bitchx / bitchx1.3 Goto Github PK
View Code? Open in Web Editor NEWLicense: Other
License: Other
Subject: Remote DoS Vulnerability in bitchx, ircii < 20210314 and scrollz
Hi,
i discovered a remote DoS vulnerability (crash) that effects bitchx, ircii and
scrollz.
Its unknown if this could also be used for arbitrary code execution.
Affected Versions:
This bug is very old and affects any version, except
ircii-20210314, which got a fix.
CVE Name:
none yet
Problem Description:
ircii has a bug in parsing CTCP UTC messages. bitchx and scrollz are forks of
ircii and inherited that feature and bug.
Impact:
A malicious irc user could nuke any other irc user that uses bitchx, ircii or
scrollz out of irc (crash their irc client) by connecting to the same irc
network and sending a malicious CTCP UTC message.
Solution:
For ircii: Update to ircii-20210314
For bitchx and scrollz: none yet
History:
20210302 Vulnerability and PoC reported to:
bitchx - [email protected]
ircii - [email protected]
scrollz - [email protected]
20210314 ircii released a fixed version
BitchX has not
No recent updates? :(
Compiling on Debian with latest libssl-dev package fails. Configure reports that SSL is not found on the system.
checking for SSLeay in -lcrypto... no
configure: WARNING: OpenSSL not found, will not have SSL support.
and:
configure: error: --with-ssl given, but could not find OpenSSL.
This looks to be due to the SSL check:
case "$with_ssl" in
yes|check)
AC_CHECK_LIB([crypto], [SSLeay], [], [], [])
if test x"$ac_cv_lib_crypto_SSLeay" = x"yes"; then
AC_CHECK_LIB([ssl], [SSL_accept], [], [], [])
fi
if test x"$ac_cv_lib_ssl_SSL_accept" = x"yes"; then
dnl This would be unnecessary if we used HAVE_LIBSSL in the code
AC_DEFINE(HAVE_SSL, 1, Define this if the system has SSL support.)
else
if test x"$with_ssl" = x"yes"; then
AC_MSG_FAILURE([--with-ssl given, but could not find OpenSSL.])
else
AC_MSG_WARN([OpenSSL not found, will not have SSL support.])
fi
fi
;;
esac
Using the original test case for SSL in configure.in from BitchX 1.2 sf git succeeds:
case "$with_ssl" in
yes|check)
AC_CHECK_LIB([crypto], [ERR_get_error], [], [], [])
AS_IF([test x"$ac_cv_lib_crypto_ERR_get_error" = x"yes"], [AC_CHECK_LIB([ssl], [SSL_accept], [], [], [])], [])
AS_IF([test x"$ac_cv_lib_ssl_SSL_accept" != x"yes"],
[AS_IF([test x"$with_ssl" = x"yes"],
[AC_MSG_FAILURE([--with-ssl given, but could not find OpenSSL.])],
[AC_MSG_WARN([OpenSSL not found, will not have SSL support.])])
], [])
;;
esac
This has been tested and confirmed successfully on Debian 11, FreeBSD 13 and Mac OS Catalina 10.15.7 .
When will you enable UTF8 support?
Autoconf does not properly detect GLIB2 and GTK2.
Was it removed?
https://www.ilmarilauhakangas.fi/irc_technology_news_from_the_first_half_of_2023/ doesn't list BitchX. Please add IRC v3 to BitchX if it doesn't have it yet.
http://www.bitchx.org is currently showing:
"Oops!
Something went wrong
Looks like this domain's DNS hosting service has expired. If you are the administrator for this domain, please log into your DNS Made Easy account and renew your services. If you do not have a DNS Made Easy account, please contact your hosting provider."
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.