Signature Detail
Short Name |
CHAT:IRC:INVALID:FORMAT-STR |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
CHAT |
Keywords |
Bahamut Format String Exploit |
Release Date |
2003/07/01 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
IRC: Bahamut Format String Exploit
This signature detects an attempt to exploit the format string vulnerability in the bahamut irc daemon and other irc daemons derived from the bahamut source. When compiled with debugging enabled, bahamut is vulnerable to a format string attack that can allow remote code execution as the user running bahamut. This can also false-positive on non-English chat traffic.
Extended Description
Behamut IRCd has been reported prone to remotely exploitable format string vulnerability. The issue presents itself when Behamut is compiled with DEBUGMODE defined. Reportedly a remote attacker may send malicious format specifiers to trigger an error. By passing specially crafted format specifiers through the IRC session, a remote attacker could potentially corrupt process memory and may have the ability to execute arbitrary code with the privileges of the affected daemon. It should be noted that IRC daemons that are derived from the Behamut source have also been reported vulnerable.
Affected Products
- andromede.net AndromedeIRCd 1.2.3 -Release
- DALnet Bahamut IRCd 1.4.35
- digatech digatech IRCd 1.2.1
- ircd-RU! 1.0.6 -01-stable
- ircd-RU! 1.0.6 -02-stable
- ircd-RU! 1.0.6 -03-stable
- ircd-RU! 1.0.6 -release
- methane methane IRCd 0.1.1
References
- BugTraq: 8038
- CVE: CVE-2003-0478
- URL: http://www.securityfocus.com/archive/1/326917