Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: BitchX /ignore bug

From: typo () SCENE AT (Firstname Lastname)
Date: Wed, 5 Jul 2000 03:56:09 +0200

On Wed, Jul 05, 2000 at 02:24:41AM +0200, Rick Jansen wrote:

Because of a simple /invite nickname #%s%s%s%s%s%s%s%s%s, BitchX will
segfault and coredump. This is a small programming error,


no its not.. its a fatal, and exploitable bug. and the rest of bitchx's code
doesn't look much better.. lets examine at the rest of parse.c,
just looking for completly similiar issues with logmsg:

parse.c:1033: warning: TESO: Insufficient Format arguments: logmsg(4/5).
parse.c:1100: warning: TESO: Insufficient Format arguments: logmsg(4/5).
parse.c:1033: logmsg(LOG_INVITE, from, 0, invite_channel);
parse.c:1100: logmsg(LOG_KILL, from, 0, ArgList[1]?ArgList[1]:"(No Reason)");

(when fixing code, fix the whole.. if thats too much work,
trash the code and start again.)

and umh.. my bugtraq post from months ago was refused, and i never got an
reply from the authors (bitchx mailinglist, that is):

BitchX privileged port dcc protection is susceptable to overflowing the
port argument (meaning: its ineffectual).

--
so much entropy, so little time
Previous By Date Next
Previous By Thread Next

Current thread: