Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: BitchX /ignore bug

From: dufresne () WINTERNET COM (Ron DuFresne)
Date: Fri, 7 Jul 2000 09:34:35 -0500

testing this on efent, and it's not possible at this time to test the
original length channel:  #%s%s%s%s%s%s%s%s%s, as it is closed down, but,
testing by adding a few more and less %s's as well as with %n's in channel
names with IRCII 2.8.2-EPIC2.002 shows no vulnerability to this attack.
Perhaps someone can clue me, is the length of the channel string fixed in
this assualt, or can it vary somewhat in length?  I'll try to do some
further testing on a private server I know of that I can work on better
later this weekend.

Thanks,

Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.
Previous By Date Next
Previous By Thread Next

Current thread: