[7386] in bugtraq
espernet irc services
daemon@ATHENA.MIT.EDU (McClain Looney)
Sun Jul 26 14:21:55 1998
Date: Fri, 24 Jul 1998 19:05:35 -0500
Reply-To: McClain Looney <mcclain@STOMPED.COM>
From: McClain Looney <mcclain@STOMPED.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.3.96.980723225317.27018A-100000@shellz.netrevolution.com>
I didn't think anyone cared about irc, but seeing the mIRC posts on this
list, here goes:
Espernet irc services below version 3.3.5 are vulnerable to a bug in the
add/remove code for chanserv which causes a segmentation fault in the
server. The bug is not widely known or exploited (as far as i can tell),
but innocent users will likely crash any services daemon repeatedly, and at
random, (hey, this command didn't work, lets try it again, and again, and
again...etc). The bug manifests itself after an ordered series of
add/remove commands to chanserv (i won't get into what they are, but it's
definitely reproducible).
The latest version (3.3.6)of espernet services is at
ftp://ftp.dragonfire.net/software/unix/irc/services
-Citizen_D
irc.stomped.com
