Bugtraq mailing list archives
[RHSA-2000:042-01] BitchX denial of service vulnerability
From: bugzilla () REDHAT COM (bugzilla () REDHAT COM)
Date: Thu, 6 Jul 2000 12:39:00 -0400
--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: BitchX denial of service vulnerability Advisory ID: RHSA-2000:042-01 Issue date: 2000-07-06 Updated on: 2000-07-06 Product: Red Hat Powertools Keywords: DoS Cross references: N/A --------------------------------------------------------------------- 1. Topic: A denial of service vulnerability exists in BitchX. 2. Relevant releases/architectures: Red Hat Powertools 6.0 - i386, alpha, sparc Red Hat Powertools 6.1 - i386, alpha, sparc Red Hat Powertools 6.2 - i386, alpha, sparc 3. Problem description: A denial of service vulnerability exists in BitchX. Improper handling of incoming invitation messages can crash the client. Any user on IRC can send the client an invitation message that causes BitchX to segfault. 4. Solution: For each RPM for your particular architecture, run: rpm -Fvh [filename] where filename is the name of the RPM. 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): N/A 6. RPMs required: Red Hat Powertools 6.1: Red Hat Powertools 6.2: sparc: ftp://updates.redhat.com/powertools/6.2/sparc/BitchX-1.0c16-1.sparc.rpm alpha: ftp://updates.redhat.com/powertools/6.2/alpha/BitchX-1.0c16-1.alpha.rpm i386: ftp://updates.redhat.com/powertools/6.2/i386/BitchX-1.0c16-1.i386.rpm sources: ftp://updates.redhat.com/powertools/6.2/SRPMS/BitchX-1.0c16-1.src.rpm 7. Verification: MD5 sum Package Name -------------------------------------------------------------------------- ea54ae7d29be2abeb4e0252ad2e5a040 6.2/SRPMS/BitchX-1.0c16-1.src.rpm 7c517589b963bbf9a42025cbd216fcdb 6.2/alpha/BitchX-1.0c16-1.alpha.rpm 93a409b68bdef05468a86bfdae2cb8d5 6.2/i386/BitchX-1.0c16-1.i386.rpm 2317c93fa3ed3a0ee0566ecd1c6d98ad 6.2/sparc/BitchX-1.0c16-1.sparc.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg <filename> 8. References: Thanks to Colten Edwards <edwards () bitchx dimension6 com> for making us aware of the problem.
Current thread:
- Re: ftpd: the advisory version, (continued)
- Re: ftpd: the advisory version monti (Jul 05)
- Re: ftpd: the advisory version D. J. Bernstein (Jul 06)
- Re: ftpd: the advisory version monti (Jul 07)
- Re: ftpd: the advisory version Mikael Olsson (Jul 07)
- Re: ftpd: the advisory version David Maxwell (Jul 07)
- Re: ftpd: the advisory version D. J. Bernstein (Jul 10)
- Re: ftpd: the advisory version Richard Rager (Jul 11)
- Infosec.20000712.worldclient.2.1 Rikard Carlsson (Jul 12)
- ANNOUNCE Apache::ASP v1.95 - Security Hole Fixed J C (Jul 10)
- Re: ftpd: the advisory version monti (Jul 05)
- Novell Border Manger - Anyone can pose as an authenticated user Coward, Anonymous (Jul 07)