T0p
11.02.2007, 22:17
наткнулся на уязвимось ее описания не было на форуме, потому выложу
ЧАТ
CGI:IRC client.c Buffer Overflow Vulnerability
=============================
Release Date: 2006-05-02
Last Update: 2006-05-04
Description:
A vulnerability has been reported in CGI:IRC, which can be exploited by malicious users to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
The vulnerability is caused due to an error in client.c within the handling of the received cookie value. This can be exploited to cause a buffer overflow and may allow arbitrary code execution.
The vulnerability has been reported in version 0.5.7. Prior versions may also be affected.
Solution:
Update to version 0.5.8.
===========================
Вот код патчей
http://cvs.cgiirc.org/chngview?cn=283
http://cvs.cgiirc.org/chngview?cn=263
Я еще поразбираюсь...,, но может у кго-то есть уже готовый exploit.
ЧАТ
CGI:IRC client.c Buffer Overflow Vulnerability
=============================
Release Date: 2006-05-02
Last Update: 2006-05-04
Description:
A vulnerability has been reported in CGI:IRC, which can be exploited by malicious users to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
The vulnerability is caused due to an error in client.c within the handling of the received cookie value. This can be exploited to cause a buffer overflow and may allow arbitrary code execution.
The vulnerability has been reported in version 0.5.7. Prior versions may also be affected.
Solution:
Update to version 0.5.8.
===========================
Вот код патчей
http://cvs.cgiirc.org/chngview?cn=283
http://cvs.cgiirc.org/chngview?cn=263
Я еще поразбираюсь...,, но может у кго-то есть уже готовый exploit.