Bugtraq mailing list archives
More wIRCSrv stupidity
From: wizdumb () LEET ORG (Drew)
Date: Thu, 13 Jul 2000 15:17:22 +0200
Yo, I saw USSRLab's post about wIRCSrv. I was considering posting about this daemon a while ago, but decided against it because I didn't know if it was still being maintained. So I went and downloaded the latest version to find that it had the same bug... err.. feature. The feature/bug is the importmotd command, which allows any IRCOp to set the motd to any file on the servers hard-drive(s). Obviously enough, you trust the IRCOps on your server, but does that mean you automatically trust them enough to view any file on your system? I'm not too sure about that. :-) Shoutz to the folks over at USSRLabs :-) Cheers, Andrew Lewis aka. Wizdumb [MDMA] www.mdma.za.net <-- now up :-)
Current thread:
- Updated - Microsoft Security Bulletin (MS00-041), (continued)
- Updated - Microsoft Security Bulletin (MS00-041) Microsoft Product Security (Jul 12)
- Netscape SmartDownload reports file information to AOL John L. Morello (Jul 12)
- RSA Aceserver UDP Flood Vulnerability Gwendolynn ferch Elydyr (Jul 12)
- ftp.pl vulnerability zillion @ safemode (Jul 12)
- ISC DHCP client v2 hole fixed...or not? Pavel Kankovsky (Jul 12)
- cvsweb: remote shell for cvs committers Joey Hess (Jul 12)
- FreeBSD Security Advisory: FreeBSD-SA-00:33.kerberosIV FreeBSD Security Advisories (Jul 12)
- eEye Digital Security ports nmap to Windows NT Marc (Jul 13)
- Lame DoS in WEBactive win65/NT server Prizm (Jul 13)
- Security Bulletins Digest patrick () PINE NL (Jul 13)
- More wIRCSrv stupidity Drew (Jul 13)
- Re: More wIRCSrv stupidity Alex Charalabidis (Jul 13)
- MDKSA-2000:019 cvsweb update Linux Mandrake Security Team (Jul 14)
- BIG BROTHER EXPLOIT Eric Hines (Jul 11)
- Re: Pollit CGI-script opens doors! Max Vision (Jul 11)
- Re: Pollit CGI-script opens doors! Simple Nomad (Jul 11)
- FreeBSD Ports Security Advisory: FreeBSD-SA-00:31.canna [REVISED] FreeBSD Security Advisories (Jul 11)