|
|
Dalnet IRC Server "SUMMON" Buffer Overflow Vulnerability
Solution: Matt Conover <shok@cannabis.dataforce.net> provided this patch: Apply the patch to following to s_bsd.c: --- s_bsd.old.c Mon Nov 1 17:34:19 1999 +++ s_bsd.c Mon Nov 1 17:35:39 1999 @@ -2327,7 +2327,7 @@ sendto_one(who, wrerr, who->name); return; } - (void)sprintf(line, "ircd: Channel %s, by %s@%s (%s) %s\n\r", + (void)snprintf(line, sizeof(line), "ircd: Channel %s, by %s@%s (%s) %s\n\r", chname, who->user->username, who->user->host, who->name, who->info); if (write(fd, line, strlen(line)) != strlen(line)) { Currently the SecurityFocus staff are not ware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com. |
|
Privacy Statement |