[18045] in bugtraq
CSSA-2000-044 irc-bx buffer overflow
daemon@ATHENA.MIT.EDU (Caldera Support Info)
Tue Dec 12 20:04:45 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Message-Id: <20001211150127.A21225@locutus4.calderasystems.com>
Date: Mon, 11 Dec 2000 15:01:28 -0700
Reply-To: Caldera Support Info <sup-info@LOCUTUS4.CALDERASYSTEMS.COM>
From: Caldera Support Info <sup-info@LOCUTUS4.CALDERASYSTEMS.COM>
X-To: announce@lists.calderasystems.com, linux-security@redhat.com,
linuxlist@securityportal.com
To: BUGTRAQ@SECURITYFOCUS.COM
Content-Transfer-Encoding: 8bit
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
Caldera Systems, Inc. Security Advisory
Subject: irc-bx buffer overflow
Advisory number: CSSA-2000-044.0
Issue date: 2000 December, 11
Cross reference:
______________________________________________________________________________
1. Problem Description
There is a bug in the BitchX IRC client shipped with OpenLinux
which allows an attacker in control of his reverse DNS mapping
to crash or even remotely access a BitchX session.
2. Vulnerable Versions
System Package
-----------------------------------------------------------
OpenLinux Desktop 2.3 All packages previous to
irc-BX-1.0c17-2
OpenLinux eServer 2.3 All packages previous to
and OpenLinux eBuilder irc-BX-1.0c17-2
OpenLinux eDesktop 2.4 All packages previous to
irc-BX-1.0c17-2
3. Solution
Workaround:
none
The proper solution is to upgrade to the fixed packages
4. OpenLinux Desktop 2.3
4.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS
4.2 Verification
181880ff4a1d84ea279b2cb2488df272 RPMS/irc-BX-1.0c17-2.i386.rpm
811f13b66a7ecf4213f3b45a151cdb46 SRPMS/irc-BX-1.0c17-2.src.rpm
4.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fhv irc-BX-1.0c17-2.i386.rpm
5. OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential 3.0
5.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS
5.2 Verification
5af28569fea636b70d849b18197884d0 RPMS/irc-BX-1.0c17-2.i386.rpm
811f13b66a7ecf4213f3b45a151cdb46 SRPMS/irc-BX-1.0c17-2.src.rpm
5.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Uhv irc-BX-1.0c17-2.i386.rpm
6. OpenLinux eDesktop 2.4
6.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS
6.2 Verification
f68ff737cbee8e7c1f4015c9df089abb RPMS/irc-BX-1.0c17-2.i386.rpm
811f13b66a7ecf4213f3b45a151cdb46 SRPMS/irc-BX-1.0c17-2.src.rpm
6.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Uhv irc-BX-1.0c17-2.i386.rpm
7. References
This and other Caldera security resources are located at:
http://www.calderasystems.com/support/security/index.html
This security fix closes Caldera's internal Problem Report 8515.
8. Disclaimer
Caldera Systems, Inc. is not responsible for the misuse of any of the
information we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended to
promote secure installation and use of Caldera OpenLinux.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6NO2t18sy83A/qfwRAs6GAJ4iDnofKuVgJl7MO8GjbJAjA0Kb+gCgrOxs
PlygnuzSlUMsEb/smZrCV/U=
=+9eB
-----END PGP SIGNATURE-----
