Bugtraq mailing list archives
Re: IRC problems & other fun?
From: lcm () intac com (Lawrence C Mc Abee)
Date: Tue, 11 Oct 1994 23:13:05 -0400
In message <199410120028.AA04930 () lupine org>, "That Whispering Wolf..." stated:
We've had a few account violations at a site I administer, and I believe that the problem has been pinpointed as being IRC. One user pointed this out as the access point into his own account, and this seems to be confirmed by a co-worker who also had his account broken, in apparently the same meathod. So, the question is -- Have there been any new holes in IRC (the newest non- beta version... IRCII 2.2.9, I think) discovered recently? I'm aware of the "ON EXEC" problems, and the like, but the co-worker who's account was broken ran no scripts, nor executed any command to disable EXEC_PROTECTION or anything simular (he's a very lightweight IRC user). I'd -really- like to find the specific meathod of entry here -- Disabling IRC is really not an option. Anyone have ideas?
A while back the IRC main US ftp site, cs-pub.bu.edu was broken into and the irc clients there were replaced with code that had a back door. If you got the code that you now run in say early summer, 1994, you may want to grab new source and recompile. Normal 2.2.9 code has no backdoors that I am aware of, of course as you stated , 'on exec' is a constant problem. You could hack exec out of the code you install as your system client. Mac. -- Lawrence C. Mc Abee <lcm () intac com>|The United States: Operations Staff. 1800-50INTAC| Not the world's policeman.. INTAC Access Corporation. | more like the world's big brother. PGP Key:http://www.intac.com/~lcm |
Current thread:
- IRC problems & other fun? That Whispering Wolf... (Oct 11)
- Re: IRC problems & other fun? Lawrence C Mc Abee (Oct 11)
- Re: IRC problems & other fun? Alexander L. Haiut (Oct 12)
- Should any user be allowed to create group? Joseph Yip (Oct 12)
- Re: IRC problems & other fun? matthew green (Oct 11)
- recieving adivsories Richard Ortal (Oct 12)
- <Possible follow-ups>
- Re: IRC problems & other fun? Panzer Boy (Oct 12)
- Re: IRC problems & other fun? Lawrence C Mc Abee (Oct 11)