Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

BitchX IRC Client "/INVITE" Command Format String DoS

High

Synopsis

The remote host is vulnerable to a remote 'format string' flaw.

Description

The remote host is running a version of the BitchX IRC client that may be vulnerable to a format string attack. BitchX IRC clients, versions 75 up to and including 1.0c16, are vulnerable to a Denial of Service attack and possible remote execution of code. By /invite-ing someone to a channel name containing formatting characters an IRC user can cause the targeted user's BitchX client to seg-fault.

Solution

Upgrade according to vendor recommendations.