Date: Sun, 29 Oct 2000 10:04:16 +0100 From: Carl Johan Madestrand <cj@vallcom.net> To: Kris Kennaway <kris@citusc.usc.edu> Cc: ports@freebsd.org Subject: Re: BitchX IRC client exploit Message-ID: <20001029100416.A186@214.norrgarden.se> In-Reply-To: <20001028190915.A86861@citusc17.usc.edu>; from kris@citusc.usc.edu on Sat, Oct 28, 2000 at 07:09:15PM -0700 References: <20001028134504.A16785@214.norrgarden.se> <20001028190915.A86861@citusc17.usc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Oct 28, 2000 at 07:09:15PM -0700, Kris Kennaway wrote: > On Sat, Oct 28, 2000 at 01:45:04PM +0200, Carl Johan Madestrand wrote: > > Yesterday it came to my notice that there is a hole in the current version of > > BitchX 1.0c17 and possibly older versions aswell which I cannot confirm. > > A remote exploit which allows the intruder to control the users client in the > > form of sending any kind of text message to the users client including fake > > public messages. Hence making it appear as if that public message comes from > > the given nickname. > > Please provide information about how to replicate the problem. > > Kris > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ports" in the body of the message > Well as it turns out this is in fact an old issue with pretty much all ANSI IRC clients not only in BitchX. Also it seems to affect only certain types of terminals. So far i've seen it works under xterm and gnome term. I've been told it works under screen aswell. SecureCRT also seems to be vulnerable. /eval msg #channel $chr(133)$chr(141) <lamer> im lame /eval msg nick $chr(133)$chr(141) <lamer> im lame ...and some other variations. -- Carl Johan Madestrand <cj@vallcom.net> LoRd_CJ on IRC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001029100416.A186>