Home page logo
/

bugtraq logo Bugtraq mailing list archives

Bugs in Debian Linux's ircd package
From: ainvar () ENTERACT COM (Matt)
Date: Fri, 1 Aug 1997 23:10:57 -0500


There are a couple of bugs in the Undernet IRC Server package (ircd 2.9.32-3)
which is included in Debian Linux 1.3.1 (and probably earlier versions as
well)...

First, /etc/ircd/ is set world readable...  This directory contains the server
configuration files and irc operator passwords.  By default, the passwords are
encrypted, but anyone with crack can easily bypass this protection in a few
hours and /oper themselves!

The fix:
chmod 700 /etc/ircd/

Second, the package adds the following line to inetd.conf:
ircd            stream  tcp     wait    root    /usr/sbin/ircd ircd -i

ircd is supposed to be run as 'irc', not 'root'..!  I don't know if this is
exploitable in any way, but the irc server does -not- require root priviledges.

The fix:
chown irc.irc /etc/ircd/

and

change the line in inetd.conf to
ircd            stream  tcp     wait    irc     /usr/sbin/ircd ircd -i

or (if you are running xinetd)

service ircd
{
        socket_type     = stream
        user            = irc
        wait            = yes
        server          = /usr/sbin/ircd
        server_args     = -i
}


That's all for now..
-ir (ainvar () enteract com)
Greets to #hackhelp on the Undernet!



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]