5263407 2000-07-10 09:03 /150 rader/ Postmaster
Mottagare: Bugtraq (import) <11651>
Ärende: Security Update: Denial of Service against irc-BX
------------------------------------------------------------
Approved-By: aleph1@SECURITYFOCUS.COM
Delivered-To: bugtraq@lists.securityfocus.com
Delivered-To: bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-ID: <20000707164347.B8180@phoenix.calderasystems.com>
Date: Fri, 7 Jul 2000 16:43:47 -0600
Reply-To: Technical Support <support@PHOENIX.CALDERASYSTEMS.COM>
Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
From: Technical Support <support@PHOENIX.CALDERASYSTEMS.COM>
X-To: announce@lists.calderasystems.com, linux-security@redhat.com
To: BUGTRAQ@SECURITYFOCUS.COM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
Caldera Systems, Inc. Security Advisory
Subject: Denial of Service against irc-BX
Advisory number: CSSA-2000-022.0
Issue date: 2000 July, 6
Cross reference:
______________________________________________________________________________
1. Problem Description
The IRC client irc-BX (otherwise known as B*tchX) will accept
bogus data from other IRC users that causes it to crash, and
possibly even to execute malicious code. An exploit has been
published that will result in a crash of the IRC client.
2. Vulnerable Versions
System Package
-----------------------------------------------------------
OpenLinux Desktop 2.3 All packages previous to
irc-BX-75p3-5
OpenLinux eServer 2.3 All packages previous to
and OpenLinux eBuilder irc-BX-75p3-5
OpenLinux eDesktop 2.4 All packages previous to
irc-BX-1.0-3
3. Solution
Workaround:
none known
The proper solution is to upgrade to the fixed packages.
4. OpenLinux Desktop 2.3
4.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS
4.2 Verification
1cdc1f1b8cd3ddb8f9547bd3b983d931 RPMS/irc-BX-75p3-5.i386.rpm
8a3affcbb25d22bf909845b0a3d93794 SRPMS/irc-BX-75p3-5.src.rpm
4.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -F irc-BX-75p3-5.i386.rpm
5. OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential 3.0
5.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS
5.2 Verification
8d006667e597c6e89cdec61fb85ab878 RPMS/irc-BX-75p3-5.i386.rpm
8a3affcbb25d22bf909845b0a3d93794 SRPMS/irc-BX-75p3-5.src.rpm
5.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -F irc-BX-75p3-5.i386.rpm
6. OpenLinux eDesktop 2.4
6.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS
6.2 Verification
f13cf49d7e8eea02c2194865a37755db RPMS/irc-BX-1.0c16-3.i386.rpm
53423f8eb8efc5cd23f11d861218a45a SRPMS/irc-BX-1.0c16-3.src.rpm
6.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -F irc-BX-1.0c16-3.i386.rpm
Please ignore any messages about being unable to remove
directories during the upgrade.
7. References
This and other Caldera security resources are located at:
http://www.calderasystems.com/support/security/index.html
This security fix closes Caldera's internal Problem Report 7137.
8. Disclaimer
Caldera Systems, Inc. is not responsible for the misuse of any of
the information we provide on this website and/or through our
security advisories. Our advisories are a service to our customers
intended to promote secure installation and use of Caldera
OpenLinux.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE5ZZQa18sy83A/qfwRAsvVAKClrU2t9+O3e9p6oWCHY8PRq8YPLgCfXkP9
lvnDqoc5itTANKDm1h++Svo=
=0ot7
-----END PGP SIGNATURE-----
(5263407) ------------------------------------------(Ombruten)