muh IRC Log Format String Vulnerability

muh acts as a proxy between an irc client and server. To the irc server, the muh session appears as the irc client, and to the irc client, the muh session appears as an irc server.

One of muh's features is to log client messages if the client is disconnected.

Version 2.05 (and possibly earlier versions) are vulnerable to a format string bug which can be used to make muh crash if logged messages are replayed by the client. It is possible that this bug can also be exploited to execute arbitrary code with the privileges of the user running muh.


 

Privacy Statement
Copyright 2010, SecurityFocus