[8610] in bugtraq

home help back first fref pref prev next nref lref last post

Re: Old IRC Client bug Re-Applied

daemon@ATHENA.MIT.EDU (Security Admin)
Fri Nov 20 14:30:29 1998

Date: 	Thu, 19 Nov 1998 02:44:53 +0000
Reply-To: Security Admin <admin@ATECH.ORG>
From: Security Admin <admin@ATECH.ORG>
X-To:         "rewt@midsouth.rr.com" <rewt@MIDSOUTH.RR.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To:  <199811121221.NAA09327@dt050nac.midsouth.rr.com>

As far as I knew, Pirch development was discontinued quite sometime ago
(although going to the official home page now reveals they've got a new
domain), so if thats the case, fixing this bug will be up to the
individual user.. although the VAST majority of windows IRC users use mIRC
anyway...

-pat

On Thu, 12 Nov 1998, rewt@midsouth.rr.com wrote:

> If this has already been announced, well, screw me.
>
> Problem:
> The IRC (Internet Relay Chat) Client, pIRCh automatically assigns
> your main pirch directory to where DCC downloads are sent.
>
> Exploit:
> You can replace someone's script file with a malicious one,
> therefore recieving control over an ignorant irc tenant. This can be
> done by sending a replacement file via DCC to the user. Most
> people could tell the user that it was something cool, and they
> would accept it.
>
> Fix:
> Simply goto Tools.. then Preferences. Flip to the DCC tab and
> change your default DCC recieve directory to something that is not
> the main pIRCh directory.
>
> Tested On:
> pIRCh32 0.92
> If there's a new version out that fixes it, well crap, I'm sorry for
> taking up your time.
>
> Cheers,
> REwT <rewt@midsouth.rr.com>
> PaKT-TeCH Sekurity | REwT Technologies
>

home help back first fref pref prev next nref lref last post