> > Hello vuln-dev, > > I don't know if this is a widely known thing, but recently I.. um... > discovered a segmentation fault bug in every BitchX irc client I've > encountered. There are LOTS of segfaults in BitchX. I've reported a 4-5 to the developers during the last month, but fixes seem to be slow. > The problem occurs when you try to change your nick during a connection > to the server. If you do it before the server registeres your nick, > BitchX drops with a segfault. That's a new one for me. I've had several though related to code like this: memset(somestring, 0, strlen(somestring)-1) There are a 4-5 occurences of these if you grep for it in the source, and only one of these actually checks for a 0-length string. Also, the FE builtin scripting function is broken, it will consistently SEGV if passed: something "" something None of the popular BitchX scripts seem to be remotely exploitable because of this, although i didnt research too much. -- Erik Sperling Johansen
This archive was generated by hypermail 2b30 : Fri Dec 28 2001 - 09:14:43 PST