|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Piotr Kucharski (chopin
SGH.WAW.PL)Date: Mon Mar 05 2001 - 15:35:28 CST
On Mon, Mar 05, 2001 at 06:15:01PM +0100, Paul Starzetz wrote:
> There are 3 major bugs in the current IRCd distribution (as used on the
> IRCnet for example).
First of all I want to emphasize that this is NOT current IRCnet IRCD, that
is vulnerable. All files in contrib/ directory are not part of IRCD daemon,
they are related to it.
> a) remote exploitable buffer overflow while querying tklines
> b) memory leck due to strdup'ing a string and not freeing the mem
These are so easy to fix that including diff would be an offence to every
bugtraq reader. Of course next version of IRCnet ircd will include fixed
tkserv.
> c) format string bug while reading the ircd's config file
Btw, that one was fixed Aug, 2000 by Marc Roger. Unfortunately, we haven't
released yet since then ;)
> 3. Solution
> See discussion. Do not request opered access to your tkserv.
> Update as soon as possible.
And please, next time give authors some time to fix things before
blowing up fireworks.
p.
/ircnet ircd maint./
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]