At 10:34 AM 7/3/00 -0500, Forever shall I be. wrote:
>Well, I've not seen this posted to bugtraq yet, so here goes... BitchX has
>fallen victim to the infamous format bug... All unpatched versions of
>BitchX are apparently vulnerable (patch follows)..
There is also a patch for BitchX-75p3:
Instructions:
cd BitchX/source
patch < /path/to/75p3-format.patch
It should apply cleanly. Then recompile bx and restart your client.
--- parse.c.orig Fri Feb 26 11:01:55 1999
+++ parse.c Mon Jul 3 05:17:14 2000
@@ -1030,7 +1030,7 @@
bitchsay("Press Ctrl-K to join %s (%s)",
invite_channel, ArgList[2]);
else
bitchsay("Press Ctrl-K to join %s",
invite_channel);
- logmsg(LOG_INVITE, from, 0, invite_channel);
+ logmsg(LOG_INVITE, from, 0, "%s", invite_channel);
}
if (!(chan = lookup_channel(invite_channel, from_server, 0)))
if ((w_chan =
check_whowas_chan_buffer(invite_channel, 0)))
@@ -1097,7 +1097,7 @@
fudge_nickname(from_server);
if (get_int_var(AUTO_RECONNECT_VAR))
servercmd (NULL, sc, empty_string, NULL);
- logmsg(LOG_KILL, from, 0, ArgList[1]?ArgList[1]:"(No Reason)");
+ logmsg(LOG_KILL, from, 0, "%s", ArgList[1]?ArgList[1]:"(No
Reason)");
}
update_all_status(current_window, NULL, 0);
}
>--
>Zinx Verituse <zinx_at_linuxfreak.com>
>gpg (id 921B1558) (fp 5746 73A1 2184 A27A 9EC0 EDCC E132 BCEF 921B 1558)
--
Christopher Schulte | christopher_at_schulte.org
cell:612.986.4859 | home:651.225.4557 | fax: 651.315.3339
page:612.264.1115 | free:877.271.9245 | site: schulte.org
COMING SOON http://SchulteConsulting.COM/
reliable computer consulting at a fair price.
Received on Jul 06 2000
Intro
