PT-2007-6802 · Bitchx · Bitchx
Nico Golde
·
Published
2007-11-06
·
Updated
2017-07-29
·
CVE-2007-5839
CVSS v2.0
4.6
Medium
| Vector | AV:L/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
BitchX version 1.1a
Description
The issue allows local users to overwrite arbitrary files via a symlink attack on temporary files when using the HOSTNAME or IRCHOST command. This is due to a problem in the e hostname function in commands.c.
Recommendations
For BitchX version 1.1a, consider restricting access to the e hostname function in commands.c to minimize the risk of exploitation until a patch is available. Avoid using the HOSTNAME or IRCHOST command with untrusted input to prevent arbitrary file overwrites.
Fix
Link Following
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bitchx