OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: BitchX /ignore bug
From: Ron DuFresne (dufresneWINTERNET.COM)
Date: Wed Jul 05 2000 - 05:44:05 CDT

If I read this correctly, this is not an attack perse, but a self
annihilation is it not? and while a bug, not something one can use to
take others ofline or server, please correct me if I read this wrong.

Thanks,

Ron DuFresne

On Tue, 4 Jul 2000, Blue Boar wrote:

> Rick Jansen wrote:
> >
> > I don't know whether this is the right place to put it, but i'm going to
> > anyway :)
>
> Yup, and probably Bugtraq, too.
>
> >
> > Because of a simple /invite nickname #%s%s%s%s%s%s%s%s%s, BitchX will
> > segfault and coredump. This is a small programming error, you can find a
> > patch at this location:
> > http://root66.org/karin/BitchX-bug-patch-3-juli-2000.tar.gz by Frank van
> > Vliet, alias {}.
>
> The subject: line says /ignore, I assume this problem only occurs
> with /invite? (I don't use IRC much. /ignore wouldn't send
> anything to the ignored party, would it?)
>
> As a general question for vuln-dev:
>
> I've seen a number of these print string vulnerabilities pop up
> lately. I gather that the programmer writes their printf or equiv
> wrong, and these attacks are getting interpreted as formatting strings
> somehow.
>
> Can someone explain to me what goes on on a stack level? Are these
> exploitable (pushing code) instead of just crashing?
>
> BB
>

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D. Just don't touch anything.