Bugtraq mailing list archives
Re: The FPSC-IRCD.txt advisory
From: bre () NETVERJAR IS (Bjarni R. Einarsson)
Date: Tue, 9 Mar 1999 19:01:57 +0000
On 1999-03-07, 16:20:59 (-0800), syg FPSC wrote:
lines. If you notice, it takes the '{' char and defines its uppercase char as '[' as along with defining '|' to '\', '}' to ']', and '~' to '^'. What this means is thier the same characters in channel names and nicknames.
In RFC1459 chapter 2.2 says: Because of IRC's scandanavian origin, the characters {}| are considered to be the lower case equivalents of the characters []\, respectively. So, what we have here is 75% a mIRC bug, not an IRCD bug. I say 75% because the RFC doesn't mention '~' and '^', which probably shouldn't be considered equivalent by the server. Did you (the authors of this advisory) bother to notify the maintainers of these IRC servers and mIRC in particulaur? (if RFC1459 has been superceded, just ignore me - but it hasn't, has it?)
Final Notes: IRCD coders and staff members of all networks and all IRCD versions need to check your source for this bug and fix it before it gets abused... maybe it
IRC coders and staff members using mIRC deserve what they get. :-) Happily, the original advisory contained a work-around: use BitchX, ircII or some other properly implemented client. -- Bjarni R. Einarsson [ PGP: 02764305 / B7A3AB89 ] bre () netverjar is -=- http://www.mmedia.is/~bre/ -=- Juggler@IRCnet * http://www.europarl.eu.int/dg4/stoa/en/publi/166499/execsum.htm * Encrypt the covert narcotics, launder nuclear biotechno cash on the way to Swiss with your GSM phone - are you paranoid enough?
Current thread:
- Re: Digital Unix 4 protected password database., (continued)
- Re: Digital Unix 4 protected password database. Chris Johnson (Mar 09)
- Re: Digital Unix 4 protected password database. Jon Morgan (Mar 10)
- Re: Digital Unix 4 protected password database. Alec Muffett (Mar 10)
- Re: Digital Unix 4 protected password database. Keith Piepho (Mar 10)
- Re: Digital Unix 4 protected password database. Solar Designer (Mar 13)
- Default password in Bay Networks switches. Jan B. Koum (Mar 10)
- Re: Default password in Bay Networks switches. Dax Kelson (Mar 10)
- Re: Default password in Bay Networks switches. Dax Kelson (Mar 10)
- Re: Default password in Bay Networks switches. Igor Sviridov (Mar 11)
- Re: Default password in Bay Networks switches. Rolf Obrecht (Mar 12)
- Re: The FPSC-IRCD.txt advisory Bjarni R. Einarsson (Mar 09)
- Windows NT Screen Saver Vulnerability Aleph One (Mar 09)
- 64 bit Solaris 7 procfs bug Toomas Soome (Mar 09)
- Re: More Internet Explorer zone confusion Jim Frost (Mar 09)
- Re: More Internet Explorer zone confusion Christopher Masto (Mar 08)