Re: w00w00's efnet ircd advisory (exploit included)

[adam () AXISPRODUCTIONS COM (Adam Herscher)]

As "w00w00" so elequently put it, the affected versions of hybrid vulnerable
to this exploit were up to beta 58 only.  The hybrid 6 betas have not been
released to the public, and considering that beta 96 was posted to
developers yesterday, nobody should be affected by a beta 58 exploit.

ircd-hybrid is only one of the ircds used on the EFNet, and i believe the
only versions of hybrid6 that are currently approved for efnet use are
betas 73 - 83.

It's beta people - this doesn't affect anybody - don't get your compilers
roaring thinking you're gonna "Fine-tune until you have root" anytime soon
:-)

Adam Herscher (Xref)
Oper - EFNet - irc.inter.net.il

----- Original Message -----
From: Shok <shok () CANNABIS DATAFORCE NET>
To: <BUGTRAQ () SECURITYFOCUS COM>
Sent: Friday, August 13, 1999 12:01 AM
Subject: w00w00's efnet ircd advisory (exploit included)

> [http://www.w00w00.org, comments to shok () dataforce net]
>
> SUMMARY
> efnet ircd hybrid-6 (up to beta 58) have a vulnerability that can allow
> remote access to the irc server.  In most cases, you'll gain privileges of
> the 'irc' user.