[6825] in bugtraq
ircii-pana (BitchX) 74p4 overflow
daemon@ATHENA.MIT.EDU (Michal Zalewski)
Tue May 26 17:09:33 1998
Date: Mon, 25 May 1998 11:25:02 +0200
Reply-To: Michal Zalewski <lcamtuf@BOSS.STASZIC.WAW.PL>
From: Michal Zalewski <lcamtuf@BOSS.STASZIC.WAW.PL>
To: BUGTRAQ@NETSPACE.ORG
Recently I found interesting overflow in dgets(...) function in one of the
most popular irc clients, BitchX 74p4 (by panasync). You can cause remote
client crash (and possibly much more) when you're fingered (/finger
built-in command) by victim - simply create eg. .plan with line longer
than 2 kbytes. Depending on used line (ln /dev/urandom ~/.plan is nice),
client will crash with SEGV immediately or during any next '/' command...
Dumb, isn't it? For test purposes, /finger lcamtuf@shadow.mud.pl
_______________________________________________________________________
Michal Zalewski [lcamtuf@boss.staszic.waw.pl] <= finger for pub PGP key
Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deutsch]
[echo "\$0&\$0">_;chmod +x _;./_] <=------=> [tel +48 (0) 22 813 25 86]
