[Nchat-security] NexusChat Advisory
Brought to you by:
haplo
From: Bryan B. <ha...@ww...> - 2000-09-15 20:51:05
|
Summary ------ There is at least one possibly exploitable format string attack in versions of NexusChat prior to 3.23. Description -------- In the /s (show users) command the user's away message (/msg) is sent directly to sock_printf() allowing a user to enter a 22 character format string that may be exploited when any user types /s Solution ------ Upgrade to 3.23 or grab the soon-to-be-available patch to fix the holes. -- Bryan Burns a.k.a "Haplo" <ha...@ww...> A copy of my PGP key is available at: http://www.wwa.com/~haplo/public_key |