From owner-doc-jp@jp.freebsd.org  Fri Jul 14 16:23:26 2000
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id QAA77114;
	Fri, 14 Jul 2000 16:23:26 +0900 (JST)
	(envelope-from owner-doc-jp@jp.FreeBSD.org)
Received: from tortoise.jp.freebsd.org (root@tortoise.jp.FreeBSD.ORG [210.157.158.41])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id QAA77108
	for <doc-jp@jp.freebsd.org>; Fri, 14 Jul 2000 16:23:25 +0900 (JST)
	(envelope-from kuriyama@FreeBSD.org)
Received: from waterblue.imgsrc.co.jp (waterblue.imgsrc.co.jp [2001:218:422:2:250:70ff:fe00:6c68])
	by tortoise.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP/IPv6 id QAA19282
	for <doc-jp@jp.freebsd.org>; Fri, 14 Jul 2000 16:23:24 +0900 (JST)
	(envelope-from kuriyama@FreeBSD.org)
Received: from waterblue.imgsrc.co.jp (localhost [127.0.0.1])
	by waterblue.imgsrc.co.jp (8.11.0.Beta3/8.11.0.Beta1) with ESMTP id e6E7NDG02332
	for <doc-jp@jp.freebsd.org>; Fri, 14 Jul 2000 16:23:14 +0900 (JST)
Date: Fri, 14 Jul 2000 16:23:13 +0900
Message-ID: <7mpuohi3a6.wl@waterblue.imgsrc.co.jp>
From: Jun Kuriyama <kuriyama@FreeBSD.org>
To: doc-jp@jp.freebsd.org
In-Reply-To: In your message of "13 Jul 2000 16:53:25 GMT"
	<20000713165310.12139.qmail@smtp.246.ne.jp>
References: <20000705231442.2469737BCB2@hub.freebsd.org>
	<20000713165310.12139.qmail@smtp.246.ne.jp>
User-Agent: Wanderlust/1.1.1 (Purple Rain) SEMI/1.13.7 (Awazu) FLIM/1.13.2 (Kasanui) MULE XEmacs/21.1 (patch 10) (Capitol Reef) (i386--freebsd)
MIME-Version: 1.0 (generated by SEMI 1.13.7 - "Awazu")
Content-Type: text/plain; charset=ISO-2022-JP
Reply-To: doc-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+000315
X-Sequence: doc-jp 7558
Subject: [doc-jp 7558] Re: ANNOUNCE: FreeBSD Ports Security Advisory: FreeBSD-SA-00:32.bitchx
Errors-To: owner-doc-jp@jp.freebsd.org
Sender: owner-doc-jp@jp.freebsd.org
X-Originator: kuriyama@FreeBSD.org

At 13 Jul 2000 16:53:25 GMT,
koga@jp wrote:
> The bitchx client incorrectly parses string-formatting operators
> included as part of channel invitation messages sent by remote IRC
> users. This can cause the local client to crash, and may possibly
> present the ability to execute arbitrary code as the local user.
> 
> bitchx $B%/%i%$%"%s%H$O(B, $B%j%b!<%H$N(B IRC $B%f!<%6$+$iAw$i$l$k%A%c%M%k>7BT%a(B
> $B%C%;!<%8$K4^$^$l$k(B string-formatting operators $B$N%Q!<%:$,E,@Z$K9T$J$o(B
> $B$l$^$;$s(B. $B$3$l$K$h$j(B, $B%m!<%+%k%/%i%$%"%s%H$r%/%i%C%7%e$5$;$?$j(B, $B$*$=$i(B
> $B$/%m!<%+%k%f!<%68"8B$GG$0U$N%3!<%I$r<B9T$5$;$k$3$H$,2DG=$G$9(B. 

$B!V%Q!<%:$rE,@Z$K9T$$$^$;$s(B.$B!W$/$i$$$+!#(B


-- 
Jun Kuriyama <kuriyama@FreeBSD.org> // FreeBSD Project
