FreeBSD : irc/bitchx -- multiple vulnerabilities (0a799a8e-c9d4-11e2-a424-14dae938ec40)

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

bannedit reports :

Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC
servers to execute arbitrary code via a long string in a MODE command,
related to the p_mode variable.

Nico Golde reports :

There is a security issue in ircii-pana in bitchx' hostname command.
The e_hostname function (commands.c) uses tmpnam to create a temporary
file which is known to be insecure.

Chris reports :

Chris has reported a vulnerability in the Cypress script for BitchX,
which can be exploited by malicious people to disclose potentially
sensitive information or to compromise a vulnerable system.

The vulnerability is caused due to malicious code being present in the
modules/mdop.m file. This can be exploited to disclose the content of
various system files or to execute arbitrary shell commands.

Successful exploitation allows execution of arbitrary code, but
requires the control of the 'lsyn.webhop.net' domain.

See also :

http://www.nessus.org/u?2fdfc9b4

Solution :

Update the affected package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 66734 ()

Bugtraq ID:

CVE ID: CVE-2007-4584
CVE-2007-5839
CVE-2007-5922

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now