CVE-2009-1789
published 2009-05-26CVE-2009-1789: mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PRIVMSG…
PriorityP426medium4.3CVSS 2.0
AVNACMAuNCNINAP
EXPLOIT
EPSS
8.49%
94.3th percentile
mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PRIVMSG that causes an empty string to trigger a negative string length copy. NOTE: this issue exists because of an incorrect fix for CVE-2007-2807.
Affected
47 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | eggdrop | < eggdrop 1.6.19-1.2 (bookworm) | eggdrop 1.6.19-1.2 (bookworm) |
| eggheads | eggdrop | — | — |
| eggheads | eggdrop | — | — |
| eggheads | eggdrop | — | — |
| eggheads | eggdrop | — | — |
| eggheads | eggdrop | — | — |
| eggheads | eggdrop | — | — |
| eggheads | eggdrop | — | — |
| eggheads | eggdrop | — | — |
| eggheads | eggdrop | — | — |
| eggheads | eggdrop | — | — |
| eggheads | eggdrop | — | — |
| eggheads | eggdrop | — | — |
| eggheads | eggdrop | — | — |
| eggheads | eggdrop | — | — |
| eggheads | eggdrop | — | — |
| eggheads | eggdrop | — | — |
| eggheads | eggdrop | — | — |
| eggheads | eggdrop | — | — |
| eggheads | eggdrop | — | — |
| eggheads | eggdrop | >= 0 < 1.6.19-1.2 | 1.6.19-1.2 |
| eggheads | eggdrop | >= 0 < 1.6.19-1.2 | 1.6.19-1.2 |
| eggheads | eggdrop | >= 0 < 1.6.19-1.2 | 1.6.19-1.2 |
| eggheads | eggdrop | >= 0 < 1.6.19-1.2 | 1.6.19-1.2 |
| eggheads | eggdrop_irc_bot | <= 1.6.19 | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
eggdrop DoS (crash)
vendor_redhat·2009-05-26·CVSS 6.8
CVE-2009-1789 [MEDIUM] eggdrop DoS (crash)
eggdrop DoS (crash)
mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PRIVMSG that causes an empty string to trigger a negative string length copy. NOTE: this issue exists because of an incorrect fix for CVE-2007-2807.
Debian
CVE-2009-1789: eggdrop - mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier allo...
vendor_debian·2009·CVSS 6.8
CVE-2009-1789 [MEDIUM] CVE-2009-1789: eggdrop - mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier allo...
mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PRIVMSG that causes an empty string to trigger a negative string length copy. NOTE: this issue exists because of an incorrect fix for CVE-2007-2807.
Scope: local
bookworm: resolved (fixed in 1.6.19-1.2)
bullseye: resolved (fixed in 1.6.19-1.2)
forky: resolved (fixed in 1.6.19-1.2)
sid: resolved (fixed in 1.6.19-1.2)
trixie: resolved (fixed in 1.6.19-1.2)
GHSA
GHSA-v2pc-r45v-vq4h: mod/server
ghsa_unreviewed·2022-05-02·CVSS 6.8
CVE-2009-1789 [MEDIUM] GHSA-v2pc-r45v-vq4h: mod/server
mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PRIVMSG that causes an empty string to trigger a negative string length copy. NOTE: this issue exists because of an incorrect fix for CVE-2007-2807.
OSV
CVE-2009-1789: mod/server
osv·2009-05-26·CVSS 6.8
CVE-2009-1789 [MEDIUM] CVE-2009-1789: mod/server
mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PRIVMSG that causes an empty string to trigger a negative string length copy. NOTE: this issue exists because of an incorrect fix for CVE-2007-2807.
No detection rules found.
Bugzilla
CVE-2009-1789 eggdrop DoS (crash) [F9]
bugzilla·2009-05-26·CVSS 4.3
CVE-2009-1789 [MEDIUM] CVE-2009-1789 eggdrop DoS (crash) [F9]
CVE-2009-1789 eggdrop DoS (crash) [F9]
F9 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
You can eventually use the following link to create the update request:
https://admin.fedoraproject.org/updates/new/?request=Stable&type_=security&release=Fedora%209&bugs=502653,
---
Package: eggdrop-1.6.19-4.fc9 Tag: dist-f9-updates-candidate Status: complete
http://koji.fedoraproject.org/koji/buildinfo?buildID=103697
---
eggdrop-1.6.19-4.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/eggdrop-1.6.19-4.fc9
---
eggdrop-1.6.19-4.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
Bugzilla
CVE-2009-1789 eggdrop DoS (crash)
bugzilla·2009-05-26·CVSS 6.8
CVE-2009-1789 [MEDIUM] CVE-2009-1789 eggdrop DoS (crash)
CVE-2009-1789 eggdrop DoS (crash)
mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and
earlier allows remote attackers to cause a denial of service (crash)
via a crafted PRIVMSG that causes an empty string to trigger a
negative string length copy. NOTE: this issue exists because of an
incorrect fix for CVE-2007-2807.
http://secunia.com/advisories/35104
Discussion:
Created eggdrop tracking bugs for this issue
CVE-2009-1789 Affects: F10 [bug #502651]
CVE-2009-1789 Affects: F8 [bug #502652]
CVE-2009-1789 Affects: F9 [bug #502653]
CVE-2009-1789 Affects: Fdevel [bug #502654]
---
The upstream fix should be here:
http://cvs.eggheads.org/viewvc/viewvc.cgi/eggdrop1.6/src/mod/server.mod/servmsg.c?r1=1.100&r2=1.101
---
Package: eggdrop-1.6.19-4.fc12 Tag: dist-f12 Status: compl
Bugzilla
CVE-2009-1789 eggdrop DoS (crash) [F11]
bugzilla·2009-05-26·CVSS 4.3
CVE-2009-1789 [MEDIUM] CVE-2009-1789 eggdrop DoS (crash) [F11]
CVE-2009-1789 eggdrop DoS (crash) [F11]
F8 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
You can eventually use the following link to create the update request:
https://admin.fedoraproject.org/updates/new/?request=Stable&type_=security&release=Fedora%208&bugs=502652,
---
Well, Fedora 8 reached end-of-lifetime already a longer time ago. I'll use
this bug report for Fedora 11 so far ;-)
---
Package: eggdrop-1.6.19-4.fc11 Tag: dist-f11-updates-candidate Status: complete
http://koji.fedoraproject.org/koji/buildinfo?buildID=103695
---
Waiting for https://fedorahosted.org/rel-eng/ticket/1890 before closing.
---
eggdrop-1.6.19-4.fc11 successfully moved from dist-f11-updates-candidate into di
Bugzilla
CVE-2009-1789 eggdrop DoS (crash) [F10]
bugzilla·2009-05-26·CVSS 4.3
CVE-2009-1789 [MEDIUM] CVE-2009-1789 eggdrop DoS (crash) [F10]
CVE-2009-1789 eggdrop DoS (crash) [F10]
F10 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
You can eventually use the following link to create the update request:
https://admin.fedoraproject.org/updates/new/?request=Stable&type_=security&release=Fedora%2010&bugs=502651,
---
Package: eggdrop-1.6.19-4.fc10 Tag: dist-f10-updates-candidate Status: complete
http://koji.fedoraproject.org/koji/buildinfo?buildID=103696
---
eggdrop-1.6.19-4.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
Bugzilla
CVE-2009-1789 eggdrop DoS (crash) [Fdevel]
bugzilla·2009-05-26·CVSS 4.3
CVE-2009-1789 [MEDIUM] CVE-2009-1789 eggdrop DoS (crash) [Fdevel]
CVE-2009-1789 eggdrop DoS (crash) [Fdevel]
Fdevel tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
Package: eggdrop-1.6.19-4.fc12 Tag: dist-f12 Status: complete
http://koji.fedoraproject.org/koji/buildinfo?buildID=103694
http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0129.htmlhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528778http://cvs.eggheads.org/viewvc/viewvc.cgi/eggdrop1.6/doc/Changes1.6?revision=1.20&view=markuphttp://osvdb.org/54460http://secunia.com/advisories/35104http://secunia.com/advisories/35158http://secunia.com/advisories/35690http://www.debian.org/security/2009/dsa-1826http://www.mandriva.com/security/advisories?name=MDVSA-2009:126http://www.securityfocus.com/archive/1/503574http://www.securityfocus.com/bid/34985http://www.vupen.com/english/advisories/2009/1340https://exchange.xforce.ibmcloud.com/vulnerabilities/50547https://www.exploit-db.com/exploits/8695https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01333.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-May/msg01337.htmlhttp://archives.neohapsis.com/archives/fulldisclosure/2009-05/0129.htmlhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528778http://cvs.eggheads.org/viewvc/viewvc.cgi/eggdrop1.6/doc/Changes1.6?revision=1.20&view=markuphttp://osvdb.org/54460http://secunia.com/advisories/35104http://secunia.com/advisories/35158http://secunia.com/advisories/35690http://www.debian.org/security/2009/dsa-1826http://www.mandriva.com/security/advisories?name=MDVSA-2009:126http://www.securityfocus.com/archive/1/503574http://www.securityfocus.com/bid/34985http://www.vupen.com/english/advisories/2009/1340https://exchange.xforce.ibmcloud.com/vulnerabilities/50547https://www.exploit-db.com/exploits/8695https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01333.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-May/msg01337.html
2009-05-26
Published