Ubuntu
ircii-pana package

CVE-2007-4584 stack based buffer overflow via long MODE command

Bug #162296 reported by William Grant
10
Affects Status Importance Assigned to Milestone
ircii-pana (Debian)
Fix Released
Unknown
ircii-pana (Ubuntu)
Invalid
Medium
Unassigned
Dapper
Won't Fix
Medium
Unassigned
Edgy
Won't Fix
Medium
Unassigned
Feisty
Won't Fix
Medium
Unassigned
Gutsy
Won't Fix
Medium
Unassigned
Hardy
Invalid
Medium
Unassigned

Bug Description

Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC servers to execute arbitrary code via a long string in a MODE command, related to the p_mode variable.

CVE References

Revision history for this message
William Grant (wgrant) wrote :

Yes, LP's web interface sucks.

  affects ubuntu/dapper/ircii-pana
  status confirmed
  importance medium

  affects ubuntu/edgy/ircii-pana
  status confirmed
  importance medium

  affects ubuntu/feisty/ircii-pana
  status confirmed
  importance medium

  affects ubuntu/gutsy/ircii-pana
  status confirmed
  importance medium

  affects ubuntu/hardy/ircii-pana
  status confirmed
  importance medium

Changed in ircii-pana:
importance: Undecided → Medium
importance: Undecided → Medium
importance: Undecided → Medium
importance: Undecided → Medium
importance: Undecided → Medium
status: New → Confirmed
status: New → Confirmed
status: New → Confirmed
status: New → Confirmed
status: New → Confirmed
Bug Watch Updater (bug-watch-updater)
Changed in ircii-pana:
status: Unknown → New
Revision history for this message
oliver (olivertwilson) wrote :

not sure if this is the correct forum , but sounds like the problem i'm having. when in my ubuntu dapper os running in a b/w g3 and i open the terminal to enter a command , as soon as i iniate the cursor , the next thing that happens is that a string of continuous 0000000000000 is entered until i have to close the terminal. this also happens when i'm entering an address or a search word in firefox ver 1.5.0.13pre. i try not to send the input because i know that will crash , thus giving elevated priviliges. any suggestions as to a solution?

Revision history for this message
William Grant (wgrant) wrote :

It's not the correct forum. It doesn't sound anything like it.

Revision history for this message
oliver (olivertwilson) wrote : Re: [Bug 162296] Re: CVE-2007-4584 stack based buffer overflow via long MODE command

from your experience what would be the proper forum and the correct remedy or cause?

William Grant <email address hidden> wrote: It's not the correct forum. It doesn't sound anything like it.

--
CVE-2007-4584 stack based buffer overflow via long MODE command
https://bugs.launchpad.net/bugs/162296
You received this bug notification because you are a direct subscriber
of the bug.

Revision history for this message
William Grant (wgrant) wrote :

It's gooooooooone!

Changed in ircii-pana:
status: Confirmed → Invalid
Revision history for this message
oliver (olivertwilson) wrote :

excellent!!!!!!!!!!

William Grant <email address hidden> wrote: It's gooooooooone!

** Changed in: ircii-pana (Ubuntu Hardy)
       Status: Confirmed => Invalid

--
CVE-2007-4584 stack based buffer overflow via long MODE command
https://bugs.launchpad.net/bugs/162296
You received this bug notification because you are a direct subscriber
of the bug.

Bug Watch Updater (bug-watch-updater)
Changed in ircii-pana:
status: New → Fix Released
Revision history for this message
Hew (hew) wrote :

Ubuntu Edgy Eft is no longer supported, so a SRU will not be issued for this release. Marking Edgy as Won't Fix.

Changed in ircii-pana:
status: Confirmed → Won't Fix
Revision history for this message
LumpyCustard (orangelumpycustard) wrote :

Please close for Feisty as Won't Fix? This goes for all the other Feisty bugs.

Revision history for this message
Hew (hew) wrote :

Ubuntu Feisty Fawn is no longer supported, so a SRU will not be issued for this release. Marking Feisty as Won't Fix.

Changed in ircii-pana:
status: Confirmed → Won't Fix
Revision history for this message
Sergio Zanchetta (primes2h) wrote :

The 18 month support period for Gutsy Gibbon 7.10 has reached its end of life -
http://www.ubuntu.com/news/ubuntu-7.10-eol . As a result, we are closing the
Gutsy task.

Changed in ircii-pana (Ubuntu Gutsy):
status: Confirmed → Won't Fix
Revision history for this message
John Vivirito (gnomefreak) wrote :

Sorry but the upstream maintainers are MIA and there is no longer support for this package and was removed from archives.
Closing bug due to no more support.

Changed in ircii-pana (Ubuntu Dapper):
status: Confirmed → Won't Fix
Revision history for this message
John Vivirito (gnomefreak) wrote :

More info can be found at:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=451373

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.