Bugtraq mailing list archives
Re: remote crash BitchX 1.0c16
From: ant () NOTATLA DEMON CO UK (Antonomasia)
Date: Wed, 5 Jul 2000 21:21:07 +0100
Colten Edwards <edwards bitchx.dimension6.com>:
There's a small bug in the latest BitchX in which a nasty user can invite you to a channel with a %s in it...
This is a classic case of printf(variable); where variable contains formatting chars.
For a crude Perl scanner for these bugs you could try http://www.notatla.demon.co.uk/SOFTWARE/SCANNER/argcount.plx which arose out of discussion on the linux security audit list. -- ############################################################## # Antonomasia ant () notatla demon co uk # # See http://www.notatla.demon.co.uk/ # ##############################################################
Current thread:
- Re: remote crash BitchX 1.0c16 Antonomasia (Jul 05)