[11342] in bugtraq
Re: [Bugs] Fw: IRC: Exploit for a Bug in ircd2.10.x (qident)
daemon@ATHENA.MIT.EDU (Andrea Cocito)
Wed Aug 11 00:32:32 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Message-Id: <l03130300b3d5b7126a7b@[212.216.224.227]>
Date: Tue, 10 Aug 1999 13:07:26 +0200
Reply-To: Andrea Cocito <blackye@UNDERNET.ORG>
From: Andrea Cocito <blackye@UNDERNET.ORG>
X-To: Simon Coggins <simon@oz.org>, bugs@undernet.org
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <004a01bee2c2$a8cf18f0$1d6438cb@Cola>
Hi there,
At 1:55 +0200 10-08-1999, Simon Coggins wrote:
>I'm sure your all on the list but just incase.
>
>----- Original Message -----
>From: <psychoid@GMX.NET>
>> qident does not check sucessfully for spaces and characters
>> as like *, ! and @.
>>
>> When using an ident as like "@o ! ! !", o would be treated as
>> host, the parameters which are left, would be enhanced by the number of
>> spaces provided by the ident.
thanks for the report, no I am not on bugtraq, I rely on
people in there contacting us to forward what's relevant ;)
As reported I don't think this problem exists on undernet's
codebase, since version .02 or such the reply of ident is
strongly checked and allows a very restricted set of chars,
dropping off (either by replacing them with _ or by forcing
them to terminate the userid) basically any non plain ascii
char and any char that has a special meaning to the irc
protocol.
Should something have slipped out of the checks.. jst report
it to me and will be fixed on the fly, as of now I think that
Undernet's ircu is safe from this kind of exploit.
Regards,
Andrea aka Nemesi
Undernet's coders committee.
[P.S.: Why there are on bugtraq 50 persons unable to tell their
"vacation" message to not be sent to the posters of the mailing
lists ? Lameness....]
