Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IRC Security Loophole

From: zitz () infinity ivdev com (Silicon Avatar)
Date: Fri, 3 Feb 1995 18:20:49 -0600 (CST)

On Fri, 3 Feb 1995, Lorna Leong wrote:



Hi,

I read somewhere that there is a security loophole in IRC. I don't know 
anything else about it but I would like to find out more information 
about this. I heard that information about this IRC loophole can be found 
by FTP at ftp.cert.org, but I couldn't find anything relevant there.


If you are talking about the "jupe" or "grok" hole.  It was temporary, and
merely hacked version of the client floating around at "trusted" sites.

To my knowledge, these "hacks" have been removed and are no longer a threat
(unless someone is propogating these older clients.)

Simply put, you could "CTCP grok [command]" (CTCP being a method of
communication over IRC) someone, and have that command executed,
unknowingly, off the account.

 /----------------------------------------------------------------------\
<> Stephan K. Zitz                  <>  My mind is my best friend...    <>
<> zitz () infinity ivdev com          <>   And my worst enemy... GABBPUY! <>
<>        Integrated Visions -- Watch out, is on its way....            <>
 \======================================================================/
 GCS/M d-- p c++++ l+++ u++ e+ m-(++) s !n h++ f(++)* !g w+++ t+++ r+ y+(*)
Previous By Date Next
Previous By Thread Next

Current thread: