[10334] in bugtraq
Bug in Services for IRC Networks 4.2.2
daemon@ATHENA.MIT.EDU (Andy Church)
Fri Apr 23 13:23:51 1999
Message-Id: <371fe0b7.14226@crystal.dragonfire.net>
Date: Thu, 22 Apr 1999 22:53:42 EDT
Reply-To: Andy Church <achurch@DRAGONFIRE.NET>
From: Andy Church <achurch@DRAGONFIRE.NET>
To: BUGTRAQ@NETSPACE.ORG
A bug has been found in versions through 4.2.2 of Services for IRC
Networks which allows any IRC user to crash the program. The channel
service's SET SUCCESSOR command does not properly handle the case of no
parameters, and generates a segmentation fault attempting to access
address zero. This bug is believed to be present in all versions since
the SET SUCCESSOR command was introduced (in version 4.1.0).
A new version, 4.2.3, has been released which fixes this bug. Users
of prior versions of Services should upgrade immediately.
Services updates are always announced on the Services mailing list;
see http://achurch.dragonfire.net/services/about.html for information on
subscribing to the list.
--Andy Church
achurch@dragonfire.net
http://achurch.dragonfire.net/
