Bugtraq mailing list archives
Re: ircii-pana (BitchX) 74p4 overflow
From: fudd () BRIAN GOT NET (Brian Weiss)
Date: Tue, 26 May 1998 22:24:09 -0700
On Mon, 25 May 1998, Michal Zalewski wrote:
Recently I found interesting overflow in dgets(...) function in one of the most popular irc clients, BitchX 74p4 (by panasync). You can cause remote client crash (and possibly much more) when you're fingered (/finger built-in command) by victim - simply create eg. .plan with line longer than 2 kbytes. Depending on used line (ln /dev/urandom ~/.plan is nice), client will crash with SEGV immediately or during any next '/' command... Dumb, isn't it? For test purposes, /finger lcamtuf () shadow mud pl
Thanks for the report, although this problem has already been fixed in the 75 alpha versions. If you would like, you can obtain a 75aX binary through one of two methods: 1. /ctcp q cdcc list - on efnet 2. ftp://brian.got.net/pub/BitchX glibc and libc5 bins are available. Please keep in mind these are test versions and are not stable. Thanks again for the report and the patch. Keep up the good work. .- fudd@efnet Brian Weiss
Current thread:
- ircii-pana (BitchX) 74p4 overflow Michal Zalewski (May 25)
- ircii-pana (BitchX) 74p4 overflow - exploit/fix Michal Zalewski (May 25)
- Re: ircii-pana (BitchX) 74p4 overflow - exploit/fix Richard Braakman (May 28)
- Re: ircii-pana (BitchX) 74p4 overflow Brian Weiss (May 26)
- IRIX 6.3 NetWare Client 1.0 Vulnerabilities SGI Security Coordinator (May 27)
- IRIX 6.4 diskperf/diskalign Vulnerabilities SGI Security Coordinator (May 27)
- <Possible follow-ups>
- Re: ircii-pana (BitchX) 74p4 overflow Rich Lafferty (May 27)
- Re: ircii-pana (BitchX) 74p4 overflow Brian Weiss (May 27)
- ircii-pana (BitchX) 74p4 overflow - exploit/fix Michal Zalewski (May 25)