ngIRCd Remote Format String Vulnerability

ngIRCd is reported prone to a remote format string vulnerability. This issue presents itself because the application fails to properly sanitize user-supplied input prior to passing it as the format specifier to a formatted printing function.

A remote attacker may leverage this issue to write to arbitrary process memory, facilitating code execution. Any code execution would take place with superuser privileges.

ngIRCd 0.8.2 and prior versions are reported vulnerable to this issue.


Privacy Statement
Copyright 2010, SecurityFocus