BitchX IRC客户端”/INVITE”格式字符串漏洞

漏洞信息详情

BitchX IRC客户端”/INVITE”格式字符串漏洞

• CNNVD编号：CNNVD-200007-004
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2000-0594
  
• 漏洞类型：
  
  
  格式化字符串
  
• 发布时间：
  
  2000-07-04
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2006-09-05
  
• 厂        商：
  
  mandrakesoft
• 漏洞来源：
  Posted to BugTraq …

BitchX IRC客户端不能正确净化不可信格式字符串，远程攻击者可以借助对名称中含特殊格式字符的信道的邀请来导致服务拒绝。

Use the supplied patches or upgrade to a patched version. See the advisories under the “Credit” tab for vendor-specific packages.
BitchX IRC Client 75p3

• Christopher Schulte bitchx75.patch
  
  http://www.securityfocus.com/data/vulnerabilities/paches/bitchx75.patc
  h

BitchX IRC Client 1.0 c16

• Chris Collins bitchx10-c16.patch
  
  http://www.securityfocus.com/data/vulnerabilities/patches/bitchx10-c16
  .patch

来源: XF
名称: irc-bitchx-invite-dos
链接:http://xforce.iss.net/static/4897.php

来源: BID
名称: 1436
链接:http://www.securityfocus.com/bid/1436

来源: REDHAT
名称: RHSA-2000:042
链接:http://www.redhat.com/support/errata/RHSA-2000-042.html

来源: CALDERA
名称: CSSA-2000-022.0
链接:http://www.calderasystems.com/support/security/advisories/CSSA-2000-022.0.txt

来源: VULN-DEV
名称: 20000704 BitchX /ignore bug
链接:http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0018.html

来源: FREEBSD
名称: FreeBSD-SA-00:32
链接:http://archives.neohapsis.com/archives/freebsd/2000-07/0042.html

来源: BUGTRAQ
名称: 20000707 BitchX update
链接:http://archives.neohapsis.com/archives/bugtraq/2000-07/0105.html

来源: BUGTRAQ
名称: 20000707 CONECTIVA LINUX SECURITY ANNOUNCEMENT – BitchX
链接:http://archives.neohapsis.com/archives/bugtraq/2000-07/0098.html

来源: BUGTRAQ
名称: 20000704 BitchX exploit possibly waiting to happen, certain DoS
链接:http://archives.neohapsis.com/archives/bugtraq/2000-07/0026.html