Vulnerability in Eggdrop / Windrop 1.6.19

Hello there! If you are new here, you might want to subscribe to the RSS feed for more & updated news about the world of IRC.

You're also welcome to follow us on Twitter or join our Facebook Fanpage.

If you liked this post, please show your support by clicking on our flattr button - thank you! :)

A vulnerability in the Eggdrop and Windrop bot has been found which prompts a new release.

The vulnerabilitiy is present in both latest versions of the bot software 1.6.19 which has been released back in April 2008.

A posting on the Full Disclosure mailinglist goes into more detail, describing how one can at least crash vulnerable bots:

One possible exploit anyone can send to the IRC server to crash eggdrop:

PRIVMSG eggdrop :\1\1

The only resolution at this time is upgrading old bots with the provided fix.

mIRC Local DCC Issue: Exploit, Vulnerability or Neither? mIRC has seen issues with DCC exploits in the past....
Quassel IRC CTCP Command Injection Vulnerability Another day, another IRC client vulnerability... Res [...]...
phpDenora fixes XSS vulnerability After getting notified about a Cross-site scripting vul [...]...
KVIrc 3.4.0 irc:// URI handler format string vulnerability – reloaded No, not only mIRC has bugs ;) For the second...
BNC 2.8.9 remote buffer overflow The well known bouncer BNC contains a remote buffer ove...

http://cdn.irc-junkie.org/wp-content/plugins/sociofluid/images/digg_48.png

http://cdn.irc-junkie.org/wp-content/plugins/sociofluid/images/reddit_48.png

http://cdn.irc-junkie.org/wp-content/plugins/sociofluid/images/dzone_48.png

http://cdn.irc-junkie.org/wp-content/plugins/sociofluid/images/stumbleupon_48.png

http://cdn.irc-junkie.org/wp-content/plugins/sociofluid/images/delicious_48.png

http://cdn.irc-junkie.org/wp-content/plugins/sociofluid/images/blinklist_48.png

http://cdn.irc-junkie.org/wp-content/plugins/sociofluid/images/blogmarks_48.png

http://cdn.irc-junkie.org/wp-content/plugins/sociofluid/images/newsvine_48.png

http://cdn.irc-junkie.org/wp-content/plugins/sociofluid/images/technorati_48.png

http://cdn.irc-junkie.org/wp-content/plugins/sociofluid/images/google_48.png

http://cdn.irc-junkie.org/wp-content/plugins/sociofluid/images/myspace_48.png

http://cdn.irc-junkie.org/wp-content/plugins/sociofluid/images/facebook_48.png

http://cdn.irc-junkie.org/wp-content/plugins/sociofluid/images/yahoobuzz_48.png

http://cdn.irc-junkie.org/wp-content/plugins/sociofluid/images/twitter_48.png

Tags: Eggdrop, Hack, IRC, Software

This entry was posted on Friday, May 15th, 2009 at 5:56 pm and is filed under Hack, IRC, Software. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Vulnerability in Eggdrop / Windrop 1.6.19”

Elmaron Says:
May 20th, 2009 at 4:21 pm Quote
Those spreading CTCP parser bugs in multiple projects start to get ashaming I find (I also heard of Linkinus having issues, although not crashing).

IRC-Junkie.org – IRC News

Vulnerability in Eggdrop / Windrop 1.6.19

One Response to “Vulnerability in Eggdrop / Windrop 1.6.19”

Leave a Reply