Immediately upon being started, BitchX causes a stack smash and is killed. This is on a hardened system, but a stack smash is a pretty bad thing for non-hardened sytems as well. Output: BitchX - Based on EPIC Software Labs epic ircII (1998). Version (BitchX-1.1-final) -- Date (20040326). Process [3328] Using terminal type [xterm] [0] *** stack smashing detected ***: BitchX - terminated BitchX: stack smashing attack in function convert_output_format_raw - terminated Report to http://bugs.gentoo.org/ Killed Reproducible: Always Steps to Reproduce: 1. Run BitchX 2. Observe BitchX's public execution for its stack-smashing crime Actual Results: BitchX causes a stack smash in function convert_output_format_raw and is terminated Expected Results: BitchX should not be stack-smashing, and should run normally Relevent hardware: AMD64 3500+ 2GB DDR2 PC5300 ECC (condition good, no errors) 1TB Raid-5 array (condition good, no errors) OS: Gentoo Hardened, x86_64 multilib emerge --info: Portage 2.1.3.19 (hardened/amd64/multilib, gcc-3.4.6, glibc-2.6.1-r0, 2.6.22-hardened-r8 x86_64) ================================================================= System uname: 2.6.22-hardened-r8 x86_64 AMD Athlon(tm) 64 Processor 3500+ Timestamp of tree: Mon, 17 Dec 2007 12:16:01 +0000 ccache version 2.4 [enabled] app-shells/bash: 3.2_p17 dev-lang/python: 2.4.4-r6 dev-python/pycrypto: 2.0.1-r6 dev-util/ccache: 2.4-r7 sys-apps/baselayout: 1.12.9-r2 sys-apps/sandbox: 1.2.18.1-r2 sys-devel/autoconf: 2.13, 2.61-r1 sys-devel/automake: 1.5, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.18-r1 sys-devel/gcc-config: 1.3.16 sys-devel/libtool: 1.5.24 virtual/os-headers: 2.6.22-r2 ACCEPT_KEYWORDS="amd64" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=athlon64 -O2 -funroll-loops -fomit-frame-pointer -ftracer -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/X11/xkb" CONFIG_PROTECT_MASK="/etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/udev/rules.d" CXXFLAGS="-march=athlon64 -O2 -funroll-loops -fomit-frame-pointer -ftracer -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig ccache distlocks metadata-transfer parallel-fetch sandbox sfperms strict unmerge-orphans userfetch userpriv usersandbox" GENTOO_MIRRORS="http://adelie.polymtl.ca/ http://gentoo.arcticnetwork.ca/ http://gentoo.mirrors.tera-byte.com/ http://gentoo.osuosl.org/ http://distro.ibiblio.org/pub/linux/distributions/gentoo/ http://www.gtlib.gatech.edu/pub/gentoo http://ftp.ucsb.edu/pub/mirrors/linux/gentoo/ http://mirror.usu.edu/mirrors/gentoo/ " MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.namerica.gentoo.org/gentoo-portage" USE="X acpi alsa amd64 apache2 berkdb bzip2 cairo cdr clearpasswd cracklib crypt dvd dvdr ffmpeg firefox flac gif gnome gnutls gpm gtk hardened imap justify lm_sensors maildir midi milter mp3 multilib mysql ncurses nls nptl nptlonly ogg openal pam pdf perl php pic posix python readline samba sasl sse sse2 ssl svg symlink syslog tcpd threads truetype unicode urandom vhosts xinetd xorg xpm xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="mouse keyboard" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="mach64 vesa" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
Created attachment 138735 [details] stack trace of bitchx smashing stack and being terminated
Adding myself to the CC list. I'm seeing this as well, and I'd like to use BitchX again, when this issue is resolved.
ditto on comment 2, I'm seeing the same behavior
# Markus Ullmann <jokey@gentoo.org> (07 Jul 2008) # mask for security bug #190667 (CVE-2007-{4584,5839}) # and for various other build problems (bug #425634) # # both CVEs are fixed in upstream version control as per: # http://bitchx.svn.sourceforge.net/svnroot/bitchx/trunk/Changelog net-irc/bitchx Maybe time to treeclean
(In reply to Pacho Ramos from comment #4) > # Markus Ullmann <jokey@gentoo.org> (07 Jul 2008) > # mask for security bug #190667 (CVE-2007-{4584,5839}) > # and for various other build problems (bug #425634) > # > # both CVEs are fixed in upstream version control as per: > # http://bitchx.svn.sourceforge.net/svnroot/bitchx/trunk/Changelog > net-irc/bitchx > > Maybe time to treeclean No, bitchx-1.2 has been released and is in Portage and far as I know, it resolves all known security issues.
removed
