RSS   Vulnerabilities for 'Dconnect daemon'   RSS

2006-08-14
 
CVE-2006-4127

CWE-Other
 

 
Multiple format string vulnerabilities in DConnect Daemon 0.7.0 and earlier allow remote administrators to execute arbitrary code via format string specifiers that are not properly handled when calling the (1) privmsg() or (2) pubmsg functions from (a) cmd.user.c, (b) penalties.c, or (c) cmd.dc.c.

 
 
CVE-2006-4126

CWE-Other
 

 
The dc_chat function in cmd.dc.c in DConnect Daemon 0.7.0 and earlier allows remote attackers to cause a denial of service (application crash) by sending a client message before providing the nickname, which triggers a null pointer dereference.

 
 
CVE-2006-4125

CWE-Other
 

 
Stack-based buffer overflow in main.c in DConnect Daemon 0.7.0 and earlier allows remote attackers to execute arbitrary code via a large nickname, which is not properly handled by the listen_thread_udp function.

 


Copyright 2024, cxsecurity.com

 

Back to Top