Vulnerabilities > CVE-2003-0321 - Remote Cluster() Heap Corruption vulnerability in BitchX
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple buffer overflows in BitchX IRC client 1.0-0c19 and earlier allow remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via long hostnames, nicknames, or channel names, which are not properly handled by the functions (1) send_ctcp, (2) cannot_join_channel, (3) cluster, (4) BX_compress_modes, (5) handle_oper_vision, and (6) ban_it.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family | Debian Local Security Checks |
NASL id | DEBIAN_DSA-306.NASL |
description | Timo Sirainen discovered several problems in BitchX, a popular client for Internet Relay Chat (IRC). A malicious server could craft special reply strings, triggering the client to write beyond buffer boundaries or allocate a negative amount of memory. This could lead to a denial of service if the client only crashes, but may also lead to executing of arbitrary code under the user id of the chatting user. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 15143 |
published | 2004-09-29 |
reporter | This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/15143 |
title | Debian DSA-306-1 : ircii-pana - buffer overflows, integer overflow |
code |
|
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000655
- http://marc.info/?l=bugtraq&m=104766521328322&w=2
- http://marc.info/?l=bugtraq&m=104852615211913&w=2
- http://security.debian.org/pool/updates/main/i/ircii-pana/ircii-pana_1.0-0c16-2.1.diff.gz
- http://www.debian.org/security/2003/dsa-306
- http://www.securityfocus.com/bid/7096
- http://www.securityfocus.com/bid/7097
- http://www.securityfocus.com/bid/7099
- http://www.securityfocus.com/bid/7100