FKIE_CVE-2009-1789
Vulnerability from fkie_nvd - Published: 2009-05-26 16:30 - Updated: 2026-04-23 00:35
Severity ?
Summary
mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PRIVMSG that causes an empty string to trigger a negative string length copy. NOTE: this issue exists because of an incorrect fix for CVE-2007-2807.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:eggheads:eggdrop:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B949FDB5-004E-4D1A-B231-B12B0530D8B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eggheads:eggdrop:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "122A9276-FBAE-4ACB-8B57-1F11316AE6CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eggheads:eggdrop:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "38C0C2B5-D834-481B-B0F4-52815D5F05D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eggheads:eggdrop:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0DA76910-DA6A-431E-A4D3-65F67B06DE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eggheads:eggdrop:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ADC43937-427B-440C-9057-81B030F703CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eggheads:eggdrop:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B9BC3A5-F83F-4A54-8F1D-01A26F4CE7FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eggheads:eggdrop:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "85C89850-5063-4A3F-AD36-A7BB9C277196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eggheads:eggdrop:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B027835C-D277-404A-8663-B11DAD15200A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eggheads:eggdrop:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2468A8A0-0916-40AF-B666-37F4E09D2F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eggheads:eggdrop:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A2FAD548-8685-4C1B-85EB-EDA5A3490A6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eggheads:eggdrop:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "591CEC1D-0E78-4F06-897E-5EFC6C3EB22D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eggheads:eggdrop:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8AFEFA8F-E0BD-4B16-91F0-0D0CCAFD9A0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eggheads:eggdrop:1.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "846E8578-2E43-40FB-AFBE-8002B3C6360F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eggheads:eggdrop:1.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A966576E-C1E1-413B-9BC7-13A581F8C278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eggheads:eggdrop:1.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "EC103352-44FE-4629-9E78-4398B8E621C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eggheads:eggdrop:1.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "392B2FDA-0BB1-4525-B892-96074BCD68D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eggheads:eggdrop:1.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "2A36497B-FC48-458D-9637-E5FD49DAD515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eggheads:eggdrop:1.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "19B44064-F334-42C0-AC66-B82DC2227857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eggheads:eggdrop:1.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "344C8A04-1E35-4F1D-8283-3E520867489C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eggheads:eggdrop:1.6.18:rc1:*:*:*:*:*:*",
"matchCriteriaId": "641DAB73-091A-45E2-850D-EB3E852645FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eggheads:eggdrop_irc_bot:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3ACCBBE9-03EC-496E-8163-1BEC53651211",
"versionEndIncluding": "1.6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:philip_moore:windrop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F67FC40-34BD-4266-85F8-10CEEE66C377",
"versionEndIncluding": "1.6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:philip_moore:windrop:1.4.4:*:final:*:*:*:*:*",
"matchCriteriaId": "8D6C2110-D8D8-4864-A556-E907B98E185F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:philip_moore:windrop:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F3D82640-7F8A-45F8-9B41-A09BB37B62A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:philip_moore:windrop:1.5.4:*:final:*:*:*:*:*",
"matchCriteriaId": "58730915-EE80-4CDF-9196-CC96B7835C27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:philip_moore:windrop:1.5.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BD84BF3B-F6D9-41CA-9A2C-F09F6F00B39F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:philip_moore:windrop:1.5.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D83AD2BC-CD73-4A85-8E12-E15EEE74D85F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:philip_moore:windrop:1.5.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "3774084D-7BB9-4F70-BDB3-FE7796EE513B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:philip_moore:windrop:1.6.0:*:final:*:*:*:*:*",
"matchCriteriaId": "0C86A3CE-5522-4924-B2B9-2C81710BEF82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:philip_moore:windrop:1.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "537EA552-06C8-4AFE-960D-468A70157318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:philip_moore:windrop:1.6.0:rc1-rel2:*:*:*:*:*:*",
"matchCriteriaId": "4112B1DF-6883-45B4-823A-145275FE672A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:philip_moore:windrop:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "98797B0A-5979-493D-968F-ED20F26F9EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:philip_moore:windrop:1.6.2\\+bindsfix:*:*:*:*:*:*:*",
"matchCriteriaId": "5239C772-554E-4E90-904C-499D419E87FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:philip_moore:windrop:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D43A10B-66AE-429B-B939-E3862D4F1EB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:philip_moore:windrop:1.6.4:sr1:*:*:*:*:*:*",
"matchCriteriaId": "75918B14-B217-47D1-988C-B47CFA6D142F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:philip_moore:windrop:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3115178C-6CF4-45B5-A84F-2D770DAFC600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:philip_moore:windrop:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "57740B2C-08DA-41E2-9F1B-69789A32DC76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:philip_moore:windrop:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8D02A42B-C8A5-46D4-9E59-F06D3490DCDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:philip_moore:windrop:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "02DFF7AE-89EF-4E1B-8EF6-D6505EC5CDCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:philip_moore:windrop:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D566B296-E828-4FF5-A6CC-3A4216EF4200",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:philip_moore:windrop:1.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "7380F17C-1AA5-4A02-A9FD-B7A45EE612CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:philip_moore:windrop:1.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "CB09FFB8-9A04-4874-823D-5140D2F0AC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:philip_moore:windrop:1.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "4D8D2814-F718-4EDE-B56F-D392FB7B534F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:philip_moore:windrop:1.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "CFCAF4B0-4C86-4C47-9C31-CFBAFFB8B739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:philip_moore:windrop:1.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBC15B0-5E0A-4B6D-AAE9-C25E59450BAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:philip_moore:windrop:1.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "AC921FD5-53F7-4430-8EFA-E7363597099A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:philip_moore:windrop:1.6.19\\+ctcpfix:*:*:*:*:*:*:*",
"matchCriteriaId": "E1724543-C2ED-48F3-8DEC-61CA586CB505",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PRIVMSG that causes an empty string to trigger a negative string length copy. NOTE: this issue exists because of an incorrect fix for CVE-2007-2807."
},
{
"lang": "es",
"value": "mod/server.mod/servmsg.c en Eggheads Eggdrop y Windrop v1.6.19 y anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un PRIVMSG manipulado que crea una cadena vac\u00eda que provoca una copia de longitud de cadena negativa. NOTA: esta vulnerabilidad existe por una incorrecta correcci\u00f3n del CVE-2007-2807."
}
],
"id": "CVE-2009-1789",
"lastModified": "2026-04-23T00:35:47.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-05-26T16:30:02.967",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0129.html"
},
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528778"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://cvs.eggheads.org/viewvc/viewvc.cgi/eggdrop1.6/doc/Changes1.6?revision=1.20\u0026view=markup"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/54460"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35104"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35158"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35690"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1826"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:126"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/503574"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34985"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1340"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50547"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/8695"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01333.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01337.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0129.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528778"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://cvs.eggheads.org/viewvc/viewvc.cgi/eggdrop1.6/doc/Changes1.6?revision=1.20\u0026view=markup"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/54460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/503574"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34985"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1340"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50547"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/8695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01333.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01337.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…