Re: BitchX exploit possibly waiting to happen, certain DoS

[spikeman () MYSELF COM (Spikeman)]

EPIC4pre2.500 == safe
Blackened 1.7.1 == safe
ircII 4.4 :ircii 2.9: AT&T you will (ojnk!) == safe
ircII 4.4J+ScrollZ v1.8i6/Public (27.1.2000)+Cdcc v1.8+OperMods v1.0 = safe

OutCasT wrote:

> > A temporary solution is to switch to another client, like ircII, which is
> > considered by many to be the more karmic client anyway.
> This hasn't been proven, nor has it been proven or announced that ircII
> or any other client wich derived from it is vunerable.
>
> As I said in the Vuln-dev list. BitchX originaly is a patched version of
> irc.. ircII maybe. If BitchX is vunerable. My guess is all other
> equevelants (like ircII-EPIC) could be in trouble to.
>
> As far as I can tell, nobody has looked into the other clients.
> At the moment I have no time. Any vulanteers?
> I am aware of patches. But not aware of auditing being performed on BitchX
> his/her brothers & sisters.
>
> My advice: Telnet
>
> Greetings,
>         Sacha Ligthert
>
> outcast@root66

--
     ___
    /\  \ phase two of global domination in operation, hide all lions.
   /::\  \
  /:/\:\  \ Comments or Questions email spikeman () myself com
 _\:\~\:\  \
/\ \:\ \:\__\ Spikeman      spikeman () myself com
\:\ \:\ \/__/    http://www.spikeman.net
 \:\ \:\__\    Find Me On EFNET /whois Spikeman
  \:\/:/  /
   \::/  /      Friends are lights in winter;
    \/__/ The older the friend, the brighter the light.