Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: BitchX /ignore bug

From: dufresne () WINTERNET COM (Ron DuFresne)
Date: Wed, 5 Jul 2000 05:44:05 -0500

If I read this correctly, this is not an attack perse, but a self
annihilation is it not?  and while a bug, not something one can use to
take others ofline or server, please correct me if I read this wrong.

Thanks,

Ron DuFresne

On Tue, 4 Jul 2000, Blue Boar wrote:


Rick Jansen wrote:


I don't know whether this is the right place to put it, but i'm going to
anyway :)


Yup, and probably Bugtraq, too.



Because of a simple /invite nickname #%s%s%s%s%s%s%s%s%s, BitchX will
segfault and coredump. This is a small programming error, you can find a
patch at this location:
http://root66.org/karin/BitchX-bug-patch-3-juli-2000.tar.gz by Frank van
Vliet, alias {}.


The subject: line says /ignore, I assume this problem only occurs
with /invite?  (I don't use IRC much.  /ignore wouldn't send
anything to the ignored party, would it?)

As a general question for vuln-dev:

I've seen a number of these print string vulnerabilities pop up
lately.  I gather that the programmer writes their printf or equiv
wrong, and these attacks are getting interpreted as formatting strings
somehow.

Can someone explain to me what goes on on a stack level?  Are these
exploitable (pushing code) instead of just crashing?

                                      BB



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.
Previous By Date Next
Previous By Thread Next

Current thread: