[ngIRCd-ML] ngIRCd 0.8.3
alex at barton.de
Thu Feb 3 11:36:56 CET 2005
An other exploitable bug in ngIRCd has been found, so here is jet an
other update: ngIRCd 0.8.3 has been released!
The bug is only exploitable when the daemon is compiled to do IDENT
lookups, which is not the default configuration. If you don't use IDENT
lookups with your ngIRCd, you are safe. All other should update as soon
as possible as this bugs allows remote attackers to execute arbitrary
code with the priviledges of the ngIRCd.
The only change since version 0.8.2 is:
- Fixed a bug that could case a root exploit when the daemon is
compiled to do IDENT lookups and is logging to syslog. Bug
discovered by CoKi, <coki at nosystem.com.ar>, thanks a lot!
You can download ngIRCd 0.8.3 (~271 KB) from:
- <http://download.berlios.de/ngircd/ngircd-0.8.3.tar.gz> [soon ...]
And the patch from 0.8.2 to 0.8.3 (~3 KB) as well as GnuPG signatures
can be found here:
This release has been tagged as "rel-0-8-3" in the CVS.
Alexander Barton, Freiburg, Germany
alex at barton.de, http://www.barton.de/
More information about the ngIRCd-ML