Cypress for BitchX Information Disclosure Backdoor Vulnerability
BID:26372
Info
Cypress for BitchX Information Disclosure Backdoor Vulnerability
| Bugtraq ID: | 26372 |
| Class: | Design Error |
| CVE: |
CVE-2007-5922 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 07 2007 12:00AM |
| Updated: | Nov 20 2007 07:04PM |
| Credit: | This issue was discovered by Chris <[email protected]>. |
| Vulnerable: |
Cypress Cypress for BitchX 1.0k |
| Not Vulnerable: | |
Discussion
Cypress for BitchX Information Disclosure Backdoor Vulnerability
An attacker compromised the source code for Cypress for BitchX and altered it to include a malicious backdoor. This backdoor introduces an information-disclosure vulnerability that will let remote users gain access to potentially sensitive information.
Cypress 1.0k is affected by this issue. It is not currently known when this malicious code was inserted into the archive.
An attacker compromised the source code for Cypress for BitchX and altered it to include a malicious backdoor. This backdoor introduces an information-disclosure vulnerability that will let remote users gain access to potentially sensitive information.
Cypress 1.0k is affected by this issue. It is not currently known when this malicious code was inserted into the archive.
Exploit / POC
Cypress for BitchX Information Disclosure Backdoor Vulnerability
This issue is exploited automatically when the vulnerable script is run with BitchX.
This issue is exploited automatically when the vulnerable script is run with BitchX.
Solution / Fix
Cypress for BitchX Information Disclosure Backdoor Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
Cypress for BitchX Information Disclosure Backdoor Vulnerability
References:
References:
- Cypress for BitchX Home Page (Cypress)
- Cypress BX script backdoored? (Chris
)