Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: ircd exploit in ircu based code (fwd)
From: poptix () INGS COM (Matt Hallacy)
Date: Thu, 15 Jul 1999 20:42:49 -0500


Nemesi, this is present in 2.10.06, lulea-r, ann-arbor, plano, Gothenburq,
and toronto are for sure suseptible (they crashed, heh) and thus the
reason for the latest patch to the repository, nullchan.patch.

It was fixed and patches were submitted to undernet-admins () undernet org 3
or 4 days ago, and since the public posting of it the nullchan.patch was
sent to coder-com () undernet org and the patch was added to the CVS.

Other networks suseptible:

BeyondIRC (fixed already)
Oz.Org (Ex section of Undernet in Austraila)
AfterNET
AsianNET

and any other irc network based on 2.9.30 or so (including 2.10.x)

On Thu, 15 Jul 1999, Andrea Cocito wrote:

As of now I can't even find this bug in the oldest versions of our code,
for sure isn't there in u2.10.06, I still have to check on the previous
2.10.05 that is still packaged in some Linux/BSD distributions.

Would you please let me know in what version of the Undernet's code you
found it and, in case there is still a way to core the current servers
report the way to exploit it on bugs () undernet org ?

We would appreciate a lot if any bug that can cause a server coredump
is reported on bugs () undernet org with a few days of advantage respect
to the other public lists... so we can fix it on te fly (we happen to
have a living network with 38k users on it...).

Thanks a lot,

Andrea aka Nemesi,

Undernet's coder committee.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault