Bug 303311 (CVE-2007-4584)

Summary: CVE-2007-4584 Buffer overflow in IrcII by long MODE from server
Product: [Other] Security Response Reporter: Lubomir Kundrak <lkundrak>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: vcrhonek
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4584
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-09-24 15:47:40 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Lubomir Kundrak 2007-09-24 15:23:32 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-4584 to the following vulnerability:

Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC servers to execute arbitrary code via a long string in a MODE command, related to the p_mode variable.

References:

http://www.milw0rm.com/exploits/4321
http://www.securityfocus.com/bid/25462
http://www.frsirt.com/english/advisories/2007/2994
http://secunia.com/advisories/26578
http://xforce.iss.net/xforce/xfdb/36306
Comment 1 Lubomir Kundrak 2007-09-24 15:47:40 UTC 
This flaw does not affect version of IrcII as shipped in ircii package with Red
Hat Enterprise Linux version 2.1.