FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ngircd -- format string vulnerability

Affected packages
ngircd < 0.8.3


VuXML ID bc4a7efa-7d9a-11d9-a9e7-0001020eed82
Discovery 2005-02-03
Entry 2005-02-13

A No System Group security advisory reports that ngircd is vulnerable to a format string vulnerability in the Log_Resolver() function of log.c, if IDENT support is enabled. This could allow a remote attacker to execute arbitrary code with the permissions of the ngircd daemon, which is root by default.

Note: By default the FreeBSD ngircd port does not enable IDENT support.


Bugtraq ID 12434
CVE Name CVE-2005-0226