www.IRC-Junkie.org - IRC News

A vulnerability in the Eggdrop and Windrop bot has been found which prompts a new release.

The vulnerabilitiy is present in both latest versions of the bot software 1.6.19 which has been released back in April 2008.

A posting on the Full Disclosure mailinglist goes into more detail, describing how one can at least crash vulnerable bots:

One possible exploit anyone can send to the IRC server to crash eggdrop:

PRIVMSG eggdrop :\1\1

The only resolution at this time is upgrading old bots with the provided fix.

Related posts

• Update on the Development of Eggdrop (0)
• UnrealIRCd updates their IRCd to 3.2.8.1 (0)
• Quassel IRC CTCP Command Injection Vulnerability (0)
• phpDenora fixes XSS vulnerability (0)
• Nettalk fixes crash bug and releases 6.6.4 (0)

Tags: Eggdrop, Hack, IRC, Software

This entry was posted on Friday, May 15th, 2009 at 5:56 pm and is filed under Hack, IRC, Software. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.