Title: irc2 SERVER Command Argument Buffer Overflow Vulnerability
Severity: HIGH
Description:
irc2 is an internet relay chat server implementation, used by many irc servers around the globe.
A one byte buffer overflow condition has been reported for multiple irc daemons derived from the irc2 distribution.
The vulnerability is due to a lack of sufficient bounds checking on user supplied arguments to the server side 'SERVER' command.
An attacker may, depending on the compiler and optimization settings used to create the binary, exploit this condition to manipulate stack based memory resulting in a denial of service condition or execution of attacker supplied arbitrary code.
Arbitrary code would be executed in the security context of the ircd process.
Affected Products:
- DALnet Bahamut IRCd 4.4.10
- DALnet Bahamut IRCd 4.4.5
- irc2 irc2 2.8.21
References:
- Andy Church <achurch@dragonfire.net>: ircd buffer overflow
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
