aboutsummaryrefslogtreecommitdiff
path: root/share/security/advisories/FreeBSD-SA-00:32.bitchx.asc
diff options
context:
space:
mode:
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-00:32.bitchx.asc')
-rw-r--r--share/security/advisories/FreeBSD-SA-00:32.bitchx.asc93
1 files changed, 0 insertions, 93 deletions
diff --git a/share/security/advisories/FreeBSD-SA-00:32.bitchx.asc b/share/security/advisories/FreeBSD-SA-00:32.bitchx.asc
deleted file mode 100644
index bda36aae46..0000000000
--- a/share/security/advisories/FreeBSD-SA-00:32.bitchx.asc
+++ /dev/null
@@ -1,93 +0,0 @@
------BEGIN PGP SIGNED MESSAGE-----
-
-=============================================================================
-FreeBSD-SA-00:32 Security Advisory
- FreeBSD, Inc.
-
-Topic: bitchx port contains client-side vulnerability
-
-Category: ports
-Module: bitchx
-Announced: 2000-07-05
-Affects: Ports collection.
-Corrected: 2000-07-03
-Vendor status: Patch released
-FreeBSD only: NO
-
-I. Background
-
-BitchX is a popular IRC client.
-
-II. Problem Description
-
-The bitchx client incorrectly parses string-formatting operators
-included as part of channel invitation messages sent by remote IRC
-users. This can cause the local client to crash, and may possibly
-present the ability to execute arbitrary code as the local user.
-
-The bitchx port is not installed by default, nor is it "part of
-FreeBSD" as such: it is part of the FreeBSD ports collection, which
-contains over 3400 third-party applications in a ready-to-install
-format. The ports collections shipped with FreeBSD 4.0 and 3.5 contain
-this problem since it was discovered after the release.
-
-FreeBSD makes no claim about the security of these third-party
-applications, although an effort is underway to provide a security
-audit of the most security-critical ports.
-
-III. Impact
-
-Remote IRC users can cause the local client to crash, and possibly
-execute code as the local user.
-
-If you have not chosen to install the bitchx port/package, then
-your system is not vulnerable to this problem.
-
-IV. Workaround
-
-Issue the following bitchx command (e.g. as part of a startup script):
-
-/ignore * invites
-
-which will disable processing of channel invitation messages.
-
-V. Solution
-
-One of the following:
-
-1) Upgrade your entire ports collection and rebuild the bitchx port.
-
-2) Deinstall the old package and install a new package dated after the
-correction date, obtained from:
-
-ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/irc/bitchx-1.0c16.tar.gz
-ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/irc/bitchx-1.0c16.tar.gz
-ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/irc/bitchx-1.0c16.tar.gz
-ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/irc/bitchx-1.0c16.tar.gz
-ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/irc/bitchx-1.0c16.tar.gz
-
-NOTE: It may be several days before updated packages are available. Be
-sure to check the file creation date on the package, because the
-version number of the software has not changed.
-
-3) download a new port skeleton for the bitchx port from:
-
-http://www.freebsd.org/ports/
-
-and use it to rebuild the port.
-
-4) Use the portcheckout utility to automate option (3) above. The
-portcheckout port is available in /usr/ports/devel/portcheckout or the
-package can be obtained from:
-
-ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz
-
------BEGIN PGP SIGNATURE-----
-Version: 2.6.2
-
-iQCVAwUBOWGvPlUuHi5z0oilAQGEQAP+MbpDIPmejoZUcpVCpIBFP+2LwmR/ouwu
-LMuDVgY5l3kaWNIypTNAbMVPDZFx1l3+LEUJfurBLydpH8PnB17C7tE+uPXpNDzA
-ph3jjHXazN8DvvdYCD6EcEXccgGIWREz+OUPsH4VZtqC0g84Lt7tpZwBFZ+Fh2Py
-gjxO4c2fPE8=
-=B4nR
------END PGP SIGNATURE-----