Re: Buffer overflow in BitchX-75p3 (Local)

[visi0n <visi0n () AUX-TECH NET>]

        There's no reason to leave BitchX suid, not leaving the topic off
of the message BitchX 1.0c18 has the same local bof found in BitchX 1.0c17
and prev , so "noc noc anybody home" ?
===============================================================================
visi0n
AUX Technologies
[www.aux-tech.net]

On Fri, 18 Feb 2000, Nelson Brito wrote:

> s1gnal_9 wrote:
> > Tested on Redhat 7.0
> >
> > A overflow occurs in the HOME environment.
> >
> > HOME=`perl -e '{print "A"x"3620"}'`
>
> A few years ago I found a overflow condition like that.
>
> Try to put in your own .ircrc:
> /nick blablabla
>
> And, then, execute BitchX. You'll see a Segmentatio Fault message.
>
> But, like you said:
> "This is not exploitable!
> Just a reminder to keep all your program like this one non-suid. I have believe
> it or not ran into admins that had BitchX suid...(yea I could'nt believe it
> either)."
>
> Sem mais,
> --
> Nelson Brito
> "Windows NT can also be protected from nmap OS detection scans thanks
> to *Nelson Brito* ..."
>               Trecho do livro "Hack Proofing your Network", p?gina 93