Bugtraq mailing list archives
Re: Remote buffer overflow, remote DoS and format string bug in current IRCd's tkserv
From: Piotr Kucharski <chopin () SGH WAW PL>
Date: Mon, 5 Mar 2001 22:35:28 +0100
On Mon, Mar 05, 2001 at 06:15:01PM +0100, Paul Starzetz wrote:
There are 3 major bugs in the current IRCd distribution (as used on the IRCnet for example).
First of all I want to emphasize that this is NOT current IRCnet IRCD, that is vulnerable. All files in contrib/ directory are not part of IRCD daemon, they are related to it.
a) remote exploitable buffer overflow while querying tklines b) memory leck due to strdup'ing a string and not freeing the mem
These are so easy to fix that including diff would be an offence to every bugtraq reader. Of course next version of IRCnet ircd will include fixed tkserv.
c) format string bug while reading the ircd's config file
Btw, that one was fixed Aug, 2000 by Marc Roger. Unfortunately, we haven't released yet since then ;)
3. Solution See discussion. Do not request opered access to your tkserv. Update as soon as possible.
And please, next time give authors some time to fix things before blowing up fireworks. p. /ircnet ircd maint./
Current thread:
- Remote buffer overflow, remote DoS and format string bug in current IRCd's tkserv Paul Starzetz (Mar 05)
- Re: Remote buffer overflow, remote DoS and format string bug in current IRCd's tkserv Piotr Kucharski (Mar 05)