[security/STBR?] BitchX

Michał J. Podyma misiek w r-h.pl
Sob, 15 Mar 2003, 20:18:46 CET


elo!

czy ktos moze puscic na buildery BitchX'a z HEAD'a

bug (bugtraq):

<ciach>
From: Timo Sirainen <tss w iki.fi>
To: bugtraq w securityfocus.com
Subject: Buffer overflows in ircII-based clients
Date: 14 Mar 2003 00:17:55 +0200

...


Let's state this clearly first: Regular USERS CANNOT EXPLOIT these bugs.
This means that these clients are safe when they're connected to
standard IRC servers. Connecting to special servers can cause problems
though. So it requires user to type /SERVER evil.server.org to exploit
these bugs. I don't think it's too difficult with a bit of social
engineering though.

Of course, man-in-the-middle can also exploit these.

There may be more problems than what I list below. ircII wasn't
originally written to be safe against malicious servers, so there's a
lot of code that needed fixing. My audit was only a quick look at the
clients, you may well find more.

...

BitchX 1.0c19
-------------

Full of sprintf() calls and relying on BIG_BUFFER_SIZE being large
enough. There's multiple ways to exploit it by giving
near-BIG_BUFFER_SIZE strings in various places.

...
</ciach>

-- 
Michał J. Podyma <michalp w r-h.pl> <michalp w cna.us.edu.pl> 
SySadmin @ R - H . PL    [ http://f.com.pl ]



Więcej informacji o liście dyskusyjnej pld-devel-pl