BitchX vulnerability !

unbelievable!
this time you ll have to downgrade instead of upgrade in order to patch the vulnerability!

Quote:

---

-----BEGIN PGP SIGNED MESSAGE-----

Mon Feb 17 15:26:06 EST 2003

1. Topic:
BitchX IRC Client

2. Relevant versions:
Vulnerable:
BitchX-75p3
BitchX-1.0c16
BitchX-1.0c19
BitchX-1.0c20cvs
Not Vulnerable:
BitchX-1.0c18

3. Problem description:
A denial of service vulnerability exists in BitchX. Sending
a malformed RPL_NAMREPLY numeric 353 causes BitchX to segfault.
This problem was reported to panasync@efnet#bitchx on
Jan 30 2003, as of this writing we are unaware of any patches
or workarounds provided by panasync and or any members of
#bitchx

4. Workaround:
Patch Included
Use epic, ircII

5. References:
http://www.bitchx.org
http://www.epicsol.org
http://www.ircii.org

6. Contact:
argv@hushmail.com

---

more Details @
http://marc.theaimsgroup.com/?l=bugt...4352513997&w=2

Download Link for non-vulnerable version @ http://home.globalserve.de/owb/BitchX-1.0c18.tar.gz