|
DESCRIPTION A buffer overflow in the "ircii" package has been found. The "ircii" program is an internet relay chat (IRC) client. It has a feature known as DCC chat, which allows direct point-to-point communication between users, without passing through the IRC server. A buffer overflow exists in the DCC chat capability. An attacker could use this overflow to execute code as the user of ircii. Users who run "ircii" as root run the risk of a root compromise. Note: Several other popular irc clients, including "epic" and "BitchX", are also based on the same codebase as "ircii". They are susceptible to the same vulnerability. SOLUTION Download the following RPM packages to the NetWinder into a temporary
directory, then install them with the command "rpm -Uvh *.rpm". Be sure
there are no other files ending in ".rpm" in the temporary directory. See
http://www.netwinder.org/security/install.html for more help. Required packages http://www.netwinder.org/updates/3.1-15/armv4l/ircii-4.4M-1.armv4l.rpm Optional packages http://www.netwinder.org/updates/3.1-15/SRPMS/ircii-4.4M-1.src.rpm REFERENCES http://www.redhat.com/support/errata/RHSA-2000008-01.htmlhttp://www.securityfocus.com/vdb/bottom.html?vid=1046 |
