PT-2007-2894 · Rhapsody · Rhapsody Irc

Starcadi

Published

2007-03-19

Updated

2018-10-16

CVE-2007-1503

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Rhapsody IRC version 0.28b

Description The issue involves multiple format string vulnerabilities in the comm.c file. These vulnerabilities allow remote attackers to execute arbitrary code via format string specifiers to the create ctcp message function. The attack vectors include the me and ctcp commands, and possibly the whois, mode, and topic commands, by providing malicious input as the message argument.

Recommendations For Rhapsody IRC version 0.28b, consider disabling the create ctcp message function or restricting the use of the me and ctcp commands until a patch is available. Additionally, limiting the input to the whois, mode, and topic commands may help minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-1503

Affected Products

Rhapsody Irc

PT-2007-2894 · Rhapsody · Rhapsody Irc

CVE-2007-1503

Related Identifiers

Affected Products

References · 5