IrcII DCC Chat Buffer Overflow Vulnerability

Solution:
bladi <bladi@euskalnet.net> suggested upgrading to IrcII version 4.4M in his post to BugTraq on March 10, 2000.

A fix was made available for the FreeBSD port of IrcII 4.4. From the advisory:
1) Upgrade your entire ports collection and rebuild the ircII port.

2) Reinstall a new package dated after the correction date, obtained from:

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/irc/ircII-4.4S.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/irc/ircII-4.4S.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-3-stable/irc/ircII-4.4S.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/irc/ircII-4.4S.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/irc/ircII-4.4S.tgz

3) download a new port skeleton for the ircII port from:

http://www.freebsd.org/ports/

and use it to rebuild the port.

4) Use the portcheckout utility to automate option (3) above. The
portcheckout port is available in /usr/ports/devel/portcheckout or the
package can be obtained from:

ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz


Michael Sandrof IrcII 4.4 -7


 

Privacy Statement
Copyright 2010, SecurityFocus