Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Chatzilla 0.9.35 Multiple buffer overflows

Nov 26, 2003 10:04AM PST

Security-Corporation ID : SC-0786
URL : http://www.security-corporation.com/articles-20031126-000.html
Author : dr_insane
Product : Chatzilla 0.9.35
Source Message Contents :

Security :: Advisory - Chatzilla 0.9.35 Multpiple buffer overflows

Vulnerable
----------
Chatzilla 0.9.35 and all tested prior versions. Last version doesn't seem vulnerable.

Affected systems:
-----------------
Windows(all versions)
Mac OS

Impact
------
High. These buffer overflows allow arbitary code to be executed on the victim's machine.

Details
--------
Chatzilla is an Irc client that comes by default with every version of Mozilla browser for Windows and
Mac OS. The problem is tha chatzilla doesn't not check the length of characters for a server to connect.Sending a server name fot chatzilla to connect over 40kb long allows overwriting of a key variable.
There is also another buffer overflow in the /Nick command. Sending again about 40kb will crash the system.

pr00f of concept exploit:
-------------------------
Get it on: http://members.lycos.co.uk/r34ct/

Solution:
---------
Upgrade to chatzilla 0.9.45

http://www.security-corporation.com/articles-20031126-000.html

Discussion is locked