Bugtraq mailing list archives
Re: Bug in IRC services
From: pribeiro () ISEL PT (Pedro Ribeiro)
Date: Sun, 14 Mar 1999 00:47:12 +0000
The bug in our network wasn't in the services code, it was a ircd bug, that was fixed as soon as we have the report of the problem. The abuse done was small, some getpass commands and forbid's, all recovered by us after the incident from the data in the services command log. If anyone want the details to avoid the same problem, i'll gladly answer. Pedro Ribeiro / PTnet PAntMaR On Fri, 12 Mar 1999, Taral wrote:
On Fri, 12 Mar 1999, fractalg wrote:Hello, I've just found a big hole in services provided by IRC networks. The services in question are Chanserv, Nickserv, Memoserv. I've found them at Portuguese IRC Network aka PTNET but I think these can be applied to other IRC networks that are based around DALNET code since PTNET is a modified version of Dalnet code. If this doesn't work in other IRC networks at least can be a good example of very bad programming in areas related to security and networking.Not true. DALnet never released their services code. These are all CLONES.So it came the new version of the servers this time with a nice feature ! You didnt need to identify the nick when the servers rejoined from the split ! The first time I saw this I tought about how would the services recognize me as the true nick before the split... I never had the chance to test this theory until some days ago.Well, DALnet uses IDs and the like, and is most probably not susceptible to this. I really wish people would do more research before putting out junk like this. I doubt that this person even informed PTNET that their services had a bug. Taral
Current thread:
- Bug in IRC services fractalg (Mar 12)
- Re: Bug in IRC services Kevin Day (Mar 12)
- Re: Bug in IRC services David Schwartz (Mar 12)
- <Possible follow-ups>
- Re: Bug in IRC services Taral (Mar 12)
- Re: Bug in IRC services Pedro Ribeiro (Mar 13)
- Bug in IRC services Leal Duarte (Mar 13)
- erps kasper (Mar 13)
- GLPro.exe spam fix Kerb (Mar 14)
- Microsoft's SMTP service broken/stupid Chris Adams (Mar 14)
- Re: Microsoft's SMTP service broken/stupid Alan Brown (Mar 16)
- Re: Bug in IRC services Pedro Ribeiro (Mar 13)
- Re: Bug in IRC services Andy Church (Mar 12)