[892] in bugtraq
Re: IRC Security Loophole
daemon@ATHENA.MIT.EDU (Silicon Avatar)
Fri Feb 3 20:43:26 1995
Date: Fri, 3 Feb 1995 18:20:49 -0600 (CST)
From: Silicon Avatar <zitz@infinity.ivdev.com>
To: Lorna Leong <lorna@singnet.com.sg>
Cc: bugtraq@fc.net
In-Reply-To: <Pine.3.89.9502031315.C18664-0100000@merlion.singnet.com.sg>
On Fri, 3 Feb 1995, Lorna Leong wrote:
>
> Hi,
>
> I read somewhere that there is a security loophole in IRC. I don't know
> anything else about it but I would like to find out more information
> about this. I heard that information about this IRC loophole can be found
> by FTP at ftp.cert.org, but I couldn't find anything relevant there.
If you are talking about the "jupe" or "grok" hole. It was temporary, and
merely hacked version of the client floating around at "trusted" sites.
To my knowledge, these "hacks" have been removed and are no longer a threat
(unless someone is propogating these older clients.)
Simply put, you could "CTCP grok [command]" (CTCP being a method of
communication over IRC) someone, and have that command executed,
unknowingly, off the account.
/----------------------------------------------------------------------\
<> Stephan K. Zitz <> My mind is my best friend... <>
<> zitz@infinity.ivdev.com <> And my worst enemy... GABBPUY! <>
<> Integrated Visions -- Watch out, is on its way.... <>
\======================================================================/
GCS/M d-- p c++++ l+++ u++ e+ m-(++) s !n h++ f(++)* !g w+++ t+++ r+ y+(*)
