Gentoo: 202303-05 Critical: MIRC Remote Exploit Mitigation Update
gentoo
March 24, 2003
Bitchx is full of sprintf() calls and relying on BIG_BUFFER_SIZE being large enough.
Summary
- - --------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200303-21 - - ---------------------------------------------------------------------
- - ---------------------------------------------------------------------
- From advisory:
"Full of sprintf() calls and relying on BIG_BUFFER_SIZE being large enough. There's multiple ways to exploit it by giving near-BIG_BUFFER_SIZE strings in various places."
Read the full advisory at: http://marc.theaimsgroup.com/?l=bugtraq&m=104766521328322&w=2
SOLUTION
It is recommended that all Gentoo Linux users who are running net-irc/bitchx upgrade to bitchx-1.0.19-r5 as follows:
emerge sync emerge bitchx emerge clean
- - --------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at - - ---------------------------------------------------------------------
1.0.19-r5
Topics Covered
Resolution
References
Availability
style>.gentoo_availability{display:block;}
Concerns
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
PACKAGE : bitchx
SUMMARY : buffer overflow
DATE : 2003-03-24 11:56 UTC
EXPLOIT : remote
VERSIONS AFFECTED : <1.0.19-r5 : fixed version>=1.0.19-r5
CVE :
Topics Covered
Background
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Affected Packages
Impact
Workaround
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!