[11054] in bugtraq
Re: ircd exploit in ircu based code (fwd)
daemon@ATHENA.MIT.EDU (Matt Hallacy)
Sat Jul 17 02:40:29 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.05.9907152038030.24848-100000@cybernet.ings.com>
Date: Thu, 15 Jul 1999 20:42:49 -0500
Reply-To: Matt Hallacy <poptix@INGS.COM>
From: Matt Hallacy <poptix@INGS.COM>
X-To: Andrea Cocito <blackye@UNDERNET.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <l03130300b3b2cc48870f@[212.216.231.68]>
Nemesi, this is present in 2.10.06, lulea-r, ann-arbor, plano, Gothenburq,
and toronto are for sure suseptible (they crashed, heh) and thus the
reason for the latest patch to the repository, nullchan.patch.
It was fixed and patches were submitted to undernet-admins@undernet.org 3
or 4 days ago, and since the public posting of it the nullchan.patch was
sent to coder-com@undernet.org and the patch was added to the CVS.
Other networks suseptible:
BeyondIRC (fixed already)
Oz.Org (Ex section of Undernet in Austraila)
AfterNET
AsianNET
and any other irc network based on 2.9.30 or so (including 2.10.x)
On Thu, 15 Jul 1999, Andrea Cocito wrote:
> As of now I can't even find this bug in the oldest versions of our code,
> for sure isn't there in u2.10.06, I still have to check on the previous
> 2.10.05 that is still packaged in some Linux/BSD distributions.
>
> Would you please let me know in what version of the Undernet's code you
> found it and, in case there is still a way to core the current servers
> report the way to exploit it on bugs@undernet.org ?
>
> We would appreciate a lot if any bug that can cause a server coredump
> is reported on bugs@undernet.org with a few days of advantage respect
> to the other public lists... so we can fix it on te fly (we happen to
> have a living network with 38k users on it...).
>
> Thanks a lot,
>
> Andrea aka Nemesi,
>
> Undernet's coder committee.
>
