Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: ircii-pana (BitchX) 74p4 overflow
From: fudd () BRIAN GOT NET (Brian Weiss)
Date: Tue, 26 May 1998 22:24:09 -0700


On Mon, 25 May 1998, Michal Zalewski wrote:

Recently I found interesting overflow in dgets(...) function in one of the
most popular irc clients, BitchX 74p4 (by panasync). You can cause remote
client crash (and possibly much more) when you're fingered (/finger
built-in command) by victim - simply create eg. .plan with line longer
than 2 kbytes.  Depending on used line (ln /dev/urandom ~/.plan is nice),
client will crash with SEGV immediately or during any next '/' command...

Dumb, isn't it? For test purposes, /finger lcamtuf () shadow mud pl


Thanks for the report, although this problem has already been fixed in the
75 alpha versions. If you would like, you can obtain a 75aX binary through
one of two methods:

1. /ctcp q cdcc list - on efnet
2. ftp://brian.got.net/pub/BitchX

glibc and libc5 bins are available. Please keep in mind these are test
versions and are not stable. Thanks again for the report and the patch.
Keep up the good work.

.-
fudd () efnet
Brian Weiss



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]