[MBT] new ticket for pkg ircii "Denial of service and possible execution of arbitary code"
bugs at pld.org.pl
bugs at pld.org.pl
Wed May 14 17:31:49 CEST 2003
Date: 2003-05-14 17:31:47+02 Author: (kreutzm) <kreutzm at itp.uni-hannover.de>
Title: Denial of service and possible execution of arbitary code
Ticket ID: #660
Ticket URL: http://bugs.pld.org.pl/?bug=660
Package: ircii-1:4.4Z-3
Distribution: PLD-1.0.main
Category: security problem
Current state: opened
Text:
>From DSA 291-1:
Timo Sirainen discovered several problems in ircII, a popular client for Internet Relay Chat (IRC). A malicious server could craft special reply strings, triggering the client to write beyond buffer boundaries. This could lead to a denial of service if the client only crashes, but may also lead to executing of arbitrary code under the user id of the chatting user.
More information about the pld-bugs
mailing list