Bugtraq mailing list archives
Re: More Detailed Info on the BitchX Format Bugs
From: RoboHak () PROTOVISION ORG (RoboHak)
Date: Sun, 9 Jul 2000 16:27:20 -0700
On Fri, Jul 07, 2000 at 03:22:20PM -0700, Ryan Russell wrote:
On Fri, 7 Jul 2000, RoboHak wrote:After some code auditing I found some other format bugs that only effected local commands. I had other things I had to do, and since the bugs were only locally exploitable, I waited a few hours until panasync (Colten Edwards) showed up on irc. The local bugs were not as simple to fix, so we discused the best way to go about fixing them. Once we had all the bugs we could find fixed, panasync commited them to our CVS repository.How about the /ban string passing, as reported in the vuln-dev list? Ryan
I have not been able to reproduce that in any recent version of BitchX. Old versions (prior to 73 if I recall correctly) had a format bug in the ban parsing code, but that was fixed long ago. If anyone has specific information on where the problem is or how to reproduce it, let me know. -- RoboHak RoboHak () protovision org | RoboHak () mediaone net -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GAT d-(--) s++:-- a-- C+++(++++) UL++++ UB++++ P+@ L+++(++++) E- W+++(--)$ N+@ o? K w--- O-- M-- V-- PS+ PE Y++@ PGP++@ t+ 5(+) X+@ R tv+@ b++@ DI+++ D++@ G e h! r-- y-- ------END GEEK CODE BLOCK------
Current thread:
- ftpd and setproctitle() Theo de Raadt (Jul 06)
- Re: ftpd and setproctitle() Kris Kennaway (Jul 06)
- More Detailed Info on the BitchX Format Bugs RoboHak (Jul 07)
- Re: More Detailed Info on the BitchX Format Bugs Ryan Russell (Jul 07)
- Re: More Detailed Info on the BitchX Format Bugs RoboHak (Jul 09)
- opieftpd setproctitle() patches Kris Kennaway (Jul 10)
- Remote DoS Attack in WircSrv Irc Server v5.07s Vulnerability Ussr Labs (Jul 10)
- Security Update: Denial of Service against irc-BX Technical Support (Jul 07)
- Out of order SMTP DATA commands incorrectly allow pass-through mode in some firewall smtp filters/proxies Lincoln Yeoh (Jul 08)
- Re: More Detailed Info on the BitchX Format Bugs Ryan Russell (Jul 07)
- Re: ftpd and setproctitle() D. J. Bernstein (Jul 07)
- Re: ftpd and setproctitle() Bernd Luevelsmeyer (Jul 07)
- Re: ftpd and setproctitle() Firstname Lastname (Jul 10)
- BitchX update Vincent Danen (Jul 07)
- Re: ftpd and setproctitle() Pavel Kankovsky (Jul 08)
- Re: ftpd and setproctitle() Bernd Luevelsmeyer (Jul 07)
- ANNOUNCE: PScan, a simple security scanner. Alan DeKok (Jul 07)
(Thread continues...)