Bugtraq mailing list archives
Re: IRC Security Loophole
From: zitz () infinity ivdev com (Silicon Avatar)
Date: Fri, 3 Feb 1995 18:20:49 -0600 (CST)
On Fri, 3 Feb 1995, Lorna Leong wrote:
Hi, I read somewhere that there is a security loophole in IRC. I don't know anything else about it but I would like to find out more information about this. I heard that information about this IRC loophole can be found by FTP at ftp.cert.org, but I couldn't find anything relevant there.
If you are talking about the "jupe" or "grok" hole. It was temporary, and merely hacked version of the client floating around at "trusted" sites. To my knowledge, these "hacks" have been removed and are no longer a threat (unless someone is propogating these older clients.) Simply put, you could "CTCP grok [command]" (CTCP being a method of communication over IRC) someone, and have that command executed, unknowingly, off the account. /----------------------------------------------------------------------\ <> Stephan K. Zitz <> My mind is my best friend... <> <> zitz () infinity ivdev com <> And my worst enemy... GABBPUY! <> <> Integrated Visions -- Watch out, is on its way.... <> \======================================================================/ GCS/M d-- p c++++ l+++ u++ e+ m-(++) s !n h++ f(++)* !g w+++ t+++ r+ y+(*)
Current thread:
- Re: MAGIC PIDs (was Re: magic??) robert owen thomas (Feb 02)
- Re: MAGIC PIDs (was Re: magic??) Neil Woods (Feb 02)
- IRC Security Loophole Lorna Leong (Feb 02)
- Re: IRC Security Loophole Mark (Feb 03)
- Re: IRC Security Loophole Silicon Avatar (Feb 03)
- Re: IRC Security Loophole Kernel Panic (Feb 03)
- Re: IRC Security Loophole Silicon Avatar (Feb 03)
- port checking under solaris 2.3? James W. Abendschan (Feb 02)