[15654] in bugtraq

home help back first fref pref prev next nref lref last post

Re: BitchX - more on format bugs?

daemon@ATHENA.MIT.EDU (Christopher Schulte)
Thu Jul 6 13:29:57 2000

Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Message-Id:  <4.3.2.7.0.20000705151404.00c503f0@pop.schulte.org>
Date:         Wed, 5 Jul 2000 15:16:47 -0500
Reply-To: Christopher Schulte <christopher@SCHULTE.ORG>
From: Christopher Schulte <christopher@SCHULTE.ORG>
X-To:         "Forever shall I be." <zinx@LINUXFREAK.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  <Pine.LNX.4.21.0007031026250.437-200000@bliss.penguinpowere d.com>

At 10:34 AM 7/3/00 -0500, Forever shall I be. wrote:
>Well, I've not seen this posted to bugtraq yet, so here goes... BitchX has
>fallen victim to the infamous format bug... All unpatched versions of
>BitchX are apparently vulnerable (patch follows)..

There is also a patch for BitchX-75p3:

Instructions:

cd BitchX/source
patch < /path/to/75p3-format.patch

It should apply cleanly.  Then recompile bx and restart your client.

--- parse.c.orig        Fri Feb 26 11:01:55 1999
+++ parse.c     Mon Jul  3 05:17:14 2000
@@ -1030,7 +1030,7 @@
                                 bitchsay("Press Ctrl-K to join %s (%s)",
invite_channel, ArgList[2]);
                         else
                                 bitchsay("Press Ctrl-K to join %s",
invite_channel);
-                       logmsg(LOG_INVITE, from, 0, invite_channel);
+                       logmsg(LOG_INVITE, from, 0, "%s", invite_channel);
                 }
                 if (!(chan = lookup_channel(invite_channel, from_server, 0)))
                         if ((w_chan =
check_whowas_chan_buffer(invite_channel, 0)))
@@ -1097,7 +1097,7 @@
                         fudge_nickname(from_server);
                 if (get_int_var(AUTO_RECONNECT_VAR))
                         servercmd (NULL, sc, empty_string, NULL);
-               logmsg(LOG_KILL, from, 0, ArgList[1]?ArgList[1]:"(No Reason)");
+               logmsg(LOG_KILL, from, 0, "%s", ArgList[1]?ArgList[1]:"(No
Reason)");
         }
         update_all_status(current_window, NULL, 0);
  }

>--
>Zinx Verituse <zinx@linuxfreak.com>
>gpg (id 921B1558) (fp 5746 73A1 2184 A27A 9EC0  EDCC E132 BCEF 921B 1558)


--
Christopher Schulte | christopher@schulte.org
cell:612.986.4859   | home:651.225.4557 | fax: 651.315.3339
page:612.264.1115   | free:877.271.9245 | site: schulte.org

COMING SOON http://SchulteConsulting.COM/
reliable computer consulting at a fair price.
home help back first fref pref prev next nref lref last post