Bugtraq mailing list archives

Re: Old IRC Client bug Re-Applied

From: studno1 () INTELLEX COM (IRCop)
Date: Fri, 20 Nov 1998 18:12:56 -0600


I need to point out the facts about Pirch. With the release of Pirch 1.0
that problem is fixed on New installs. Pirch creates the subdirectory for
the downloads and set it to that in the prefs now.  This only applies to new
installs not upgrades. For people upgrading they will have to create a
download directory and set it in there prefs.  I would hope that none of the
pirch users would be downloading there stuff to the system dir of pirch
anyway...  Hope that helps clairfy this string.


StudNo1
Dalnet IRCop
-----Original Message-----
From: Security Admin <admin () ATECH ORG>
To: BUGTRAQ () netspace org <BUGTRAQ () netspace org>
Date: Friday, November 20, 1998 1:42 PM
Subject: Re: Old IRC Client bug Re-Applied

As far as I knew, Pirch development was discontinued quite sometime ago
(although going to the official home page now reveals they've got a new
domain), so if thats the case, fixing this bug will be up to the
individual user.. although the VAST majority of windows IRC users use mIRC
anyway...

-pat

On Thu, 12 Nov 1998, rewt () midsouth rr com wrote:

If this has already been announced, well, screw me.

Problem:
The IRC (Internet Relay Chat) Client, pIRCh automatically assigns
your main pirch directory to where DCC downloads are sent.

Exploit:
You can replace someone's script file with a malicious one,
therefore recieving control over an ignorant irc tenant. This can be
done by sending a replacement file via DCC to the user. Most
people could tell the user that it was something cool, and they
would accept it.

Fix:
Simply goto Tools.. then Preferences. Flip to the DCC tab and
change your default DCC recieve directory to something that is not
the main pIRCh directory.

Tested On:
pIRCh32 0.92
If there's a new version out that fixes it, well crap, I'm sorry for
taking up your time.

Cheers,
REwT <rewt () midsouth rr com>
PaKT-TeCH Sekurity | REwT Technologies

Current thread:

Re: Old IRC Client bug Re-Applied knarph () LINUX SAVANT-CORP COM (Nov 13)
- <Possible follow-ups>
- Re: Old IRC Client bug Re-Applied System Administrator (Nov 13)
  - Re: your mail Cacaio Torquato (Nov 14)
  - Re: your mail Casper Dik (Nov 14)
- Re: Old IRC Client bug Re-Applied Security Admin (Nov 18)
- Re: Old IRC Client bug Re-Applied IRCop (Nov 20)