• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

BitchX Remote BX_compress_modes() Buffer Overflow Vulnerability

Solution:
Slackware has released an advisory (SSA:2003-141-02) and fixes. Information about obtaining and applying fixes are available in the referenced advisory.

Debian has released an advisory (DSA 306-1). Information about obtaining and applying fixes are available in the referenced advisory.

Gentoo has released bitchx-1.0.19-r5 which addresses this issue. Users are advised to upgrade by performing the following commands:

emerge sync
emerge bitchx
emerge clean

Conectiva has released an advisory (CLA-2003:655) and fixes for this issue. Links to fixed packages can be found in the attached advisory. Alternatively, users can use the apt tool:

apt-get update
apt-get upgrade

An unofficial and untested patch has been released by caf@guarana.org.

It has been reported that these issues have been addressed in the current cvs tree.


BitchX IRC Client 1.0 c19

• caf@guarana.org 1.0c19-evil-server.patch
  Unofficial patch.
  http://downloads.securityfocus.com/vulnerabilities/patches/1.0c19-evil -server.patch


• Debian bitchx-dev_1.0-0c19-1.1_alpha.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-dev_1 .0-0c19-1.1_alpha.deb


• Debian bitchx-dev_1.0-0c19-1.1_arm.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-dev_1 .0-0c19-1.1_arm.deb


• Debian bitchx-dev_1.0-0c19-1.1_hppa.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-dev_1 .0-0c19-1.1_hppa.deb


• Debian bitchx-dev_1.0-0c19-1.1_i386.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-dev_1 .0-0c19-1.1_i386.deb


• Debian bitchx-dev_1.0-0c19-1.1_ia64.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-dev_1 .0-0c19-1.1_ia64.deb


• Debian bitchx-dev_1.0-0c19-1.1_m68k.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-dev_1 .0-0c19-1.1_m68k.deb


• Debian bitchx-dev_1.0-0c19-1.1_mips.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-dev_1 .0-0c19-1.1_mips.deb


• Debian bitchx-dev_1.0-0c19-1.1_mipsel.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-dev_1 .0-0c19-1.1_mipsel.deb


• Debian bitchx-dev_1.0-0c19-1.1_powerpc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-dev_1 .0-0c19-1.1_powerpc.deb


• Debian bitchx-dev_1.0-0c19-1.1_s390.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-dev_1 .0-0c19-1.1_s390.deb


• Debian bitchx-dev_1.0-0c19-1.1_sparc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-dev_1 .0-0c19-1.1_sparc.deb


• Debian bitchx-gtk_1.0-0c19-1.1_alpha.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1 .0-0c19-1.1_alpha.deb


• Debian bitchx-gtk_1.0-0c19-1.1_arm.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1 .0-0c19-1.1_arm.deb


• Debian bitchx-gtk_1.0-0c19-1.1_hppa.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1 .0-0c19-1.1_hppa.deb


• Debian bitchx-gtk_1.0-0c19-1.1_i386.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1 .0-0c19-1.1_i386.deb


• Debian bitchx-gtk_1.0-0c19-1.1_ia64.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1 .0-0c19-1.1_ia64.deb


• Debian bitchx-gtk_1.0-0c19-1.1_m68k.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1 .0-0c19-1.1_m68k.deb


• Debian bitchx-gtk_1.0-0c19-1.1_mips.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1 .0-0c19-1.1_mips.deb


• Debian bitchx-gtk_1.0-0c19-1.1_mipsel.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1 .0-0c19-1.1_mipsel.deb


• Debian bitchx-gtk_1.0-0c19-1.1_powerpc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1 .0-0c19-1.1_powerpc.deb


• Debian bitchx-gtk_1.0-0c19-1.1_s390.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1 .0-0c19-1.1_s390.deb


• Debian bitchx-gtk_1.0-0c19-1.1_sparc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1 .0-0c19-1.1_sparc.deb


• Debian bitchx-ssl_1.0-0c19-1.1_alpha.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-ssl_1 .0-0c19-1.1_alpha.deb


• Debian bitchx-ssl_1.0-0c19-1.1_arm.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-ssl_1 .0-0c19-1.1_arm.deb


• Debian bitchx-ssl_1.0-0c19-1.1_hppa.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-ssl_1 .0-0c19-1.1_hppa.deb


• Debian bitchx-ssl_1.0-0c19-1.1_i386.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-ssl_1 .0-0c19-1.1_i386.deb


• Debian bitchx-ssl_1.0-0c19-1.1_ia64.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-ssl_1 .0-0c19-1.1_ia64.deb


• Debian bitchx-ssl_1.0-0c19-1.1_m68k.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-ssl_1 .0-0c19-1.1_m68k.deb


• Debian bitchx-ssl_1.0-0c19-1.1_mips.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-ssl_1 .0-0c19-1.1_mips.deb


• Debian bitchx-ssl_1.0-0c19-1.1_mipsel.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-ssl_1 .0-0c19-1.1_mipsel.deb


• Debian bitchx-ssl_1.0-0c19-1.1_powerpc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-ssl_1 .0-0c19-1.1_powerpc.deb


• Debian bitchx-ssl_1.0-0c19-1.1_s390.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-ssl_1 .0-0c19-1.1_s390.deb


• Debian bitchx-ssl_1.0-0c19-1.1_sparc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-ssl_1 .0-0c19-1.1_sparc.deb


• Debian bitchx_1.0-0c19-1.1_alpha.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0 c19-1.1_alpha.deb


• Debian bitchx_1.0-0c19-1.1_arm.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0 c19-1.1_arm.deb


• Debian bitchx_1.0-0c19-1.1_hppa.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0 c19-1.1_hppa.deb


• Debian bitchx_1.0-0c19-1.1_i386.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0 c19-1.1_i386.deb


• Debian bitchx_1.0-0c19-1.1_ia64.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0 c19-1.1_ia64.deb


• Debian bitchx_1.0-0c19-1.1_m68k.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0 c19-1.1_m68k.deb


• Debian bitchx_1.0-0c19-1.1_mips.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0 c19-1.1_mips.deb


• Debian bitchx_1.0-0c19-1.1_mipsel.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0 c19-1.1_mipsel.deb


• Debian bitchx_1.0-0c19-1.1_powerpc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0 c19-1.1_powerpc.deb


• Debian bitchx_1.0-0c19-1.1_s390.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0 c19-1.1_s390.deb


• Debian bitchx_1.0-0c19-1.1_sparc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0 c19-1.1_sparc.deb


• Slackware bitchx-1.0c19-i386-3.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/b itchx-1.0c19-i386-3.tgz


• Slackware bitchx-1.0c19-i386-3.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/b itchx-1.0c19-i386-3.tgz

BitchX IRC Client 1.0 c18

• Conectiva BitchX-1.0c18-17U80_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/BitchX-1.0c18-17U80_2cl.i38 6.rpm


• Conectiva BitchX-1.0c18-1U70_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/BitchX-1.0c18-1U70_2cl.i3 86.rpm


• Conectiva BitchX-1.0c18-29203U90_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/BitchX-1.0c18-29203U90_1cl. i386.rpm


• Conectiva BitchX-doc-1.0c18-17U80_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/BitchX-doc-1.0c18-17U80_2cl .i386.rpm


• Conectiva BitchX-doc-1.0c18-1U70_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/BitchX-doc-1.0c18-1U70_2c l.i386.rpm


• Conectiva BitchX-doc-1.0c18-29203U90_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/BitchX-doc-1.0c18-29203U90_ 1cl.i386.rpm


• Conectiva BitchX-help-1.0c18-17U80_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/BitchX-help-1.0c18-17U80_2c l.i386.rpm


• Conectiva BitchX-help-1.0c18-1U70_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/BitchX-help-1.0c18-1U70_2 cl.i386.rpm


• Conectiva BitchX-help-1.0c18-29203U90_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/BitchX-help-1.0c18-29203U90 _1cl.i386.rpm


• Conectiva wserv-1.0c18-1U70_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/wserv-1.0c18-1U70_2cl.i38 6.rpm

BitchX IRC Client 1.0 c16

• Debian bitchx-gtk_1.0-0c16-2.1_alpha.deb
  Debian GNU/Linux 2.2 alias potato
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1 .0-0c16-2.1_alpha.deb


• Debian bitchx-gtk_1.0-0c16-2.1_arm.deb
  Debian GNU/Linux 2.2 alias potato
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1 .0-0c16-2.1_arm.deb


• Debian bitchx-gtk_1.0-0c16-2.1_i386.deb
  Debian GNU/Linux 2.2 alias potato
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1 .0-0c16-2.1_i386.deb


• Debian bitchx-gtk_1.0-0c16-2.1_m68k.deb
  Debian GNU/Linux 2.2 alias potato
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1 .0-0c16-2.1_m68k.deb


• Debian bitchx-gtk_1.0-0c16-2.1_powerpc.deb
  Debian GNU/Linux 2.2 alias potato
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1 .0-0c16-2.1_powerpc.deb


• Debian bitchx-gtk_1.0-0c16-2.1_sparc.deb
  Debian GNU/Linux 2.2 alias potato
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1 .0-0c16-2.1_sparc.deb


• Debian bitchx_1.0-0c16-2.1_alpha.deb
  Debian GNU/Linux 2.2 alias potato
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0 c16-2.1_alpha.deb


• Debian bitchx_1.0-0c16-2.1_arm.deb
  Debian GNU/Linux 2.2 alias potato
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0 c16-2.1_arm.deb


• Debian bitchx_1.0-0c16-2.1_i386.deb
  Debian GNU/Linux 2.2 alias potato
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0 c16-2.1_i386.deb


• Debian bitchx_1.0-0c16-2.1_m68k.deb
  Debian GNU/Linux 2.2 alias potato
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0 c16-2.1_m68k.deb


• Debian bitchx_1.0-0c16-2.1_powerpc.deb
  Debian GNU/Linux 2.2 alias potato
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0 c16-2.1_powerpc.deb


• Debian bitchx_1.0-0c16-2.1_sparc.deb
  Debian GNU/Linux 2.2 alias potato
  http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0 c16-2.1_sparc.deb