Bugtraq mailing list archives
Re: IRC problems & other fun?
From: panzer () dhp com (Panzer Boy)
Date: 12 Oct 1994 11:16:44 -0400
matthew green (mrg () mame mu OZ AU) wrote:
: % strings /usr/local/bin/irc | egrep 'JUPE|GROK'
: and see if the client has those strings. if so, i'd suggest
: getting and installing a new client. (email me if you want to
: be sure the client is `clean').
Or in the source, take a look at ".../ircII2.2.9/source/ctcp.c"
The version I ftped from ftp.funet.fi within the past month had the JUPE
ctcp command. I'm not sure if this is valid testing code or a backdoor,
but probably something you should remove and recompile.
To remove it, just take out the JUPE command from the data structure that
has all the CTCP commands, and/or remove the command call entirely, or
have it do nothing. ctcp_jupe(){return()}.
For people who don't know. The JUPE command is basically a CTCP command
that allows any client to control the "JUPEable" client. Sending a
"CTCP LUSER JUPE :exec echo "+ +" >~/.rhosts" or something very similar
will work. If you scan the code, all 3-4 lines of it, you'll fully
understand.
--
-Matt
(panzer () dhp com)
"That which can never be enforced should not be prohibited."
Current thread:
- IRC problems & other fun? That Whispering Wolf... (Oct 11)
- Re: IRC problems & other fun? Lawrence C Mc Abee (Oct 11)
- Re: IRC problems & other fun? Alexander L. Haiut (Oct 12)
- Should any user be allowed to create group? Joseph Yip (Oct 12)
- Re: IRC problems & other fun? matthew green (Oct 11)
- recieving adivsories Richard Ortal (Oct 12)
- <Possible follow-ups>
- Re: IRC problems & other fun? Panzer Boy (Oct 12)
- Re: IRC problems & other fun? Lawrence C Mc Abee (Oct 11)