[8530] in bugtraq

home help back first fref pref prev next nref lref last post

Old IRC Client bug Re-Applied

daemon@ATHENA.MIT.EDU (rewt@midsouth.rr.com)
Fri Nov 13 13:30:28 1998

Date: 	Thu, 12 Nov 1998 11:20:56 -0600
Reply-To: "rewt@midsouth.rr.com" <rewt@MIDSOUTH.RR.COM>
From: "rewt@midsouth.rr.com" <rewt@MIDSOUTH.RR.COM>
To: BUGTRAQ@NETSPACE.ORG

If this has already been announced, well, screw me.

Problem:
The IRC (Internet Relay Chat) Client, pIRCh automatically assigns
your main pirch directory to where DCC downloads are sent.

Exploit:
You can replace someone's script file with a malicious one,
therefore recieving control over an ignorant irc tenant. This can be
done by sending a replacement file via DCC to the user. Most
people could tell the user that it was something cool, and they
would accept it.

Fix:
Simply goto Tools.. then Preferences. Flip to the DCC tab and
change your default DCC recieve directory to something that is not
the main pIRCh directory.

Tested On:
pIRCh32 0.92
If there's a new version out that fixes it, well crap, I'm sorry for
taking up your time.

Cheers,
REwT <rewt@midsouth.rr.com>
PaKT-TeCH Sekurity | REwT Technologies

home help back first fref pref prev next nref lref last post