|[Home] [Credit Search] [Category Browser] [Staff Roll Call]||The LINUX.COM Article Archive|
|Originally Published: Monday, 16 August 1999||Author: Quentin Cregan|
|Published to: news_enhance_security/Security News||Page: 1/1 - [Printable]|
efnet ircd-hybrid-6 w00w00 bug patched
efnet ircd hybrid-6 (up to beta 58) has a vulnerability that can allow remote access to the irc server. In most cases, you'll gain privileges of the 'irc' user. This has been patched.
|Page 1 of 1|
(from BugTraq) To: BugTraq Subject: Re: w00w00's efnet ircd advisory (exploit included) Date: Sat Aug 14 1999 12:09:21 Author: Jonathan R. Lusky Message-ID: <199908150409.AAA31795@blown-rat.blown.net>
Shok writes: > [http://www.w00w00.org, comments to firstname.lastname@example.org] > > SUMMARY > efnet ircd hybrid-6 (up to beta 58) have a vulnerability that can allow > remote access to the irc server. In most cases, you'll gain privileges of > the 'irc' user.
The buffer mentioned in the advisory was introduced in ircd-hybrid-6b17 and fixed in ircd-hybrid-6b75. All EFnet servers have upgraded or patched. Hybrid-6 is still in semi-private beta and has not been released publicly. The current release version of Hybrid is ircd-hybrid-5.3p7, which is not vulnerable.
The bug report address for Hybrid is email@example.com. [ insert notifying-the-author speech--first we heard about someone finding a way to exploit this overflow was your bugtraq posting. ]
There is also a mailing list for general discussion of Hybrid. To subscribe to the Hybrid List, send email to firstname.lastname@example.org with the subject "subscribe".
> COMMENTS > This vulnerability was discovered by jduck and stranjer of w00w00 at > least 2 months ago. After discussing the vulnerability, it was reported > to Dianora by jduck and fixed. Hopefully the vulnerable irc servers have > been fixed. If not, it's unfortunate Dianora didn't notify the vulnerable > irc servers or they didn't take these 2 months to fix themselves (note: > we didn't wait that long on purpose.. we were just sidetracked with a > million other things). > > DESCRIPTION > The vulnerability is in the invite handling code (m_invite). In a > channels with operators (ops) and modes +pi (paranoid + invite-only), a > channel invitation is reported to all other operators. The buffer used to > store the invitation notice can overflow its boundaries by up to 15 > bytes.
|Page 1 of 1|