[11384] in bugtraq
Re: w00w00's efnet ircd advisory (exploit included)
daemon@ATHENA.MIT.EDU (Adam Herscher)
Mon Aug 16 23:14:11 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <005901bee5e5$171e8460$9732dacf@axis>
Date: Fri, 13 Aug 1999 16:39:29 -0700
Reply-To: Adam Herscher <adam@AXISPRODUCTIONS.COM>
From: Adam Herscher <adam@AXISPRODUCTIONS.COM>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
As "w00w00" so elequently put it, the affected versions of hybrid vulnerable
to this exploit were up to beta 58 only. The hybrid 6 betas have not been
released to the public, and considering that beta 96 was posted to
developers yesterday, nobody should be affected by a beta 58 exploit.
ircd-hybrid is only one of the ircds used on the EFNet, and i believe the
only versions of hybrid6 that are currently approved for efnet use are
betas 73 - 83.
It's beta people - this doesn't affect anybody - don't get your compilers
roaring thinking you're gonna "Fine-tune until you have root" anytime soon
:-)
Adam Herscher (Xref)
Oper - EFNet - irc.inter.net.il
----- Original Message -----
From: Shok <shok@CANNABIS.DATAFORCE.NET>
To: <BUGTRAQ@SECURITYFOCUS.COM>
Sent: Friday, August 13, 1999 12:01 AM
Subject: w00w00's efnet ircd advisory (exploit included)
> [http://www.w00w00.org, comments to shok@dataforce.net]
>
> SUMMARY
> efnet ircd hybrid-6 (up to beta 58) have a vulnerability that can allow
> remote access to the irc server. In most cases, you'll gain privileges of
> the 'irc' user.
