Vulnerability Development mailing list archives
Re: BitchX /ignore bug
From: goat () PHOENIX ISN NET (Steve Mosher)
Date: Thu, 6 Jul 2000 22:44:21 -0300
It's amazing how some code gets written. I'm glad that I was "raised" in a security-conscious environment. I used to take it for granted that coders always check for every possible weak point in their code that they knew of, now I'm not so naive. How often does this happen? I doubt it's laziness, or even ignorance -- some of these issues are pretty obscure. Is it the teachers' fault, can anyone be blamed? More importantly, is there anything (short of Java, or any change in language) that can be done about it? Imagine how little we would know if this were closed source. *Someone* would notice a segmentation violation sometime, fire up a debugger, produce an exploit, and finally an advisory would be written. We wouldn't really know a thing. Who knows how long these things would go unpatched for? On Thu, 06 Jul 2000, Keith Simonsen wrote:
Hi, Those are front slashes, but backslashes work: Channel #\xff\xff\xff/bin/sh was created at Thu Jul 6 14:56:29 2000 In the ircd_defs.h file included with efnet ircd source the max channel length is 200 bytes (#define CHANNELLEN 200) hmm I also noticed the ban length is 1024... thats a lot of room, and is passed to the client when joining a channel. I also tried setting bans with %s and other formatting characters, it works... Anyone want to check the BitchX code for how it parses bans when the client joins the channel?
-- Shop smart, shop S-Mart! - Ash
Current thread:
- Re: BitchX /ignore bug Stephen J. Friedl (Jul 04)
- Re: BitchX /ignore bug Stephen J. Friedl (Jul 05)
- Re: BitchX /ignore bug Benjamin Karas (Jul 05)
- Re: BitchX /ignore bug Daniel Jacobowitz (Jul 05)
- <Possible follow-ups>
- Re: BitchX /ignore bug Thomas Dullien (Jul 05)
- Re: BitchX /ignore bug Ron DuFresne (Jul 06)
- Re: BitchX /ignore bug Keith Simonsen (Jul 06)
- Re: BitchX /ignore bug Steve Mosher (Jul 06)
- Re: BitchX /ignore bug Joe User (Jul 06)
- Re: BitchX /ignore bug Security Mail Acct. (Jul 06)
- wwwboard my help reveal user name and password Julian Linton (Jul 07)
- Re: wwwboard my help reveal user name and password Shelagh Pepper (Jul 07)
- Re: wwwboard my help reveal user name and password Shadowboxer (Jul 07)
- Re: wwwboard my help reveal user name and password Jason Legate (Jul 07)
- Re: wwwboard my help reveal user name and password Simon Hughes (Jul 11)
- Re: BitchX /ignore bug Ron DuFresne (Jul 06)
- About all the default password databases... Mikael Olsson (Jul 07)
- Re: About all the default password databases... Roelof Temmingh (Jul 07)
- Re: About all the default password databases... Jonathan Leto (Jul 07)