Re: irc over ssl

["Dave Howe" <DaveHowe () cmn sharp-uk co uk>]

Giannakis Eleftherios wrote:
> are there any known issues concerning rootkits, backdoors, cmd
> execution concerning an irc(with ssl) client ?
The answer to the question as posed is No
However, the *real* answer to the question is to componentize the four
items we are discussing, and query each individually.
1. The IRC Client
The client may well have overflow or other vulnerabilities, either
currently or in the version you are using.

2. the ssl client
The client (either module, standalone utility, or builtin for your IRC
client) may have vulnerabilties. It may also be vulnerable to bypassing
(for example; most IRC+SSL combos do not encrypt XDCC chat traffic, but
don't indicate this failure anywhere

3. The SSL server
as client

4. The IRC server
many IRCd have historically had vulnerabilities; some can be abused to
exploit what should be a trusted transaction (eg, XDCC send setup) and
substitute an unsafe or infected file for the file you and your
correspondent were expecting to exchange.

> I use the irssi client
There are currently no published 'sploits or theoretical vulnerabilities
for this client.

> to conect to a irc server with ssl.Is there a way for the admins of
> the irc server to open/intrude somehow to my pc(through the high port
> that the client opens to conect to the server)?
They could at best exploit a vulnerability in irssi (if there is one) that
requires an open connection (eg, a buffer overflow in a server-generated
message packet; this is slightly more likely than such in a
user-interchange packet, as much software "assumes" servers are
well-behaved). They can of course also monitor any non-XDCC traffic just
like they could if your connection was not SSLed, provided they patch the
ircd to that end.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html