Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Slackware SSA:2003-141-02: BitchX integer and buffer overflow

Slackware SSA:2003-141-02: BitchX integer and buffer overflow

by Nikola Strahija on May 22nd, 2003 It has been reported that BitchX IRC client contains integer and buffer overflow vulnerabilities which, if exploited, could allow a malicious IRC server to crash BitchX or run arbitrary code.


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] BitchX security fixes (SSA:2003-141-02)

New BitchX packages are available to fix security problems found
by Timo Sirainen. BitchX is an IRC (Internet Relay Chat) client.
Under certain circumstances, a malicious IRC server could cause
BitchX to crash, or possibly to run arbitrary code as the user
running BitchX.

All sites running BitchX are advised to upgrade.

More information on the problem can be found here:

Here are the details from the Slackware 9.0 ChangeLog:
+--------------------------+
Tue May 20 20:13:09 PDT 2003
patches/packages/bitchx-1.0c19-i386-3.tgz: Patched several potential "evil
server" security problems noted by Timo Sirainen.
(* Security fix *)
+--------------------------+



WHERE TO FIND THE NEW PACKAGES:
+-----------------------------+

Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/bitchx-1.0c19-i386-3.tgz

Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/bitchx-1.0c19-i386-3.tgz



MD5 SIGNATURES:
+-------------+

Slackware 8.1 package:
ed9affc29424472b5f442e6182be92ec bitchx-1.0c19-i386-3.tgz

Slackware 9.0 package:
2e2158987c031115a4b1d5cc9741e033 bitchx-1.0c19-i386-3.tgz



INSTALLATION INSTRUCTIONS:
+------------------------+

Upgrade using upgradepkg (as root):

upgradepkg bitchx-1.0c19-i386-3.tgz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
[email protected]

+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: |
+------------------------------------------------------------------------+
| Send an email to [email protected] with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back. Follow the instructions to |
| complete the unsubscription. Do not reply to this message to |
| unsubscribe! |
+------------------------------------------------------------------------+

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE+zBCIakRjwEAQIjMRAgr2AJ4uNFByraDXfb52+mWX1t5qfWSCzgCfbIvn
F/XK/kfW59EyzszITurEkgU=
=1LcU
-----END PGP SIGNATURE-----


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »