[8610] in bugtraq
Re: Old IRC Client bug Re-Applied
daemon@ATHENA.MIT.EDU (Security Admin)
Fri Nov 20 14:30:29 1998
Date: Thu, 19 Nov 1998 02:44:53 +0000
Reply-To: Security Admin <admin@ATECH.ORG>
From: Security Admin <admin@ATECH.ORG>
X-To: "rewt@midsouth.rr.com" <rewt@MIDSOUTH.RR.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199811121221.NAA09327@dt050nac.midsouth.rr.com>
As far as I knew, Pirch development was discontinued quite sometime ago
(although going to the official home page now reveals they've got a new
domain), so if thats the case, fixing this bug will be up to the
individual user.. although the VAST majority of windows IRC users use mIRC
anyway...
-pat
On Thu, 12 Nov 1998, rewt@midsouth.rr.com wrote:
> If this has already been announced, well, screw me.
>
> Problem:
> The IRC (Internet Relay Chat) Client, pIRCh automatically assigns
> your main pirch directory to where DCC downloads are sent.
>
> Exploit:
> You can replace someone's script file with a malicious one,
> therefore recieving control over an ignorant irc tenant. This can be
> done by sending a replacement file via DCC to the user. Most
> people could tell the user that it was something cool, and they
> would accept it.
>
> Fix:
> Simply goto Tools.. then Preferences. Flip to the DCC tab and
> change your default DCC recieve directory to something that is not
> the main pIRCh directory.
>
> Tested On:
> pIRCh32 0.92
> If there's a new version out that fixes it, well crap, I'm sorry for
> taking up your time.
>
> Cheers,
> REwT <rewt@midsouth.rr.com>
> PaKT-TeCH Sekurity | REwT Technologies
>