Ircd hybrid-6缓冲区溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1105509 漏洞类型 缓冲区溢出
发布时间 1999-08-13 更新时间 2005-05-02
CVE编号 CVE-1999-0679 CNNVD-ID CNNVD-199908-025
漏洞平台 Multiple CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/19459
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199908-025
|漏洞详情
通常用于EFnet的hybrid-6IRC存在缓冲区溢出漏洞。远程攻击者通过m_invite邀请选项可以执行命令。
|漏洞EXP
source: http://www.securityfocus.com/bid/581/info

Ircd hybrid-6 (up to beta 58) has a vulnerability which can allow remote access to the irc server (ircd). In most cases this attack results in the attacker gaining the privileges of the user 'irc'.

This vulnerability is in the invite handling code (m_invite). In a channel with operators (ops) and modes +pi (paranoid + invite-only), a channel invitation is reported to all other operators. The buffer used to store the invitation notice can be overflown by up to 15 bytes. 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/19459.tgz
|参考资料

来源:www.efnet.org
链接:http://www.efnet.org/archive/servers/hybrid/ChangeLog
来源:BID
名称:581
链接:http://www.securityfocus.com/bid/581