The PRIVMSG command is limited by irc servers and it cannot be bigger then this limmit. But, the epic mail client, and BitchX too, dont verify the size os this menssage. Using evil servers or hijacking connections, is possible to send private messages larger then alloced memory and execute commands remotly. It's a stack based overflow (tested in epic) and it's very simple to be exploited. Reproducible: Always Steps to Reproduce: 1.create a bounce server (or a simple fake server) 2.connect it 3.send a larger privmsg Actual Results: there's a a public exploit for this vulnerability in http://www.netric.be/exploits/gespuis.c
Version bump to 1.1.12 should close this bug. Renaming the ebuild works. No need to submit patch. chuck
Version bumped. Now in cvs.