BitchX Trojaned Distribution Authentication Bypass

High Nessus Network Monitor Plugin ID 1859

Synopsis

The remote host is vulnerable to a flaw which allows for the bypassing of authentication.

Description

The remote host is running the BitchX IRC client that may contain a backdoor. BitchX, if downloaded between 12-Apr-2003 and 13-Apr-2003, could cause a backdoor to be installed on the victim's computer. One of the FTP sites that was linked from the BitchX website was a false FTP site, and the BitchX IRC Client 1.0 c19 was modified to include a Trojan Horse. Once the Trojan Horse is executed it attempts to connect to 207.178.61.5 on port 6667. This could allow a remote attacker to gain access to systems that have installed the compromised BitchX distributions and execute commands with the privledges of the user that installed the affected package.

Solution

Upgrade according to vendor recommendations.

Plugin Details

Severity: High

ID: 1859

File Name: 1859.prm

Family: IRC Clients

Published: 2004/08/20

Modified: 2016/11/23

Dependencies: 1878

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:U/RC:ND

CVSSv3

Base Score: 7.3

Temporal Score: 6.7

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:U/RL:U/RC:X

Reference Information

BID: 7333