Bugtraq mailing list archives
Re: Killing ircds via DNS
From: Darren Reed <avalon () COOMBS ANU EDU AU>
Date: Tue, 12 Dec 2000 12:55:48 +1100
In some mail from David Luyer, sie said:
On Wed, Dec 06, 2000 at 08:02:59PM +1100, David Luyer wrote:It appears some people have discovered a bug in various IRCd's res.c.IRCnet ircd had this bug fixed on 19 Jun 1997, release 2.9.3 was clean. As far as we can see, other irc daemons like hybrid, ircu, bahamut are not affected. The only one we could trace to have it was old dalnet dreamforge, so it could be all based on it are vulnerable.Well, it was also in austhex, which was where I saw it. There are many irc daemons out there, and I wouldn't be surprised if a number were based on old dalnet code.
It's the code which dalnet is based on that's at fault (I wrote it some oh... many many years ago now :) ... austhex/bitchx/bahamut are all GPL'd too ? Anyway, I'm sure it seemed like a good idea at the time to do it that way :) Thinking back, I think the idea was to not bail if a short answer was given. More than likely I was trying to be too nice. Looks like that "it's open source, everyone reads the code and audits it" theory is really holding place there. Only took around 5 years for that bug to be fixed in the IRCnet ircd. Wonder what other subtle bugs are in other software packages, waiting to be niggled, causing the system to die ... Darren
Current thread:
- Killing ircds via DNS David Luyer (Dec 07)
- Re: Killing ircds via DNS van der Kooij, Hugo (Dec 08)
- Re: Killing ircds via DNS David Luyer (Dec 11)
- Re: Killing ircds via DNS Adam J Herscher (Dec 11)
- Re: Killing ircds via DNS Robert Feldbauer (Dec 11)
- Re: Killing ircds via DNS Piotr Kucharski (Dec 11)
- Re: Killing ircds via DNS David Luyer (Dec 12)
- Re: Killing ircds via DNS Darren Reed (Dec 13)
- Re: Killing ircds via DNS Chris Mason (Dec 12)
- Security Advisory: Subscribe Me Lite 1.0 - 2.0 Unix or 1.0 - 2.0 NT and below. Tom Pickles (Dec 13)
- Re: Killing ircds via DNS Sean Kelly (Dec 13)
- Re: Killing ircds via DNS David Luyer (Dec 12)
- Re: Killing ircds via DNS van der Kooij, Hugo (Dec 08)