|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: remote crash BitchX 1.0c16
From: Antonomasia (ant
NOTATLA.DEMON.CO.UK)Date: Wed Jul 05 2000 - 15:21:07 CDT
- Next message: Daniel Jacobowitz: "Re: proftp advisory"
- Previous message: Max Vision: "Re: proftp advisory"
- Maybe in reply to: Colten Edwards: "remote crash BitchX 1.0c16"
- Maybe reply: Antonomasia: "Re: remote crash BitchX 1.0c16"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Colten Edwards <edwards bitchx.dimension6.com>:
> There's a small bug in the latest BitchX in which a nasty user can invite
> you to a channel with a %s in it...
> This is a classic case of printf(variable); where variable contains
> formatting chars.
For a crude Perl scanner for these bugs you could try
http://www.notatla.demon.co.uk/SOFTWARE/SCANNER/argcount.plx
which arose out of discussion on the linux security audit list.
-- ############################################################## # Antonomasia ant
- Next message: Daniel Jacobowitz: "Re: proftp advisory"
- Previous message: Max Vision: "Re: proftp advisory"
- Maybe in reply to: Colten Edwards: "remote crash BitchX 1.0c16"
- Maybe reply: Antonomasia: "Re: remote crash BitchX 1.0c16"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]