|
Vulnerability Development
mailing list archives
Re: BitchX /ignore bug
From: BlueBoar () THIEVCO COM (Blue Boar)
Date: Tue, 4 Jul 2000 17:50:49 -0700
Rick Jansen wrote:
I don't know whether this is the right place to put it, but i'm going to
anyway :)
Yup, and probably Bugtraq, too.
Because of a simple /invite nickname #%s%s%s%s%s%s%s%s%s, BitchX will
segfault and coredump. This is a small programming error, you can find a
patch at this location:
http://root66.org/karin/BitchX-bug-patch-3-juli-2000.tar.gz by Frank van
Vliet, alias {}.
The subject: line says /ignore, I assume this problem only occurs
with /invite? (I don't use IRC much. /ignore wouldn't send
anything to the ignored party, would it?)
As a general question for vuln-dev:
I've seen a number of these print string vulnerabilities pop up
lately. I gather that the programmer writes their printf or equiv
wrong, and these attacks are getting interpreted as formatting strings
somehow.
Can someone explain to me what goes on on a stack level? Are these
exploitable (pushing code) instead of just crashing?
BB
 By Date 
By Thread
Current thread:
| 
Intro
