only resolution at this time is upgrading old bots with the provided fix.

Related posts:

  1. KVIrc 3.4.2 URI handler in combination with IE exploitable [Updated] Not even a month ago, it was KVIrc 3.4.0 in...
  2. KVIrc 3.4.0 irc:// URI handler format string vulnerability – reloaded No, not only mIRC has bugs ;) For the second...
  3. Quassel IRC CTCP Command Injection Vulnerability Another day, another IRC client vulnerability... Researchers have found a...
  4. phpDenora fixes XSS vulnerability After getting notified about a Cross-site scripting vulnerability in phpDenora...
  5. mIRC Local DCC Issue: Exploit, Vulnerability or Neither? mIRC has seen issues with DCC exploits in the past....

http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/digg_48.png http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/reddit_48.png http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/dzone_48.png http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/stumbleupon_48.png http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/delicious_48.png http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/blinklist_48.png http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/blogmarks_48.png http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/newsvine_48.png http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/technorati_48.png http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/google_48.png http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/myspace_48.png http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/facebook_48.png http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/yahoobuzz_48.png http://www.irc-junkie.org/wp-content/plugins/sociofluid/images/twitter_48.png

Tags: , , ,

One Response to “Vulnerability in Eggdrop / Windrop 1.6.19”

  1. Gravatar Elmaron Says:

    Those spreading CTCP parser bugs in multiple projects start to get ashaming I find (I also heard of Linkinus having issues, although not crashing).

Leave a Reply