Home page logo

bugtraq logo Bugtraq mailing list archives

Re: ircd exploit in ircu based code (fwd)
From: poptix () INGS COM (Matt Hallacy)
Date: Thu, 15 Jul 1999 20:42:49 -0500

Nemesi, this is present in 2.10.06, lulea-r, ann-arbor, plano, Gothenburq,
and toronto are for sure suseptible (they crashed, heh) and thus the
reason for the latest patch to the repository, nullchan.patch.

It was fixed and patches were submitted to undernet-admins () undernet org 3
or 4 days ago, and since the public posting of it the nullchan.patch was
sent to coder-com () undernet org and the patch was added to the CVS.

Other networks suseptible:

BeyondIRC (fixed already)
Oz.Org (Ex section of Undernet in Austraila)

and any other irc network based on 2.9.30 or so (including 2.10.x)

On Thu, 15 Jul 1999, Andrea Cocito wrote:

As of now I can't even find this bug in the oldest versions of our code,
for sure isn't there in u2.10.06, I still have to check on the previous
2.10.05 that is still packaged in some Linux/BSD distributions.

Would you please let me know in what version of the Undernet's code you
found it and, in case there is still a way to core the current servers
report the way to exploit it on bugs () undernet org ?

We would appreciate a lot if any bug that can cause a server coredump
is reported on bugs () undernet org with a few days of advantage respect
to the other public lists... so we can fix it on te fly (we happen to
have a living network with 38k users on it...).

Thanks a lot,

Andrea aka Nemesi,

Undernet's coder committee.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]