Epic CTCP Nickname Server Message Buffer Overrun Vulnerability

Epic CTCP Nickname Server Message Buffer Overrun Vulnerability

Solution:
Debian has released an advisory (DSA 399-1) to address this issue. Please see the attached advisory for details on obtaining and applying fixes.

Red Hat has released a security advisory (RHSA-2003-342) that includes fixes to address this issue. Users are advised to upgrade as soon as possible.

The vendor has released a patch.

Fixes:

Epic Epic4 pre2.002

Epic alloca_underrun-patch-1
ftp://ftp.prbh.org/pub/epic/patches/alloca_underrun-patch-1

Epic Epic4 pre2.003

Epic alloca_underrun-patch-1
ftp://ftp.prbh.org/pub/epic/patches/alloca_underrun-patch-1

Epic Epic4 1.0.1

Epic alloca_underrun-patch-1
ftp://ftp.prbh.org/pub/epic/patches/alloca_underrun-patch-1

Red Hat epic-1.0.1-15.7.x.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/epic-1.0.1-15.7.x.i386.rpm

Red Hat epic-1.0.1-15.8.0.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/epic-1.0.1-15.8.0.i386.rpm

Red Hat epic-1.0.1-15.9.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/epic-1.0.1-15.9.i386.rpm

Epic Epic4 1.1.10

Epic alloca_underrun-patch-1
ftp://ftp.prbh.org/pub/epic/patches/alloca_underrun-patch-1

Epic Epic4 1.1.11

Epic alloca_underrun-patch-1
ftp://ftp.prbh.org/pub/epic/patches/alloca_underrun-patch-1

Epic Epic4 1.1.2 .20020219

Debian epic4_1.1.2.20020219-2.2_alpha.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020 219-2.2_alpha.deb

Debian epic4_1.1.2.20020219-2.2_arm.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020 219-2.2_arm.deb

Debian epic4_1.1.2.20020219-2.2_hppa.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020 219-2.2_hppa.deb

Debian epic4_1.1.2.20020219-2.2_i386.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020 219-2.2_i386.deb

Debian epic4_1.1.2.20020219-2.2_ia64.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020 219-2.2_ia64.deb

Debian epic4_1.1.2.20020219-2.2_m68k.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020 219-2.2_m68k.deb

Debian epic4_1.1.2.20020219-2.2_mips.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020 219-2.2_mips.deb

Debian epic4_1.1.2.20020219-2.2_mipsel.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020 219-2.2_mipsel.deb

Debian epic4_1.1.2.20020219-2.2_powerpc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020 219-2.2_powerpc.deb

Debian epic4_1.1.2.20020219-2.2_s390.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020 219-2.2_s390.deb

Debian epic4_1.1.2.20020219-2.2_sparc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020 219-2.2_sparc.deb

Epic Epic4 1.1.3

Epic alloca_underrun-patch-1
ftp://ftp.prbh.org/pub/epic/patches/alloca_underrun-patch-1

Epic Epic4 1.1.4

Epic alloca_underrun-patch-1
ftp://ftp.prbh.org/pub/epic/patches/alloca_underrun-patch-1

Epic Epic4 1.1.5

Epic alloca_underrun-patch-1
ftp://ftp.prbh.org/pub/epic/patches/alloca_underrun-patch-1

Epic Epic4 1.1.6

Epic alloca_underrun-patch-1
ftp://ftp.prbh.org/pub/epic/patches/alloca_underrun-patch-1

Epic Epic4 1.1.7 .20020907

Epic alloca_underrun-patch-1
ftp://ftp.prbh.org/pub/epic/patches/alloca_underrun-patch-1

Epic Epic4 1.1.7

Epic alloca_underrun-patch-1
ftp://ftp.prbh.org/pub/epic/patches/alloca_underrun-patch-1