CVE-2007-0160

Name	CVE-2007-0160
Description	Stack-based buffer overflow in the LiveJournal support (hooks/ljhook.cc) in CenterICQ 4.9.11 through 4.21.0, when using unofficial LiveJournal servers, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by adding the victim as a friend and using long (1) username and (2) real name strings.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
centericq	source	(unstable)	4.21.0-17	low

Notes

[sarge] - centericq <no-dsa> (Not exploitable with official LiveJournal server)
The bug really exist but, is not exploitable because the LiveJournal server
has a length restriction on both the username (15 characters) and the real name
(50 characters). In my opnion is only exploitable if the user try connect in
fake LiveJournal server. All version of Debian centericq packages have a
compromised code.