Slashdot Mirror

← Back to Stories (view on slashdot.org)

EFnet Paralyzed By Vulnerability

Posted by Unknown on Monday December 31, 2012 @11:15AM from the blame-c dept.

An anonymous reader writes "EFnet member Fionn 'Fudge' Kelleher reported several vulnerabilities in the IRC daemons charybdis, ircd-ratbox, and other derivative IRCds. The vulnerability was subsequently used to bring down large portions of the EFnet IRC network." By crafting a particular message, you can cause the IRC daemon to call strlen(NULL) and game over, core dumped.

2 of 156 comments (clear)

Min score:

Reason:

Sort:

C strings strike again! by cheesybagel · 2012-12-31 11:21 · Score: 3, Insightful

This is the problem you get when your strings don't know their allocated size like in that ghastly language Pascal.
1. Re:C strings strike again! by cheesybagel · 2012-12-31 11:22 · Score: 2, Insightful
  
  Not to mention the whole C issue where pointers to something and arrays of something are sort of the same but not really.