There is a buffer overflow condition in the ircd/s serv.c file of the ircd2.8.21 distribution and most likely exists in other versions. It is possible to exploit this by sending a very long string as the third parameter () to the SERVER command.