Launchpad.net

CVE 2007-3360

hook.c in BitchX 1.1-final allows remote IRC servers to execute arbitrary commands by sending a client certain data containing NICK and EXEC strings, which exceeds the bounds of a hash table, and injects an EXEC hook function that receives and executes shell commands.

Related bugs and status

CVE-2007-3360 (Candidate) is related to these bugs:

Bug #129771: remote IRC servers can execute arbitrary commands

		In	Importance	Status
129771	remote IRC servers can execute arbitrary commands	ircii-pana (Ubuntu)	Medium	Fix Released
129771	remote IRC servers can execute arbitrary commands	ircii-pana (Debian)	Unknown	Fix Released
129771	remote IRC servers can execute arbitrary commands	ircii-pana (Ubuntu Dapper)	Medium	Fix Released
129771	remote IRC servers can execute arbitrary commands	ircii-pana (Ubuntu Edgy)	Medium	Fix Released
129771	remote IRC servers can execute arbitrary commands	ircii-pana (Ubuntu Feisty)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

BID: 24579
SECUNIA: 25759
OSVDB: 37479
SECUNIA: 34870
SLACKWARE: SSA:2009-116-02
XF: bitchx-hook-command-ex...
EXPLOIT-DB: 4087