Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 11 Jun 2000 01:13:16 +0200
From:      Marc Silver <marcs@draenor.org>
To:        Tyler Spivey <tyler@wapvi.bc.ca>
Cc:        FreeBSD Questions <freebsd-questions@freebsd.org>
Subject:   Re: ircii
Message-ID:  <20000611011316.N81376@draenor.org>
In-Reply-To: <Pine.LNX.4.10.10006101342590.17513-100000@viper.wapvi.bc.ca>; from tyler@wapvi.bc.ca on Sat, Jun 10, 2000 at 01:43:15PM -0700
References:  <20000610180935.L81376@draenor.org> <Pine.LNX.4.10.10006101342590.17513-100000@viper.wapvi.bc.ca>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hey there,

Dug this up...

-----Original Message-----
From: bugzilla@REDHAT.COM [mailto:bugzilla@REDHAT.COM]
Sent: Thursday, March 30, 2000 6:41 PM
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: [RHSA-2000:008-01] ircii buffer overflow


---------------------------------------------------------------------
                   Red Hat, Inc. Security Advisory

Synopsis:          ircii buffer overflow
Advisory ID:       RHSA-2000:008-01
Issue date:        2000-03-29
Updated on:        2000-03-29
Product:           Red Hat Linux
Keywords:          N/A
Cross references:  ircii 4.4M buffer dcc
---------------------------------------------------------------------

1. Topic:

A buffer overflow exists in ircii,

2. Relevant releases/architectures:

Red Hat Linux 4.2 - i386 alpha sparc
Red Hat Linux 5.2 - i386 alpha sparc
Red Hat Linux 6.0 - i386 alpha sparc
Red Hat Linux 6.1 - i386 alpha sparc
Red Hat Linux 6.2 - i386 sparc


3. Problem description:

A buffer overflow exists in ircii's dcc chat capability.
An attacker could use this overflow to execute code
as the user of ircii.

It is recommended that users of ircii update to the
fixed pacakges:

Compatibility note: ircii's library directory has
moved from /usr/lib/irc to /usr/share/irc.

[snip]

10. References:

http://www.securityfocus.com/vdb/bottom.html?vid=1046

Cheers,
Marc

On Sat, Jun 10, 2000 at 01:43:15PM -0700, Tyler Spivey wrote:
> what do you mean buffer overflow? i want to know. and, whats the internal
> ver of 4.4u


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000611011316.N81376>