[ngIRCd-ML] ngIRCd 0.8.3

Alexander Barton alex at barton.de
Thu Feb 3 11:36:56 CET 2005


Hi All!

An other exploitable bug in ngIRCd has been found, so here is jet an 
other update: ngIRCd 0.8.3 has been released!

The bug is only exploitable when the daemon is compiled to do IDENT 
lookups, which is not the default configuration. If you don't use IDENT 
lookups with your ngIRCd, you are safe. All other should update as soon 
as possible as this bugs allows remote attackers to execute arbitrary 
code with the priviledges of the ngIRCd.

The only change since version 0.8.2 is:

   - Fixed a bug that could case a root exploit when the daemon is
     compiled to do IDENT lookups and is logging to syslog. Bug
     discovered by CoKi, <coki at nosystem.com.ar>, thanks a lot!
     (http://www.nosystem.com.ar/advisories/advisory-11.txt)

You can download ngIRCd 0.8.3 (~271 KB) from:

   - <ftp://ftp.berlios.de/pub/ngircd/ngircd-0.8.3.tar.gz>
   - <ftp://Arthur.Ath.CX/pub/Users/alex/ngircd/ngircd-0.8.3.tar.gz>
   - <http://download.berlios.de/ngircd/ngircd-0.8.3.tar.gz>  [soon ...]

And the patch from 0.8.2 to 0.8.3 (~3 KB) as well as GnuPG signatures 
can be found here:

   - <ftp://ftp.berlios.de/pub/ngircd/>
   - <ftp://Arthur.Ath.CX/pub/Users/alex/ngircd/>

This release has been tagged as "rel-0-8-3" in the CVS.

Regards
Alex

-- 
Alexander Barton, Freiburg, Germany
alex at barton.de, http://www.barton.de/



More information about the ngIRCd-ML mailing list