Re: ircd exploit in ircu based code (fwd)

[poptix () INGS COM (Matt Hallacy)]

Nemesi, this is present in 2.10.06, lulea-r, ann-arbor, plano, Gothenburq,
and toronto are for sure suseptible (they crashed, heh) and thus the
reason for the latest patch to the repository, nullchan.patch.

It was fixed and patches were submitted to undernet-admins () undernet org 3
or 4 days ago, and since the public posting of it the nullchan.patch was
sent to coder-com () undernet org and the patch was added to the CVS.

Other networks suseptible:

BeyondIRC (fixed already)
Oz.Org (Ex section of Undernet in Austraila)
AfterNET
AsianNET

and any other irc network based on 2.9.30 or so (including 2.10.x)

On Thu, 15 Jul 1999, Andrea Cocito wrote:

> As of now I can't even find this bug in the oldest versions of our code,
> for sure isn't there in u2.10.06, I still have to check on the previous
> 2.10.05 that is still packaged in some Linux/BSD distributions.
>
> Would you please let me know in what version of the Undernet's code you
> found it and, in case there is still a way to core the current servers
> report the way to exploit it on bugs () undernet org ?
>
> We would appreciate a lot if any bug that can cause a server coredump
> is reported on bugs () undernet org with a few days of advantage respect
> to the other public lists... so we can fix it on te fly (we happen to
> have a living network with 38k users on it...).
>
> Thanks a lot,
>
> Andrea aka Nemesi,
>
> Undernet's coder committee.