Bugtraq mailing list archives

Security Update: Denial of Service against irc-BX

From: support () PHOENIX CALDERASYSTEMS COM (Technical Support)
Date: Fri, 7 Jul 2000 16:43:47 -0600


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________
                   Caldera Systems, Inc.  Security Advisory

Subject:                Denial of Service against irc-BX
Advisory number:        CSSA-2000-022.0
Issue date:             2000 July, 6
Cross reference:
______________________________________________________________________________

1. Problem Description

   The IRC client irc-BX (otherwise known as B*tchX) will accept
   bogus data from other IRC users that causes it to crash, and
   possibly even to execute malicious code.  An exploit has been
   published that will result in a crash of the IRC client.

2. Vulnerable Versions

   System                       Package
   -----------------------------------------------------------
   OpenLinux Desktop 2.3        All packages previous to
                                irc-BX-75p3-5

   OpenLinux eServer 2.3        All packages previous to
   and OpenLinux eBuilder       irc-BX-75p3-5

   OpenLinux eDesktop 2.4       All packages previous to
                                irc-BX-1.0-3

3. Solution

   Workaround:

   none known

   The proper solution is to upgrade to the fixed packages.

4. OpenLinux Desktop 2.3

   4.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/

       The corresponding source code package can be found at:

       ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS

   4.2 Verification

       1cdc1f1b8cd3ddb8f9547bd3b983d931  RPMS/irc-BX-75p3-5.i386.rpm
       8a3affcbb25d22bf909845b0a3d93794  SRPMS/irc-BX-75p3-5.src.rpm    

   4.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

          rpm -F irc-BX-75p3-5.i386.rpm

5. OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential 3.0

   5.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/

       The corresponding source code package can be found at:

       ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS

   5.2 Verification

       8d006667e597c6e89cdec61fb85ab878  RPMS/irc-BX-75p3-5.i386.rpm
       8a3affcbb25d22bf909845b0a3d93794  SRPMS/irc-BX-75p3-5.src.rpm

   5.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

          rpm -F irc-BX-75p3-5.i386.rpm

6. OpenLinux eDesktop 2.4

   6.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/

       The corresponding source code package can be found at:

       ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS

   6.2 Verification

       f13cf49d7e8eea02c2194865a37755db  RPMS/irc-BX-1.0c16-3.i386.rpm
       53423f8eb8efc5cd23f11d861218a45a  SRPMS/irc-BX-1.0c16-3.src.rpm

   6.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

            rpm -F irc-BX-1.0c16-3.i386.rpm

       Please ignore any messages about being unable to remove directories
       during the upgrade.

7. References

   This and other Caldera security resources are located at:

   http://www.calderasystems.com/support/security/index.html

   This security fix closes Caldera's internal Problem Report 7137.

8. Disclaimer

   Caldera Systems, Inc. is not responsible for the misuse of any of the
   information we provide on this website and/or through our security
   advisories. Our advisories are a service to our customers intended to
   promote secure installation and use of Caldera OpenLinux.

______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE5ZZQa18sy83A/qfwRAsvVAKClrU2t9+O3e9p6oWCHY8PRq8YPLgCfXkP9
lvnDqoc5itTANKDm1h++Svo=
=0ot7
-----END PGP SIGNATURE-----

Current thread:

ftpd and setproctitle() Theo de Raadt (Jul 06)
- Re: ftpd and setproctitle() Kris Kennaway (Jul 06)
- More Detailed Info on the BitchX Format Bugs RoboHak (Jul 07)
  - Re: More Detailed Info on the BitchX Format Bugs Ryan Russell (Jul 07)
    - Re: More Detailed Info on the BitchX Format Bugs RoboHak (Jul 09)
    - opieftpd setproctitle() patches Kris Kennaway (Jul 10)
    - Remote DoS Attack in WircSrv Irc Server v5.07s Vulnerability Ussr Labs (Jul 10)
  - Security Update: Denial of Service against irc-BX Technical Support (Jul 07)
  - Out of order SMTP DATA commands incorrectly allow pass-through mode in some firewall smtp filters/proxies Lincoln Yeoh (Jul 08)
- Re: ftpd and setproctitle() D. J. Bernstein (Jul 07)
  - Re: ftpd and setproctitle() Bernd Luevelsmeyer (Jul 07)
    - Re: ftpd and setproctitle() Firstname Lastname (Jul 10)
  - BitchX update Vincent Danen (Jul 07)
  - Re: ftpd and setproctitle() Pavel Kankovsky (Jul 08)
- ANNOUNCE: PScan, a simple security scanner. Alan DeKok (Jul 07)
- <Possible follow-ups>
- Re: ftpd and setproctitle() Roger Espel Llima (Jul 07)
  - Re: ftpd and setproctitle() Adam McKenna (Jul 07)
  - Security Update: symlink attack on makewhatis script possible Technical Support (Jul 07)

(Thread continues...)