Bugtraq mailing list archives
Re: ircd exploit in ircu based code (fwd)
From: blackye () UNDERNET ORG (Andrea Cocito)
Date: Thu, 15 Jul 1999 01:28:02 +0200
From: Kevin Day <toasty () DRAGONDATA COM> To: BUGTRAQ () SECURITYFOCUS COM Subject: ircd exploit in ircu based code Most irc networks using ircu based servers have a bug that can cause users to segfault the server. In m_join, the code doesn't check to see if get_channel returned failure (by returning NULL).
As of now I can't even find this bug in the oldest versions of our code, for sure isn't there in u2.10.06, I still have to check on the previous 2.10.05 that is still packaged in some Linux/BSD distributions. Would you please let me know in what version of the Undernet's code you found it and, in case there is still a way to core the current servers report the way to exploit it on bugs () undernet org ? We would appreciate a lot if any bug that can cause a server coredump is reported on bugs () undernet org with a few days of advantage respect to the other public lists... so we can fix it on te fly (we happen to have a living network with 38k users on it...). Thanks a lot, Andrea aka Nemesi, Undernet's coder committee.
Current thread:
- Re: ircd exploit in ircu based code (fwd) Andrea Cocito (Jul 14)
- linuxconf doesn't seem to deal correctly with /etc/pam.d/reboot Domingos Bruges (Jun 30)
- Re: linuxconf doesn't seem to deal correctly with /etc/pam.d/reboot Marcelo Roccasalva (Jul 21)
- Re: ircd exploit in ircu based code (fwd) Matt Hallacy (Jul 15)
- Re: ircd exploit in ircu based code (fwd) Andrea Cocito (Jul 16)
- Logic Error in Management Edition NetWare install script for Dr. Sololomon's Bayard G. Bell (Jul 16)
- AMaViS virus scanner for Linux - root exploit Chris McDonough (Jul 16)
- CERT Advisory CA-99.08 - cmsd Aleph One (Jul 16)
- Re: AMaViS virus scanner for Linux - root exploit Kurt Seifried (Jul 17)
- Re: AMaViS virus scanner for Linux - root exploit Ian Whalley (Jul 19)
- Swish-e Jean-Georges Estiot (Jul 17)
(Thread continues...)
- linuxconf doesn't seem to deal correctly with /etc/pam.d/reboot Domingos Bruges (Jun 30)