Bugtraq mailing list archives
Re: w00w00's efnet ircd advisory (exploit included)
From: lusky () BLOWN NET (Jonathan R. Lusky)
Date: Sun, 15 Aug 1999 00:09:21 -0400
Shok writes:
[http://www.w00w00.org, comments to shok () dataforce net] SUMMARY efnet ircd hybrid-6 (up to beta 58) have a vulnerability that can allow remote access to the irc server. In most cases, you'll gain privileges of the 'irc' user.
The buffer mentioned in the advisory was introduced in ircd-hybrid-6b17 and fixed in ircd-hybrid-6b75. All EFnet servers have upgraded or patched. Hybrid-6 is still in semi-private beta and has not been released publicly. The current release version of Hybrid is ircd-hybrid-5.3p7, which is not vulnerable. The bug report address for Hybrid is The bug report address for Hybrid is ircd-hybrid () the-project org. [ insert notifying-the-author speech--first we heard about someone finding a way to exploit this overflow was your bugtraq posting. ] There is also a mailing list for general discussion of Hybrid. To subscribe to the Hybrid List, send email to hybrid-request () the-project org with the subject "subscribe".
COMMENTS This vulnerability was discovered by jduck and stranjer of w00w00 at least 2 months ago. After discussing the vulnerability, it was reported to Dianora by jduck and fixed. Hopefully the vulnerable irc servers have been fixed. If not, it's unfortunate Dianora didn't notify the vulnerable irc servers or they didn't take these 2 months to fix themselves (note: we didn't wait that long on purpose.. we were just sidetracked with a million other things). DESCRIPTION The vulnerability is in the invite handling code (m_invite). In a channels with operators (ops) and modes +pi (paranoid + invite-only), a channel invitation is reported to all other operators. The buffer used to store the invitation notice can overflow its boundaries by up to 15 bytes.
Current thread:
- w00w00's efnet ircd advisory (exploit included) Shok (Aug 13)
- Re: w00w00's efnet ircd advisory (exploit included) Adam Herscher (Aug 13)
- Re: w00w00's efnet ircd advisory (exploit included) Jonathan R. Lusky (Aug 14)