IRC: Bahamut Format String Exploit
This signature detects an attempt to exploit the format string vulnerability in the bahamut irc daemon and other irc daemons derived from the bahamut source. When compiled with debugging enabled, bahamut is vulnerable to a format string attack that can allow remote code execution as the user running bahamut. This can also false-positive on non-English chat traffic.
Extended Description
Behamut IRCd has been reported prone to remotely exploitable format string vulnerability. The issue presents itself when Behamut is compiled with DEBUGMODE defined. Reportedly a remote attacker may send malicious format specifiers to trigger an error. By passing specially crafted format specifiers through the IRC session, a remote attacker could potentially corrupt process memory and may have the ability to execute arbitrary code with the privileges of the affected daemon. It should be noted that IRC daemons that are derived from the Behamut source have also been reported vulnerable.
Affected Products
Andromede.net andromedeircd
Short Name
CHAT:IRC:INVALID:FORMAT-STR
Severity
Major
Recommended
False
Recommended Action
Drop
Category
CHAT
Keywords
Bahamut CVE-2003-0478 Exploit Format String bid:8038
Release Date
07/02/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Digatech
Dalnet
Ircd-ru!
Andromede.net
Methane
CVSS Score
10.0