FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ngircd -- format string vulnerability

Affected packages
ngircd < 0.8.3

Details

VuXML ID bc4a7efa-7d9a-11d9-a9e7-0001020eed82
Discovery 2005-02-03
Entry 2005-02-13

A No System Group security advisory reports that ngircd is vulnerable to a format string vulnerability in the Log_Resolver() function of log.c, if IDENT support is enabled. This could allow a remote attacker to execute arbitrary code with the permissions of the ngircd daemon, which is root by default.

Note: By default the FreeBSD ngircd port does not enable IDENT support.

References

Bugtraq ID 12434
CVE Name CVE-2005-0226
Message 20050203020909.21785.qmail@www.securityfocus.com

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.