Unchecked bounds in a hash table in hook.c, allowing remote code execution by a malicious server. Exploit code is readily available and it is believed to affect all versions of the software (current exploit code targets the current Linux version).

Description:

BitchX is one of the most popular IRC clients that is available for multiple platforms. Derived from the ircII IRC client, it remains a popular choice for connecting to IRC.

Exploit code has been released which allows an attacker to take control of a vulnerable system when a vulnerable version of the software tries to connect to a malicious server.

Mitigation:

Consider the use of alternate IRC clients, or only connect to trusted IRC servers while using vulnerable versions of BitchX

Updates:

Not Yet Available

Source:

http://www.securitylab.ru/poc/extra/298093.php

Exploits:

http://www.securitylab.ru/poc/extra/298093.php

Not Yet Identified