"Presented below is an exploit for BitchX, a linux IRC client. If the BitchX binary is installed SetUID (to allow SSL access for non root users for example), an attacker can exploit a stack overflow and gain root privileges."
"BitchX local root" lies, lies. On 23/11/05, Sha0lin <[EMAIL PROTECTED]> wrote: > Hi, > > 1) BitchX is not setuid by default, so is not dangerous bug, > 2) the exploit's date is fake > > you can test the vuln with this exploit: > http://www.securiteam.com/exploits/6J00B2KBFU.html > > regards, > > Sha0 > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- regards c0ntex _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
