Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: BitchX /ignore bug

From: dufresne () WINTERNET COM (Ron DuFresne)
Date: Thu, 6 Jul 2000 03:43:34 -0500

On Wed, 5 Jul 2000, Thomas Dullien wrote:


At 05:44 AM 7/5/2000 -0500, you wrote:


If I read this correctly, this is not an attack perse, but a self
annihilation is it not?  and while a bug, not something one can use to
take others ofline or server, please correct me if I read this wrong.


Erm...the user you invited will die. And yes, this can be remotely exploited
to run arbitrary code I guess, too... (depends on whether you can get
backslashes into channel names...)



seems at least efnet servers allow the required backslashes:

*** Users on #test/one: @^smoke

*** Users on #/test/one: @^smoke

Tis a nasty little mess fer sure,

Thanks,

Ron DuFresne

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.
Previous By Date Next
Previous By Thread Next

Current thread: