Re: ircd exploit in ircu based code (fwd)

[blackye () UNDERNET ORG (Andrea Cocito)]

At 3:42 +0200 16-07-1999, Matt Hallacy wrote:
> Nemesi, this is present in 2.10.06, lulea-r, ann-arbor, plano, Gothenburq,
> and toronto are for sure suseptible (they crashed, heh) and thus the
> reason for the latest patch to the repository, nullchan.patch.
>
> It was fixed and patches were submitted to undernet-admins () undernet org 3
> or 4 days ago, and since the public posting of it the nullchan.patch was
> sent to coder-com () undernet org and the patch was added to the CVS.

It just didn't seem the same bug for how it was reported, now I looked at
it better and understood that it is.

The bug is the same that appears in a piece of code looking
different on Undernet's current codebase, it has been patched
with nullchan.patch at patchlevel 24 of the current source tree
available via cvs on coder-com.undernet.org. Version u2.10.06.24
and following of our codebase are thus immune, anything derivated
from previous versions isn't.

Excuse me I had not the time to warn about it the otehr networks and
to reply correctly at the report here, it was because I was busy
having to patch on the fly our 45 servers while some kid was having
fun disrupting the service, like this one:

Core was generated by `ircd.9905101130.'.
Program terminated with signal 11, Segmentation fault.
Cannot access memory at address 0x20047080.
#0  m_join (cptr=0x206800, sptr=0x206800, parc=2, parv=0x47310)
    at channel.c:2454
(gdb) p sptr->name
$1 = "Pinetree", '\000' <repeats 55 times>
(gdb) p sptr->ip
$2 = {s_addr = 1025006872}
(gdb) p sptr->sockhost
$3 = "d185d183d.rochester.rr.com", '\000' <repeats 37 times>
(gdb) p sptr->username
$4 = "poptix\000\000\000\000"
(gdb)

Thanks Matt aka Pinetree!poptix () d185d183d rochester rr com

Andrea aka Nemesi