Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: BitchX /ignore bug
From: typo () SCENE AT (Firstname Lastname)
Date: Wed, 5 Jul 2000 03:56:09 +0200

On Wed, Jul 05, 2000 at 02:24:41AM +0200, Rick Jansen wrote:

Because of a simple /invite nickname #%s%s%s%s%s%s%s%s%s, BitchX will
segfault and coredump. This is a small programming error,


no its not.. its a fatal, and exploitable bug. and the rest of bitchx's code
doesn't look much better.. lets examine at the rest of parse.c,
just looking for completly similiar issues with logmsg:

parse.c:1033: warning: TESO: Insufficient Format arguments: logmsg(4/5).
parse.c:1100: warning: TESO: Insufficient Format arguments: logmsg(4/5).
parse.c:1033: logmsg(LOG_INVITE, from, 0, invite_channel);
parse.c:1100: logmsg(LOG_KILL, from, 0, ArgList[1]?ArgList[1]:"(No Reason)");

(when fixing code, fix the whole.. if thats too much work,
trash the code and start again.)

and umh.. my bugtraq post from months ago was refused, and i never got an
reply from the authors (bitchx mailinglist, that is):

BitchX privileged port dcc protection is susceptable to overflowing the
port argument (meaning: its ineffectual).

--
so much entropy, so little time

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]