Bugtraq mailing list archives
Re: BitchX - more on format bugs?
From: christopher () SCHULTE ORG (Christopher Schulte)
Date: Wed, 5 Jul 2000 15:16:47 -0500
At 10:34 AM 7/3/00 -0500, Forever shall I be. wrote:
Well, I've not seen this posted to bugtraq yet, so here goes... BitchX has fallen victim to the infamous format bug... All unpatched versions of BitchX are apparently vulnerable (patch follows)..
There is also a patch for BitchX-75p3: Instructions: cd BitchX/source patch < /path/to/75p3-format.patch It should apply cleanly. Then recompile bx and restart your client. --- parse.c.orig Fri Feb 26 11:01:55 1999 +++ parse.c Mon Jul 3 05:17:14 2000 @@ -1030,7 +1030,7 @@ bitchsay("Press Ctrl-K to join %s (%s)", invite_channel, ArgList[2]); else bitchsay("Press Ctrl-K to join %s", invite_channel); - logmsg(LOG_INVITE, from, 0, invite_channel); + logmsg(LOG_INVITE, from, 0, "%s", invite_channel); } if (!(chan = lookup_channel(invite_channel, from_server, 0))) if ((w_chan = check_whowas_chan_buffer(invite_channel, 0))) @@ -1097,7 +1097,7 @@ fudge_nickname(from_server); if (get_int_var(AUTO_RECONNECT_VAR)) servercmd (NULL, sc, empty_string, NULL); - logmsg(LOG_KILL, from, 0, ArgList[1]?ArgList[1]:"(No Reason)"); + logmsg(LOG_KILL, from, 0, "%s", ArgList[1]?ArgList[1]:"(No Reason)"); } update_all_status(current_window, NULL, 0); }
-- Zinx Verituse <zinx () linuxfreak com> gpg (id 921B1558) (fp 5746 73A1 2184 A27A 9EC0 EDCC E132 BCEF 921B 1558)
-- Christopher Schulte | christopher () schulte org cell:612.986.4859 | home:651.225.4557 | fax: 651.315.3339 page:612.264.1115 | free:877.271.9245 | site: schulte.org COMING SOON http://SchulteConsulting.COM/ reliable computer consulting at a fair price.
Current thread:
- Re: BitchX - more on format bugs? Christopher Schulte (Jul 05)