Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Long-standing bug in AustNet IRC network Virtual World

From: rogery () WANTREE COM AU (Roger Yerramsetti)
Date: Tue, 6 Apr 1999 09:04:22 +0800

On Mon, 5 Apr 1999, Grant Bayley wrote:

| I've documented (with examples) a long standing bug in the AustNet IRC
| network "Virtual World" service which masks user IP address/hostnames for
| the purpose of preventing nukes and other fun things.

This /WHO problem has been known, and was fixed in servd7.5 with the
following lines of code.

          (!IsAnOper(sptr) || match(mymask, acptr->user->host)) &&
          (!IsVirtual(acptr) || match(mymask, acptr->user->virthost)) &&
          (IsVirtual(acptr) || match(mymask, acptr->user->host)) &&

servd7.5 has been pending for a while now, and its release has been mainly
held up whilst writing some code and systems to combat the open proxy
riding issue (not using a plain port 23/1080 test). That code I believe is
very close to release, only testing remains now.

Contrary to the webpage mentioned, austhex is not closed source. Our
source code is and has been freely downloadable, through
http://www.download.net.au which is affiliated with one of our irc servers
(we do not have an ftp.austnet.org site). Simply search for austhex at
www.download.net.au.

Our services are closed source software however and copyright to myself,
but that has nothing to do with VirtualWorld.


I've put a patch on

http://www.austnet.org/ircd/austhex.servd7.4.vwfix.PATCH.gz

for those using servd7.4 to fix the problem until servd7.5 is released
(which will be announced to our mailing list austnet () austnet org).


If ircd availability is important on the webpage then:

servd7.4 source:
                  http://www.austnet.org/ircd/austhex.servd7.4.tgz
servd7.4 with above patch:
                  http://www.austnet.org/ircd/austhex.servd7.4.whofix.tgz

I shall get our austnet.org webmaster to create some appropiate pages when
he returns from university for http://www.austnet.org/ircd (which will
also have links to austhex.servd7.5 when released).

-----
Roger Yerramsetti      [   rogery () wantree com au   ]  if (sleep) {
Snr Sys Administrator  [ http://www.wantree.com.au ]   /* as if :) */
Wantree Internet       [     Ph: (08) 9221 8899    ]  }
Previous By Date Next
Previous By Thread Next

Current thread: