Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: BitchX /ignore bug

From: goat () PHOENIX ISN NET (Steve Mosher)
Date: Thu, 6 Jul 2000 22:44:21 -0300

        It's amazing how some code gets written. I'm glad that I was
"raised" in a security-conscious environment. I used to take it for
granted that coders always check for every possible weak point in their
code that they knew of, now I'm not so naive. How often does this happen? I
doubt it's laziness, or even ignorance -- some of these issues are pretty
obscure. Is it the teachers' fault, can anyone be blamed? More
importantly, is there anything (short of Java, or any change in language)
that can be done about it?
        Imagine how little we would know if this were
closed source. *Someone* would notice a segmentation violation sometime,
fire up a debugger, produce an exploit, and finally an advisory would be
written. We wouldn't really know a thing. Who knows how long these things
would go unpatched for?

On Thu, 06 Jul 2000, Keith Simonsen wrote:

Hi,

Those are front slashes, but backslashes work:

 Channel #\xff\xff\xff/bin/sh was created at Thu Jul  6 14:56:29 2000

In the ircd_defs.h file included with efnet ircd source the max channel
length is 200 bytes (#define CHANNELLEN      200)

hmm I also noticed the ban length is 1024... thats a lot of room, and is
passed to the client when joining a channel. I also tried setting bans
with %s and other formatting characters, it works...

Anyone want to check the BitchX code for how it parses bans when the
client joins the channel?


--
Shop smart, shop S-Mart!
        - Ash
Previous By Date Next
Previous By Thread Next

Current thread: