[19484] in bugtraq
Re: Remote buffer overflow,
daemon@ATHENA.MIT.EDU (Piotr Kucharski)
Mon Mar 5 17:26:36 2001
Mail-Followup-To: Piotr Kucharski <chopin@sgh.waw.pl>,
BUGTRAQ@SECURITYFOCUS.COM, kl@snafu.de, ircd-users@irc.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-ID: <20010305223528.V16466@sgh.waw.pl>
Date: Mon, 5 Mar 2001 22:35:28 +0100
Reply-To: Piotr Kucharski <chopin@SGH.WAW.PL>
From: Piotr Kucharski <chopin@SGH.WAW.PL>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <3AA3C995.1B71DDFD@starzetz.de>; from paul@STARZETZ.DE on Mon,
Mar 05, 2001 at 06:15:01PM +0100
On Mon, Mar 05, 2001 at 06:15:01PM +0100, Paul Starzetz wrote:
> There are 3 major bugs in the current IRCd distribution (as used on the
> IRCnet for example).
First of all I want to emphasize that this is NOT current IRCnet IRCD, that
is vulnerable. All files in contrib/ directory are not part of IRCD daemon,
they are related to it.
> a) remote exploitable buffer overflow while querying tklines
> b) memory leck due to strdup'ing a string and not freeing the mem
These are so easy to fix that including diff would be an offence to every
bugtraq reader. Of course next version of IRCnet ircd will include fixed
tkserv.
> c) format string bug while reading the ircd's config file
Btw, that one was fixed Aug, 2000 by Marc Roger. Unfortunately, we haven't
released yet since then ;)
> 3. Solution
> See discussion. Do not request opered access to your tkserv.
> Update as soon as possible.
And please, next time give authors some time to fix things before
blowing up fireworks.
p.
/ircnet ircd maint./
