Bugtraq mailing list archives
Bugs in Debian Linux's ircd package
From: ainvar () ENTERACT COM (Matt)
Date: Fri, 1 Aug 1997 23:10:57 -0500
There are a couple of bugs in the Undernet IRC Server package (ircd 2.9.32-3) which is included in Debian Linux 1.3.1 (and probably earlier versions as well)... First, /etc/ircd/ is set world readable... This directory contains the server configuration files and irc operator passwords. By default, the passwords are encrypted, but anyone with crack can easily bypass this protection in a few hours and /oper themselves! The fix: chmod 700 /etc/ircd/ Second, the package adds the following line to inetd.conf: ircd stream tcp wait root /usr/sbin/ircd ircd -i ircd is supposed to be run as 'irc', not 'root'..! I don't know if this is exploitable in any way, but the irc server does -not- require root priviledges. The fix: chown irc.irc /etc/ircd/ and change the line in inetd.conf to ircd stream tcp wait irc /usr/sbin/ircd ircd -i or (if you are running xinetd) service ircd { socket_type = stream user = irc wait = yes server = /usr/sbin/ircd server_args = -i } That's all for now.. -ir (ainvar () enteract com) Greets to #hackhelp on the Undernet!
Current thread:
- Re: Small problem in AIX write command: Executes shell David Hedley (Aug 01)
- <Possible follow-ups>
- Small problem in AIX write command: Executes shell DI. Dr. Klaus Kusche (Aug 01)
- Re: Small problem in AIX write command: Executes shell David Holland (Aug 01)
- comp.sys.sgi.bugs: YET another security alert (sigh) Arthur Hagen (Aug 04)
- comp.sys.sgi.bugs: Re: YET another security alert (sigh) Forwarded by Kari Hurtta (Aug 05)
- CPSR #8: identd Denial of Service Corinne Posse Releases (Aug 04)
- Re: CPSR #8: identd Denial of Service Curt Sampson (Aug 04)
- Re: Small problem in AIX write command: Executes shell David Holland (Aug 01)
- INND causes cancer in laboratory rats (fwd) Dan Fleisher (Aug 01)
- Re: INND causes cancer in laboratory rats (fwd) thoth () PURPLEFROG COM (Aug 01)
- Bugs in Debian Linux's ircd package Matt (Aug 01)
- SSH LocalForward Kristof Van Damme (Aug 02)
- Security hole in rusers client David Holland (Aug 02)
- SSH LocalForward Nicolas Dubee (Aug 02)
- Re: your mail Erik Troan (Aug 10)
- Sun Security Bulletin #00149 Aleph One (Aug 13)
- Sun Security Bulletin #00150 Aleph One (Aug 13)
- Possible fixed identd Phillip R. Jaenke (Aug 13)
- CERT Advisory CA-97.22 - BIND - the Berkeley Internet Name Daemon Aleph One (Aug 14)
- Vulnerability in 4.4BSD rfork() implementation Thomas H. Ptacek (Aug 02)
- Linux clone() looks safe (Re: Vulnerability in 4.4BSD rfork() Jeff Epler (Aug 02)