绿盟科技NSFOCUS安全漏洞系统

安全研究

安全漏洞

Eggdrop服务器模块消息处理远程栈溢出漏洞

发布日期：2007-05-21
更新日期：2007-05-22

受影响系统：

Eggheads Eggdrop IRC bot 1.6.18

描述：

BUGTRAQ  ID: 24070
CVE(CAN) ID: CVE-2007-2807

Eggdrop是一款用C语言编写的开源IRC bot。

Eggdrop的服务器模块（/mod/server.mod/servrmsg.c）在处理IRC服务器所发送的私人消息时存在栈溢出漏洞，如果用户受骗连接到了恶意的IRC服务器并接收了向bot所回复的特制私人消息的话，就可能触发这个溢出，导致执行任意指令。

<*来源：Bow Sineath （bow.sineath@gmail.com）

  链接：http://secunia.com/advisories/25276/
        http://www.eggheads.org/bugzilla/long_list.cgi?buglist=462
        http://www.debian.org/security/2008/dsa-1448
*>

测试方法：

警告

以下程序(方法)可能带有攻击性，仅供安全研究与教学之用。使用者风险自负！

:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAABBBB PRIVMSG Lamestbot :test

建议：

厂商补丁：

Debian
------
Debian已经为此发布了一个安全公告（DSA-1448-1）以及相应补丁:
DSA-1448-1：New eggdrop packages fix execution of arbitrary code
链接：http://www.debian.org/security/2008/dsa-1448

补丁下载：
Source archives:

http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1.diff.gz
Size/MD5 checksum:    36928 cfaa50371d39bd8e2994e37fecc6ff86
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17.orig.tar.gz
Size/MD5 checksum:  1030413 a0f9befca240072e45cd57908bb819d0
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1.dsc
Size/MD5 checksum:      651 b3522add4d8a7d6ca05072fa2e733509

Architecture independent packages:

http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop-data_1.6.17-3sarge1_all.deb
Size/MD5 checksum:   410510 bb84e646defd5d2f29eef07a4bcddc35

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_alpha.deb
Size/MD5 checksum:   602006 bd5130ad50ff7a265a1a52bccf41ee4e

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_amd64.deb
Size/MD5 checksum:   535646 67bf2ced5e6c6b7fd36a4f31e0dd563f

arm architecture (ARM)

http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_arm.deb
Size/MD5 checksum:   494010 03361c7e85a481bf32991fab01ebc544

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_hppa.deb
Size/MD5 checksum:   594058 a7b7fedc13f8fff6812d02878c8ef871

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_i386.deb
Size/MD5 checksum:   470438 f3a8dde2d859cbd72cfa8a50ef7c500d

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_ia64.deb
Size/MD5 checksum:   733390 f5e186d15eb55594c203fc76f03fc6b4

m68k architecture (Motorola Mc680x0)

http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_m68k.deb
Size/MD5 checksum:   439430 876fa0049e3eae163c88f4fc21ef3991

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_mips.deb
Size/MD5 checksum:   514084 8a2c0716911a4f14a79525f4bda97558

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_mipsel.deb
Size/MD5 checksum:   516766 f9d2046d98a283c253b6bd0890e19a76

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_powerpc.deb
Size/MD5 checksum:   516616 5e26e11c8cc8248ab55abb047469268d

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_s390.deb
Size/MD5 checksum:   524026 e1a9c4e11d1ef39a5e9c95fa13b82d36

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_sparc.deb
Size/MD5 checksum:   496820 f6226930abbc54b1c9f6f12ca16b0c4b

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18.orig.tar.gz
Size/MD5 checksum:  1025608 c2734a51926bdf0380d8bb53f5a7b2ee
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1.dsc
Size/MD5 checksum:      642 51a806bb57b49ad48aaf33de7ee68a22
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1.diff.gz
Size/MD5 checksum:     7735 1a4235a0c37b8ceda4f9a6c7d959caac

Architecture independent packages:

http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop-data_1.6.18-1etch1_all.deb
Size/MD5 checksum:   412462 68732ebe9e8a2acc3c0f6d014c40117d

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1_alpha.deb
Size/MD5 checksum:   596918 34ee4259e293b79c6e070b0d6c674227

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1_amd64.deb
Size/MD5 checksum:   537278 1f50307bb1f23c45a66b2727b7f1def8

arm architecture (ARM)

http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1_arm.deb
Size/MD5 checksum:   498644 9df0fb22c80946159524c92b57427ffe

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1_hppa.deb
Size/MD5 checksum:   599774 1e37281849d63b4094cca6f80231f1df

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1_i386.deb
Size/MD5 checksum:   476308 cd53f77bd94f508fe22891368c7733a5

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1_ia64.deb
Size/MD5 checksum:   755256 3d0786df79f2a112a8ddf2c13b1a25b0

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1_mips.deb
Size/MD5 checksum:   534334 992714b10e468def8d919d374f99b1f1

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1_mipsel.deb
Size/MD5 checksum:   537058 d5a5471f4e5dd41638886c5747820a4f

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1_powerpc.deb
Size/MD5 checksum:   522180 9aed03927df0bfd92ce68f1832881cbc

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1_s390.deb
Size/MD5 checksum:   529796 224f6400c4c880fc6534e63ace1d1979

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1_sparc.deb
Size/MD5 checksum:   491240 4c0efbfedc4604ae67edaf8eae2f3229

补丁安装方法：

1. 手工安装补丁包：

  首先，使用下面的命令来下载补丁软件：
  # wget url  (url是补丁下载链接地址)

  然后，使用下面的命令来安装补丁：
  # dpkg -i file.deb (file是相应的补丁名)

2. 使用apt-get自动安装补丁包：

   首先，使用下面的命令更新内部数据库：
   # apt-get update

   然后，使用下面的命令安装更新软件包：
   # apt-get upgrade

Eggheads
--------
目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：

http://www.eggheads.org/

浏览次数：3146
严重程度：0（网友投票）

关于我们: 公司介绍; 公司荣誉; 公司新闻

联系我们: 公司总部; 分支机构; 海外机构

快速链接: 绿盟云; 绿盟威胁情报中心NTI; 技术博客