vendor:
BitchX
by:
bannedit
7.5
CVSS
HIGH
Heap Overflow
122
CWE
Product Name: BitchX
Affected Version From: BitchX-1.1 Final
Affected Version To: BitchX-1.1 Final
Patch Exists: NO
Related CWE:
CPE: a:bitchx:bitchx:1.1
Platforms Tested: Linux, FreeBSD
2007
BitchX-1.1 Final MODE Heap Overflow [0-day]
This exploit takes advantage of a stack overflow in p_mode in BitchX-1.1 Final. Due to input size restrictions, the overflow can't occur on the stack, but it can overwrite a structure containing pointers to heap data, allowing the attacker to overwrite the GOT.
Mitigation:
Apply the official patch for BitchX-1.1 Final or upgrade to a newer version.