vendor:
BitchX IRC client
by:
RaiSe
7.5
CVSS
HIGH
Denial of Service, Remote Code Execution
119
CWE
Product Name: BitchX IRC client
Affected Version From: Version 75
Affected Version To: Version 1.0c16
Patch Exists: NO
Related CWE: Unknown
CPE: a:bitchx:bitchx:75
Platforms Tested: redhat 6.0 (2.2.16), redhat 7.0 (2.2.16), debian 2.2 (2.2.16)
Unknown
BitchX IRC client Denial of Service and Remote Code Execution
BitchX IRC clients, versions 75 up to and including 1.0c16, are vulnerable to a Denial of Service and possible remote execution of code. By /invite-ing someone to a channel name containing formatting characters (%s, %n, etc) an IRC user can cause the targetted user's BitchX client to seg-fault. This is caused by the fact that bitchx passes the channel name from the invite into the logging function as its format string [which is used directly in a vsprintf], rather than as an argument to the format. This also affects the KILL command.
Mitigation:
Upgrade to a version of BitchX that is not affected by this vulnerability
