IrcII DCC Chat Buffer Overflow Vulnerability

IrcII DCC Chat Buffer Overflow Vulnerability

IrcII is a well-known Internet Relay Chat (IRC) client for unix. Version 4.4-7 and possibly previous versions are known to be vulnerable to a buffer overflow condition in their direct client-to-client (DCC) chat implementation. It may be possible to execute arbitrary code on a client attempting to initiate a dcc chat. Exploitation this vulnerability could result in a remote compromise with the privileges of the user running the ircII client.

This vulnerability was present in the "port" made available with FreeBSD. It is not installed by default.