Bugtraq mailing list archives
ircii-pana (BitchX) 74p4 overflow
From: lcamtuf () BOSS STASZIC WAW PL (Michal Zalewski)
Date: Mon, 25 May 1998 11:25:02 +0200
Recently I found interesting overflow in dgets(...) function in one of the most popular irc clients, BitchX 74p4 (by panasync). You can cause remote client crash (and possibly much more) when you're fingered (/finger built-in command) by victim - simply create eg. .plan with line longer than 2 kbytes. Depending on used line (ln /dev/urandom ~/.plan is nice), client will crash with SEGV immediately or during any next '/' command... Dumb, isn't it? For test purposes, /finger lcamtuf () shadow mud pl _______________________________________________________________________ Michal Zalewski [lcamtuf () boss staszic waw pl] <= finger for pub PGP key Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deutsch] [echo "\$0&\$0">_;chmod +x _;./_] <=------=> [tel +48 (0) 22 813 25 86]
Current thread:
- ircii-pana (BitchX) 74p4 overflow Michal Zalewski (May 25)
- ircii-pana (BitchX) 74p4 overflow - exploit/fix Michal Zalewski (May 25)
- Re: ircii-pana (BitchX) 74p4 overflow - exploit/fix Richard Braakman (May 28)
- Re: ircii-pana (BitchX) 74p4 overflow Brian Weiss (May 26)
- IRIX 6.3 NetWare Client 1.0 Vulnerabilities SGI Security Coordinator (May 27)
- IRIX 6.4 diskperf/diskalign Vulnerabilities SGI Security Coordinator (May 27)
- <Possible follow-ups>
- Re: ircii-pana (BitchX) 74p4 overflow Rich Lafferty (May 27)
- Re: ircii-pana (BitchX) 74p4 overflow Brian Weiss (May 27)
- ircii-pana (BitchX) 74p4 overflow - exploit/fix Michal Zalewski (May 25)