[15677] in bugtraq
Re: BitchX exploit possibly waiting to happen, certain DoS
daemon@ATHENA.MIT.EDU (Spikeman)
Fri Jul 7 15:34:28 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <3965035C.7642E547@myself.com>
Date: Thu, 6 Jul 2000 17:08:28 -0500
Reply-To: Spikeman <spikeman@MYSELF.COM>
From: Spikeman <spikeman@MYSELF.COM>
X-To: OutCasT <outcast@CUBA.XS4ALL.NL>
To: BUGTRAQ@SECURITYFOCUS.COM
EPIC4pre2.500 == safe
Blackened 1.7.1 == safe
ircII 4.4 :ircii 2.9: AT&T you will (ojnk!) == safe
ircII 4.4J+ScrollZ v1.8i6/Public (27.1.2000)+Cdcc v1.8+OperMods v1.0 = safe
OutCasT wrote:
> >A temporary solution is to switch to another client, like ircII, which is
> >considered by many to be the more karmic client anyway.
> This hasn't been proven, nor has it been proven or announced that ircII
> or any other client wich derived from it is vunerable.
>
> As I said in the Vuln-dev list. BitchX originaly is a patched version of
> irc.. ircII maybe. If BitchX is vunerable. My guess is all other
> equevelants (like ircII-EPIC) could be in trouble to.
>
> As far as I can tell, nobody has looked into the other clients.
> At the moment I have no time. Any vulanteers?
> I am aware of patches. But not aware of auditing being performed on BitchX
> his/her brothers & sisters.
>
> My advice: Telnet
>
> Greetings,
> Sacha Ligthert
>
> outcast@root66
--
___
/\ \ phase two of global domination in operation, hide all lions.
/::\ \
/:/\:\ \ Comments or Questions email spikeman@myself.com
_\:\~\:\ \
/\ \:\ \:\__\ Spikeman spikeman@myself.com
\:\ \:\ \/__/ http://www.spikeman.net
\:\ \:\__\ Find Me On EFNET /whois Spikeman
\:\/:/ /
\::/ / Friends are lights in winter;
\/__/ The older the friend, the brighter the light.
