unbelievable!
this time you ll have to downgrade instead of upgrade in order to patch the vulnerability!
more Details @
-----BEGIN PGP SIGNED MESSAGE-----
Mon Feb 17 15:26:06 EST 2003
1. Topic:
BitchX IRC Client
2. Relevant versions:
Vulnerable:
BitchX-75p3
BitchX-1.0c16
BitchX-1.0c19
BitchX-1.0c20cvs
Not Vulnerable:
BitchX-1.0c18
3. Problem description:
A denial of service vulnerability exists in BitchX. Sending
a malformed RPL_NAMREPLY numeric 353 causes BitchX to segfault.
This problem was reported to panasync@efnet#bitchx on
Jan 30 2003, as of this writing we are unaware of any patches
or workarounds provided by panasync and or any members of
#bitchx
4. Workaround:
Patch Included
Use epic, ircII
5. References:
http://www.bitchx.org
http://www.epicsol.org
http://www.ircii.org
6. Contact:
argv@hushmail.com
http://marc.theaimsgroup.com/?l=bugt...4352513997&w=2
Download Link for non-vulnerable version @ http://home.globalserve.de/owb/BitchX-1.0c18.tar.gz
Reply With Quote