Re: Remote buffer overflow, remote DoS and format string bug in current IRCd's tkserv

[Piotr Kucharski <chopin () SGH WAW PL>]

On Mon, Mar 05, 2001 at 06:15:01PM +0100, Paul Starzetz wrote:
> There are 3 major bugs in the current IRCd distribution (as used on the
> IRCnet for example).

First of all I want to emphasize that this is NOT current IRCnet IRCD, that
is vulnerable. All files in contrib/ directory are not part of IRCD daemon,
they are related to it.

> a) remote exploitable buffer overflow while querying tklines
> b) memory leck due to strdup'ing a string and not freeing the mem

These are so easy to fix that including diff would be an offence to every
bugtraq reader. Of course next version of IRCnet ircd will include fixed
tkserv.

> c) format string bug while reading the ircd's config file

Btw, that one was fixed Aug, 2000 by Marc Roger. Unfortunately, we haven't
released yet since then ;)

> 3. Solution
> See discussion. Do not request opered access to your tkserv.
> Update as soon as possible.

And please, next time give authors some time to fix things before
blowing up fireworks.

p.

/ircnet ircd maint./