IrcII DCC Chat Buffer Overflow Vulnerability

IrcII is a well-known Internet Relay Chat (IRC) client for unix. Version 4.4-7 and possibly previous versions are known to be vulnerable to a buffer overflow condition in their direct client-to-client (DCC) chat implementation. It may be possible to execute arbitrary code on a client attempting to initiate a dcc chat. Exploitation this vulnerability could result in a remote compromise with the privileges of the user running the ircII client.

This vulnerability was present in the "port" made available with FreeBSD. It is not installed by default.


 

Privacy Statement
Copyright 2010, SecurityFocus