From owner-freebsd-ports Sat Oct 28 19: 7: 8 2000 Delivered-To: freebsd-ports@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id AF74837B4C5 for ; Sat, 28 Oct 2000 19:07:04 -0700 (PDT) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id e9T29F086911; Sat, 28 Oct 2000 19:09:15 -0700 (PDT) (envelope-from kris) Date: Sat, 28 Oct 2000 19:09:15 -0700 From: Kris Kennaway To: Carl Johan Madestrand Cc: ports@FreeBSD.ORG, bitchx@lists.bitchx.com, bugtraq@securityfocus.com Subject: Re: BitchX IRC client exploit Message-ID: <20001028190915.A86861@citusc17.usc.edu> References: <20001028134504.A16785@214.norrgarden.se> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001028134504.A16785@214.norrgarden.se>; from cj@vallcom.net on Sat, Oct 28, 2000 at 01:45:04PM +0200 Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, Oct 28, 2000 at 01:45:04PM +0200, Carl Johan Madestrand wrote: > Yesterday it came to my notice that there is a hole in the current version of > BitchX 1.0c17 and possibly older versions aswell which I cannot confirm. > A remote exploit which allows the intruder to control the users client in the > form of sending any kind of text message to the users client including fake > public messages. Hence making it appear as if that public message comes from > the given nickname. Please provide information about how to replicate the problem. Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message