Date: Sat, 28 Oct 2000 19:09:15 -0700 From: Kris Kennaway <kris@citusc.usc.edu> To: Carl Johan Madestrand <cj@vallcom.net> Cc: ports@FreeBSD.ORG, bitchx@lists.bitchx.com, bugtraq@securityfocus.com Subject: Re: BitchX IRC client exploit Message-ID: <20001028190915.A86861@citusc17.usc.edu> In-Reply-To: <20001028134504.A16785@214.norrgarden.se>; from cj@vallcom.net on Sat, Oct 28, 2000 at 01:45:04PM %2B0200 References: <20001028134504.A16785@214.norrgarden.se>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Oct 28, 2000 at 01:45:04PM +0200, Carl Johan Madestrand wrote: > Yesterday it came to my notice that there is a hole in the current version of > BitchX 1.0c17 and possibly older versions aswell which I cannot confirm. > A remote exploit which allows the intruder to control the users client in the > form of sending any kind of text message to the users client including fake > public messages. Hence making it appear as if that public message comes from > the given nickname. Please provide information about how to replicate the problem. Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001028190915.A86861>