Vulnerability Description
hook.c in BitchX 1.1-final allows remote IRC servers to execute arbitrary commands by sending a client certain data containing NICK and EXEC strings, which exceeds the bounds of a hash table, and injects an EXEC hook function that receives and executes shell commands.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitchx | Bitchx | 1.1-final |
References
- http://osvdb.org/37479
- http://secunia.com/advisories/25759Vendor Advisory
- http://secunia.com/advisories/34870
- http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware
- http://www.securityfocus.com/bid/24579
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34969
- https://www.exploit-db.com/exploits/4087
- http://osvdb.org/37479
- http://secunia.com/advisories/25759Vendor Advisory
- http://secunia.com/advisories/34870
- http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware
- http://www.securityfocus.com/bid/24579
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34969
- https://www.exploit-db.com/exploits/4087
FAQ
What is CVE-2007-3360?
CVE-2007-3360 is a vulnerability with a CVSS score of 9.3 (HIGH). hook.c in BitchX 1.1-final allows remote IRC servers to execute arbitrary commands by sending a client certain data containing NICK and EXEC strings, which exceeds the bounds of a hash table, and inje...
How severe is CVE-2007-3360?
CVE-2007-3360 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3360?
Check the references section above for vendor advisories and patch information. Affected products include: Bitchx Bitchx.