[9913] in bugtraq
Re: Bug in IRC services
daemon@ATHENA.MIT.EDU (Taral)
Fri Mar 12 21:52:49 1999
Date: Fri, 12 Mar 1999 19:35:06 -0600
Reply-To: Taral <taral@CYBERJUNKIE.COM>
From: Taral <taral@CYBERJUNKIE.COM>
X-To: fractalg <fractalg@lidernet.pt>
To: BUGTRAQ@NETSPACE.ORG
On Fri, 12 Mar 1999, fractalg wrote:
>Hello,
>I've just found a big hole in services provided by IRC networks. The
>services in question are Chanserv, Nickserv, Memoserv.
>I've found them at Portuguese IRC Network aka PTNET but I think these can be
>applied to other IRC networks that are based around DALNET code since PTNET
>is a modified version of Dalnet code. If this doesn't work in other IRC
>networks at least can be a good example of very bad programming in areas
>related to security and networking.
Not true. DALnet never released their services code. These are all CLONES.
>So it came the new version of the servers this time with a nice feature !
>You didnt need to identify the nick when the servers rejoined from the
>split ! The first time I saw this I tought about how would the services
>recognize me as the true nick before the split... I never had the chance to
>test this theory until some days ago.
Well, DALnet uses IDs and the like, and is most probably not susceptible to
this. I really wish people would do more research before putting out junk like
this. I doubt that this person even informed PTNET that their services had a
bug.
Taral
