Full Disclosure: Re: bitchx exploit

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: bitchx exploit

From: Andrew Farmer <andfarm () teknovis com>
Date: Thu, 21 Apr 2005 10:24:06 -0700

On 20 Apr 2005, at 06:37, sk wrote:

 * --[ background
 *
 * BitchX contains an local exploitable Buffer Overflow condition.
 * Sometimes it is installed setUID to allow non-root users SSL
 * access for example and therfore it could be used by a mallicious
 * local user, to obtain root access. This code demonstrates the
 * described vulnerability and can be used to verify the bug on
 * your system(s).
 */


I have never, ever seen BitchX installed suid, and there's no reason
it would be. SSL clients work just fine without suid.

Attachment: PGP.sig
Description: This is a digitally signed message part

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

bitchx exploit sk (Apr 21)
- Re: bitchx exploit Andrew Farmer (Apr 21)
  - Re: bitchx exploit Valdis . Kletnieks (Apr 21)
- Message not available
  - Re: bitchx exploit Pablo Escobar (Apr 24)