Bugtraq mailing list archives
Re: More wIRCSrv stupidity
From: alex () WNM NET (Alex Charalabidis)
Date: Thu, 13 Jul 2000 18:41:30 -0500
On Thu, 13 Jul 2000, Drew wrote:
Yo, I saw USSRLab's post about wIRCSrv. I was considering posting about this daemon a while ago, but decided against it because I didn't know if it was still being maintained. So I went and downloaded the latest version to find that it had the same bug... err.. feature. The feature/bug is the importmotd command, which allows any IRCOp to set the motd to any file on the servers hard-drive(s). Obviously enough, you trust the IRCOps on your server, but does that mean you automatically trust them enough to view any file on your system? I'm not too sure about that. :-)
Indeed, you're beating a dead and decomposed horse. Wircsrv, to the best of my knowledge, is unmaintained and possibly entered the realm of abandonware at least two years ago, due to "lack of interest" (I haven't seen its author for even longer). Given that bugs are unlikely to be corrected, I recommend that existing installations of it be replaced with some other irc daemon. -ac -- ============================================================== Alex Charalabidis (AC8139) 5050 Poplar Ave, Ste 170 Systems Administrator Memphis, TN 38157 WebNet Memphis (901) 432 6000 Author, The Book of IRC http://www.bookofirc.com/ ==============================================================
Current thread:
- Netscape SmartDownload reports file information to AOL, (continued)
- Netscape SmartDownload reports file information to AOL John L. Morello (Jul 12)
- RSA Aceserver UDP Flood Vulnerability Gwendolynn ferch Elydyr (Jul 12)
- ftp.pl vulnerability zillion @ safemode (Jul 12)
- ISC DHCP client v2 hole fixed...or not? Pavel Kankovsky (Jul 12)
- cvsweb: remote shell for cvs committers Joey Hess (Jul 12)
- FreeBSD Security Advisory: FreeBSD-SA-00:33.kerberosIV FreeBSD Security Advisories (Jul 12)
- eEye Digital Security ports nmap to Windows NT Marc (Jul 13)
- Lame DoS in WEBactive win65/NT server Prizm (Jul 13)
- Security Bulletins Digest patrick () PINE NL (Jul 13)
- More wIRCSrv stupidity Drew (Jul 13)
- Re: More wIRCSrv stupidity Alex Charalabidis (Jul 13)
- MDKSA-2000:019 cvsweb update Linux Mandrake Security Team (Jul 14)
- BIG BROTHER EXPLOIT Eric Hines (Jul 11)
- Re: Pollit CGI-script opens doors! Max Vision (Jul 11)
- Re: Pollit CGI-script opens doors! Simple Nomad (Jul 11)
- FreeBSD Ports Security Advisory: FreeBSD-SA-00:31.canna [REVISED] FreeBSD Security Advisories (Jul 11)