---

Home Security

Red Hat Security Advisory: BitchX denial of service vulnerability

By

Date: Thu, 6 Jul 2000 12:39 -0400
From: bugzilla@redhat.com
To: redhat-watch-list@redhat.com
Subject: [RHSA-2000:042-01] BitchX denial of service
vulnerability

                   Red Hat, Inc. Security Advisory

Synopsis:          BitchX denial of service vulnerability
Advisory ID:       RHSA-2000:042-01
Issue date:        2000-07-06
Updated on:        2000-07-06
Product:           Red Hat Powertools
Keywords:          DoS
Cross references:  N/A

1. Topic:

A denial of service vulnerability exists in BitchX.

2. Relevant releases/architectures:

Red Hat Powertools 6.0 – i386, alpha, sparc
Red Hat Powertools 6.1 – i386, alpha, sparc
Red Hat Powertools 6.2 – i386, alpha, sparc

3. Problem description:

A denial of service vulnerability exists in BitchX. Improper
handling of incoming invitation messages can crash the client. Any
user on IRC can send the client an invitation message that causes
BitchX to segfault.

4. Solution:

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla
for more info):

N/A

6. RPMs required:

Red Hat Powertools 6.1:

Red Hat Powertools 6.2:

sparc:

ftp://updates.redhat.com/powertools/6.2/sparc/BitchX-1.0c16-1.sparc.rpm

alpha:

ftp://updates.redhat.com/powertools/6.2/alpha/BitchX-1.0c16-1.alpha.rpm

i386:

ftp://updates.redhat.com/powertools/6.2/i386/BitchX-1.0c16-1.i386.rpm

sources:

ftp://updates.redhat.com/powertools/6.2/SRPMS/BitchX-1.0c16-1.src.rpm

7. Verification:

MD5 sum Package Name

ea54ae7d29be2abeb4e0252ad2e5a040 6.2/SRPMS/BitchX-1.0c16-1.src.rpm
7c517589b963bbf9a42025cbd216fcdb 6.2/alpha/BitchX-1.0c16-1.alpha.rpm
93a409b68bdef05468a86bfdae2cb8d5 6.2/i386/BitchX-1.0c16-1.i386.rpm
2317c93fa3ed3a0ee0566ecd1c6d98ad 6.2/sparc/BitchX-1.0c16-1.sparc.rpm

These packages are GPG signed by Red Hat, Inc. for security. Our
key is available at:
http://www.redhat.com/corp/contact.html

You can verify each package with the following command:
rpm –checksig <filename>

If you only wish to verify that each package has not been
corrupted or tampered with, examine only the md5sum with the
following command:
rpm –checksig –nogpg <filename>

8. References:

Thanks to Colten Edwards edwards@bitchx.dimension6.com
for making us aware of the problem.

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.