Eggdev: [Bug 462] New: multiple buffer overflows in server module

bugzilla-daemon at bugzilla-daemon at
Thu Apr 19 20:56:41 CST 2007

           Summary: multiple buffer overflows in server module
           Product: Eggdrop 1.6
           Version: 1.6.18
          Platform: PC
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Module: server.mod
        AssignedTo: eggdev at
        ReportedBy: bow.sineath at

This email was sent to bugs@ several days ago, I thought it was worth posting
here. I searched and didn't see where anyone else had reported it
(surprisingly). Here goes:

I was taking a quick look at some of the code behind the eggie server module and
I ran across a few stack based overflows. I am incredibly surprised that no one
has reported these yet.

It seems that you are relying on the fact that the server the bot is connected
to is sane and not malicious, but I was able to exploit these flaws by opening a
netcat listener and connecting the bot to it, then sending whatever string I
needed to.

For example:

static int gotmsg(char *from, char *msg)
  char *to, buf[UHOSTLEN], *nick, ctcpbuf[512], *uhost = buf, *ctcp,
       *p, *p1, *code;


ignoring = match_ignore(from);
  to = newsplit(&msg);
  /* Only check if flood-ctcp is active */
  strcpy(uhost, from);

By sending the following string:


(thats 368 bytes)

gdb output:

Program received signal SIGSEGV, Segmentation fault.
[Switching to process 14990]
0x42424242 in ?? ()
(gdb) i r $eip
eip            0x42424242       0x42424242

You overwrite the instruction pointer with 0x42424242. It should be obvious that
this could allow remote code execution as well. I didn't spend too much time
looking at the rest of the code, this just happened to catch my eye while I was
glancing over it. I did notice a few others that were along the same lines as
this, but I didn't test them or document them, although I would be happy to do
if you want more information.

Given the fact that you have to convince someone to connect to a malicious
server, this isn't -THAT- serious, but if someone had the proper console
permissions or was able to coerce someone to connect their eggdrop to a 
malicious server, then it could result in a compromise.

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the Eggdev mailing list