RedHat: BitchX denial of service vulnerability
Posted by LinuxSecurity.com Team   
RedHat Linux A denial of service vulnerability exists in BitchX.
---------------------------------------------------------------------
                   Red Hat, Inc. Security Advisory

Synopsis:          BitchX denial of service vulnerability
Advisory ID:       RHSA-2000:042-01
Issue date:        2000-07-06
Updated on:        2000-07-06
Product:           Red Hat Powertools
Keywords:          DoS
Cross references:  N/A
---------------------------------------------------------------------

1. Topic:

A denial of service vulnerability exists in BitchX.

2. Relevant releases/architectures:

Red Hat Powertools 6.0 - i386, alpha, sparc
Red Hat Powertools 6.1 - i386, alpha, sparc
Red Hat Powertools 6.2 - i386, alpha, sparc

3. Problem description:

A denial of service vulnerability exists in BitchX.  Improper handling of
incoming invitation messages can crash the client.  Any user on IRC can send the
 client an invitation message that causes BitchX to segfault.

4. Solution:

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

5. Bug IDs fixed  (http://bugzilla.Red Hat.com/bugzilla for more info):

N/A

6. RPMs required:

Red Hat Powertools 6.1:

Red Hat Powertools 6.2:

sparc: 
ftp://updates.Red Hat.com/powertools/6.2/sparc/BitchX-1.0c16-1.sparc.rpm

alpha: 
ftp://updates.Red Hat.com/powertools/6.2/alpha/BitchX-1.0c16-1.alpha.rpm

i386: 
ftp://updates.Red Hat.com/powertools/6.2/i386/BitchX-1.0c16-1.i386.rpm

sources: 
ftp://updates.Red Hat.com/powertools/6.2/SRPMS/BitchX-1.0c16-1.src.rpm

7. Verification:

MD5 sum                           Package Name
--------------------------------------------------------------------------
ea54ae7d29be2abeb4e0252ad2e5a040  6.2/SRPMS/BitchX-1.0c16-1.src.rpm
7c517589b963bbf9a42025cbd216fcdb  6.2/alpha/BitchX-1.0c16-1.alpha.rpm
93a409b68bdef05468a86bfdae2cb8d5  6.2/i386/BitchX-1.0c16-1.i386.rpm
2317c93fa3ed3a0ee0566ecd1c6d98ad  6.2/sparc/BitchX-1.0c16-1.sparc.rpm

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
     http://www.Red Hat.com/corp/contact.html

You can verify each package with the following command:
    rpm --checksig  

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg 

8. References:

Thanks to Colten Edwards <edwards@bitchx.dimension6.com> for making us aware of the problem.