Форум АНТИЧАТ

Форум АНТИЧАТ (https://forum.antichat.xyz/index.php)
-   Чаты (https://forum.antichat.xyz/forumdisplay.php?f=10)
-   -   Cgi:irc <=0.5.7 переполнение буфера (https://forum.antichat.xyz/showthread.php?t=33199)

T0p 11.02.2007 22:17
Cgi:irc <=0.5.7 переполнение буфера
 
наткнулся на уязвимось ее описания не было на форуме, потому выложу

ЧАТ

CGI:IRC client.c Buffer Overflow Vulnerability
=============================
Release Date: 2006-05-02
Last Update: 2006-05-04

Description:
A vulnerability has been reported in CGI:IRC, which can be exploited by malicious users to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

The vulnerability is caused due to an error in client.c within the handling of the received cookie value. This can be exploited to cause a buffer overflow and may allow arbitrary code execution.

The vulnerability has been reported in version 0.5.7. Prior versions may also be affected.

Solution:
Update to version 0.5.8.

===========================

Вот код патчей
http://cvs.cgiirc.org/chngview?cn=283
http://cvs.cgiirc.org/chngview?cn=263

Я еще поразбираюсь...,, но может у кго-то есть уже готовый exploit.


Время: 06:35