BlueBoarTHIEVCO.COM

• Next message: Guilherme Mesquita: "RES: Maximum Linux Security (d/l)"
• Previous message: Rick Jansen: "BitchX /ignore bug"
• In reply to: Rick Jansen: "BitchX /ignore bug"
• Next in thread: Ron DuFresne: "Re: BitchX /ignore bug"
• Next in thread: Firstname Lastname: "Re: BitchX /ignore bug"
• Reply: Blue Boar: "Re: BitchX /ignore bug"
• Reply: Ron DuFresne: "Re: BitchX /ignore bug"
• Reply: Ryan Yagatich: "Re: BitchX /ignore bug"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Rick Jansen wrote:
>
> I don't know whether this is the right place to put it, but i'm going to
> anyway :)

Yup, and probably Bugtraq, too.

>
> Because of a simple /invite nickname #%s%s%s%s%s%s%s%s%s, BitchX will
> segfault and coredump. This is a small programming error, you can find a
> patch at this location:
> http://root66.org/karin/BitchX-bug-patch-3-juli-2000.tar.gz by Frank van
> Vliet, alias {}.

The subject: line says /ignore, I assume this problem only occurs
with /invite? (I don't use IRC much. /ignore wouldn't send
anything to the ignored party, would it?)

As a general question for vuln-dev:

I've seen a number of these print string vulnerabilities pop up
lately. I gather that the programmer writes their printf or equiv
wrong, and these attacks are getting interpreted as formatting strings
somehow.

Can someone explain to me what goes on on a stack level? Are these
exploitable (pushing code) instead of just crashing?

                                        BB

• Next message: Guilherme Mesquita: "RES: Maximum Linux Security (d/l)"
• Previous message: Rick Jansen: "BitchX /ignore bug"
• In reply to: Rick Jansen: "BitchX /ignore bug"
• Next in thread: Ron DuFresne: "Re: BitchX /ignore bug"
• Next in thread: Firstname Lastname: "Re: BitchX /ignore bug"
• Reply: Blue Boar: "Re: BitchX /ignore bug"
• Reply: Ron DuFresne: "Re: BitchX /ignore bug"
• Reply: Ryan Yagatich: "Re: BitchX /ignore bug"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]