CVE-2007-3360

Name of the Vulnerable Software and Affected Versions BitchX version 1.1-final

Description The issue allows remote IRC servers to execute arbitrary commands by sending specific data containing NICK and EXEC strings. This data exceeds the bounds of a hash table and injects an EXEC hook function that receives and executes shell commands.

Recommendations For BitchX version 1.1-final, consider disabling the EXEC hook function as a temporary workaround until a patch is available. Restrict access to the hash table to minimize the risk of exploitation. Avoid using the NICK and EXEC strings in the affected IRC protocol implementation until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.