Bitchx : Security Vulnerabilities, CVEs, CVSS score >= 2
The modules/mdop.m in the Cypress 1.0k script for BitchX, as downloaded from a distribution site in November 2007, contains an externally introduced backdoor that e-mails sensitive information (hostnames, usernames, and shell history) to a fixed address.
Max CVSS
5.0
EPSS Score
0.36%
Published
2007-11-10
Updated
2018-10-15
The e_hostname function in commands.c in BitchX 1.1a allows local users to overwrite arbitrary files via a symlink attack on temporary files when using the (1) HOSTNAME or (2) IRCHOST command.
Max CVSS
4.6
EPSS Score
0.04%
Published
2007-11-06
Updated
2017-07-29
Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC servers to execute arbitrary code via a long string in a MODE command, related to the p_mode variable.
Max CVSS
10.0
EPSS Score
2.12%
Published
2007-08-29
Updated
2017-09-29
hook.c in BitchX 1.1-final allows remote IRC servers to execute arbitrary commands by sending a client certain data containing NICK and EXEC strings, which exceeds the bounds of a hash table, and injects an EXEC hook function that receives and executes shell commands.
Max CVSS
9.3
EPSS Score
1.91%
Published
2007-06-22
Updated
2017-10-11
BitchX 75p3 and 1.0c16 through 1.0c20cvs allows remote attackers to cause a denial of service (segmentation fault) via a malformed RPL_NAMREPLY numeric 353 message.
Max CVSS
5.0
EPSS Score
4.96%
Published
2003-12-31
Updated
2017-07-29
5 vulnerabilities found