Vulnerability Development mailing list archives
Re: BitchX /ignore bug
From: dufresne () WINTERNET COM (Ron DuFresne)
Date: Fri, 7 Jul 2000 09:34:35 -0500
testing this on efent, and it's not possible at this time to test the original length channel: #%s%s%s%s%s%s%s%s%s, as it is closed down, but, testing by adding a few more and less %s's as well as with %n's in channel names with IRCII 2.8.2-EPIC2.002 shows no vulnerability to this attack. Perhaps someone can clue me, is the length of the channel string fixed in this assualt, or can it vary somewhat in length? I'll try to do some further testing on a private server I know of that I can work on better later this weekend. Thanks, Ron DuFresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything.
Current thread:
- Re: BitchX /ignore bug, (continued)
- Re: BitchX /ignore bug Bluefish (Jul 07)
- Re: BitchX /ignore bug Slawek (Jul 07)
- Re: BitchX /ignore bug Arturo Busleiman (Jul 07)
- Re: BitchX /ignore bug Crispin Cowan (Jul 07)
- Re: BitchX /ignore bug Hogenberg, Richard (Jul 07)
- Re: BitchX /ignore bug Bluefish (Jul 07)
- Re: BitchX /ignore bug Schlachter, Jake (Jul 07)
- Re: BitchX /ignore bug Bluefish (Jul 08)
- Re: BitchX /ignore bug Christofer C. Bell (Jul 08)
- Re: BitchX /ignore bug Erich Meier (Jul 11)
- Re: BitchX /ignore bug Ron DuFresne (Jul 07)
- Re: BitchX /ignore bug Juan M. Courcoul (Jul 07)
- remote exploit Jim Stickley (Jul 07)
- Re: remote exploit Bluefish (Jul 08)
- Re: remote exploit Gerardo Richarte (Jul 10)
- Re: BitchX /ignore bug Matthew S. Hallacy (Jul 06)
- Updated Default Account Database Eric Knight (Jul 06)
- Re: Updated Default Account Database Jesus D. Muz@oz Largo (Jul 12)
- Re: Updated Default Account Database Nathan Einwechter (Jul 12)
- some things to play with Firstname Lastname (Jul 13)
- Re: some things to play with Vladimir Dubrovin (Jul 14)