[15768] in bugtraq
More wIRCSrv stupidity
daemon@ATHENA.MIT.EDU (Drew)
Thu Jul 13 19:08:25 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: 7bit
Message-Id: <001001bfeccc$c3279d20$ba7d1ec4@kungphusion>
Date: Thu, 13 Jul 2000 15:17:22 +0200
Reply-To: Drew <wizdumb@LEET.ORG>
From: Drew <wizdumb@LEET.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
Yo,
I saw USSRLab's post about wIRCSrv. I was considering posting about this
daemon a while ago, but decided against it because I didn't know if it was
still being maintained. So I went and downloaded the latest version to find
that it had the same bug... err.. feature. The feature/bug is the importmotd
command, which allows any IRCOp to set the motd to any file on the servers
hard-drive(s). Obviously enough, you trust the IRCOps on your server, but does
that mean you automatically trust them enough to view any file on your system?
I'm not too sure about that. :-)
Shoutz to the folks over at USSRLabs :-)
Cheers,
Andrew Lewis aka. Wizdumb [MDMA]
www.mdma.za.net <-- now up :-)
