Recently I found interesting overflow in dgets(...) function in one of the most popular irc clients, BitchX 74p4 (by panasync). You can cause remote client crash (and possibly much more) when you're fingered (/finger built-in command) by victim - simply create eg. .plan with line longer than 2 kbytes. Depending on used line (ln /dev/urandom ~/.plan is nice), client will crash with SEGV immediately or during any next '/' command... Dumb, isn't it? For test purposes, /finger lcamtufat_private _______________________________________________________________________ Michal Zalewski [lcamtufat_private] <= finger for pub PGP key Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deutsch] [echo "\$0&\$0">_;chmod +x _;./_] <=------=> [tel +48 (0) 22 813 25 86]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:54:25 PDT