[15672] in bugtraq
Re: BitchX exploit possibly waiting to happen, certain DoS
daemon@ATHENA.MIT.EDU (OutCasT)
Thu Jul 6 17:03:20 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.BSF.4.05.10007060011210.73818-100000@cuba.xs4all.nl>
Date: Thu, 6 Jul 2000 00:13:00 +0200
Reply-To: OutCasT <outcast@CUBA.XS4ALL.NL>
From: OutCasT <outcast@CUBA.XS4ALL.NL>
To: BUGTRAQ@SECURITYFOCUS.COM
>A temporary solution is to switch to another client, like ircII, which is
>considered by many to be the more karmic client anyway.
This hasn't been proven, nor has it been proven or announced that ircII
or any other client wich derived from it is vunerable.
As I said in the Vuln-dev list. BitchX originaly is a patched version of
irc.. ircII maybe. If BitchX is vunerable. My guess is all other
equevelants (like ircII-EPIC) could be in trouble to.
As far as I can tell, nobody has looked into the other clients.
At the moment I have no time. Any vulanteers?
I am aware of patches. But not aware of auditing being performed on BitchX
his/her brothers & sisters.
My advice: Telnet
Greetings,
Sacha Ligthert
outcast@root66
