Vulnerability Details : CVE-2007-2807
Public exploit exists!
Stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop 1.6.18, and possibly earlier, allows user-assisted, remote IRC servers to execute arbitrary code via a long private message.
Vulnerability category: OverflowExecute code
Products affected by CVE-2007-2807
- cpe:2.3:a:eggheads:eggdrop_irc_bot:*:*:*:*:*:*:*:*
- cpe:2.3:a:eggheads:eggdrop_irc_bot:1.6.13:*:*:*:*:*:*:*
- cpe:2.3:a:eggheads:eggdrop_irc_bot:1.6.14:*:*:*:*:*:*:*
- cpe:2.3:a:eggheads:eggdrop_irc_bot:1.6.15:*:*:*:*:*:*:*
- cpe:2.3:a:eggheads:eggdrop_irc_bot:1.6.10:*:*:*:*:*:*:*
- cpe:2.3:a:eggheads:eggdrop_irc_bot:1.6.11:*:*:*:*:*:*:*
- cpe:2.3:a:eggheads:eggdrop_irc_bot:1.6.12:*:*:*:*:*:*:*
- cpe:2.3:a:eggheads:eggdrop_irc_bot:1.6.16:*:*:*:*:*:*:*
- cpe:2.3:a:eggheads:eggdrop_irc_bot:1.6.17:*:*:*:*:*:*:*
- cpe:2.3:a:eggheads:eggdrop_irc_bot:1.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:eggheads:eggdrop_irc_bot:1.6.9:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-2807
2.94%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-2807
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
References for CVE-2007-2807
-
http://www.eggheads.org/bugzilla/show_bug.cgi?id=462
Page not found – EggheadsExploit
-
http://www.debian.org/security/2009/dsa-1826
[SECURITY] [DSA 1826-1] New eggdrop packages fix several vulnerabilities
-
http://www.debian.org/security/2008/dsa-1448
[SECURITY] [DSA 1448-1] New eggdrop packages fix arbitrary code execution
-
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00336.html
[SECURITY] Fedora 8 Update: eggdrop-1.6.18-12.fc8
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:175
Mandriva
-
http://security.gentoo.org/glsa/glsa-200709-07.xml
Eggdrop: Buffer overflow (GLSA 200709-07) — Gentoo security
-
http://securitytracker.com/id?1018700
Access Denied
-
http://www.securityfocus.com/bid/24070
-
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00348.html
[SECURITY] Fedora 7 Update: eggdrop-1.6.18-12.fc7
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=427157
#427157 - CVE-2007-2807: stack-based buffer overflow - Debian Bug report logs
Jump to