CVE-2007-5839

Name of the Vulnerable Software and Affected Versions BitchX version 1.1a

Description The issue allows local users to overwrite arbitrary files via a symlink attack on temporary files when using the HOSTNAME or IRCHOST command. This is due to a problem in the e hostname function in commands.c.

Recommendations For BitchX version 1.1a, consider restricting access to the e hostname function in commands.c to minimize the risk of exploitation until a patch is available. Avoid using the HOSTNAME or IRCHOST command with untrusted input to prevent arbitrary file overwrites.