[15781] in bugtraq
Re: More wIRCSrv stupidity
daemon@ATHENA.MIT.EDU (Alex Charalabidis)
Fri Jul 14 14:20:35 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.BSF.4.21.0007131828380.48359-100000@earth.wnm.net>
Date: Thu, 13 Jul 2000 18:41:30 -0500
Reply-To: Alex Charalabidis <alex@WNM.NET>
From: Alex Charalabidis <alex@WNM.NET>
X-To: Drew <wizdumb@LEET.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <001001bfeccc$c3279d20$ba7d1ec4@kungphusion>
On Thu, 13 Jul 2000, Drew wrote:
> Yo,
>
> I saw USSRLab's post about wIRCSrv. I was considering posting about this
> daemon a while ago, but decided against it because I didn't know if it was
> still being maintained. So I went and downloaded the latest version to find
> that it had the same bug... err.. feature. The feature/bug is the importmotd
> command, which allows any IRCOp to set the motd to any file on the servers
> hard-drive(s). Obviously enough, you trust the IRCOps on your server, but does
> that mean you automatically trust them enough to view any file on your system?
> I'm not too sure about that. :-)
>
Indeed, you're beating a dead and decomposed horse. Wircsrv, to the best
of my knowledge, is unmaintained and possibly entered the realm of
abandonware at least two years ago, due to "lack of interest" (I haven't
seen its author for even longer). Given that bugs are unlikely to be
corrected, I recommend that existing installations of it be replaced
with some other irc daemon.
-ac
--
==============================================================
Alex Charalabidis (AC8139) 5050 Poplar Ave, Ste 170
Systems Administrator Memphis, TN 38157
WebNet Memphis (901) 432 6000
Author, The Book of IRC http://www.bookofirc.com/
==============================================================
