|
Bugtraq
mailing list archives
Re: IRC Security Loophole
From: zitz () infinity ivdev com (Silicon Avatar)
Date: Fri, 3 Feb 1995 18:20:49 -0600 (CST)
On Fri, 3 Feb 1995, Lorna Leong wrote:
Hi,
I read somewhere that there is a security loophole in IRC. I don't know
anything else about it but I would like to find out more information
about this. I heard that information about this IRC loophole can be found
by FTP at ftp.cert.org, but I couldn't find anything relevant there.
If you are talking about the "jupe" or "grok" hole. It was temporary, and
merely hacked version of the client floating around at "trusted" sites.
To my knowledge, these "hacks" have been removed and are no longer a threat
(unless someone is propogating these older clients.)
Simply put, you could "CTCP grok [command]" (CTCP being a method of
communication over IRC) someone, and have that command executed,
unknowingly, off the account.
/----------------------------------------------------------------------\
<> Stephan K. Zitz <> My mind is my best friend... <>
<> zitz () infinity ivdev com <> And my worst enemy... GABBPUY! <>
<> Integrated Visions -- Watch out, is on its way.... <>
\======================================================================/
GCS/M d-- p c++++ l+++ u++ e+ m-(++) s !n h++ f(++)* !g w+++ t+++ r+ y+(*)
 By Date 
By Thread
Current thread:
|
Intro
