| Name | CVE-2007-0160 |
| Description | Stack-based buffer overflow in the LiveJournal support (hooks/ljhook.cc) in CenterICQ 4.9.11 through 4.21.0, when using unofficial LiveJournal servers, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by adding the victim as a friend and using long (1) username and (2) real name strings. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| centericq | source | (unstable) | 4.21.0-17 | low | | |
Notes
[sarge] - centericq <no-dsa> (Not exploitable with official LiveJournal server)
The bug really exist but, is not exploitable because the LiveJournal server
has a length restriction on both the username (15 characters) and the real name
(50 characters). In my opnion is only exploitable if the user try connect in
fake LiveJournal server. All version of Debian centericq packages have a
compromised code.