Re: IRC problems & other fun?
Lawrence C Mc Abee (lcm@intac.com)
Tue, 11 Oct 1994 23:13:05 -0400
In message <199410120028.AA04930@lupine.org>, "That Whispering Wolf..." stated:
>
>We've had a few account violations at a site I administer, and I believe
>that the problem has been pinpointed as being IRC. One user pointed this out
>as the access point into his own account, and this seems to be confirmed by
>a co-worker who also had his account broken, in apparently the same meathod.
>
>So, the question is -- Have there been any new holes in IRC (the newest non-
>beta version... IRCII 2.2.9, I think) discovered recently? I'm aware of the
>"ON EXEC" problems, and the like, but the co-worker who's account was broken
>ran no scripts, nor executed any command to disable EXEC_PROTECTION or
>anything simular (he's a very lightweight IRC user).
>
>I'd -really- like to find the specific meathod of entry here -- Disabling
>IRC is really not an option.
>
>Anyone have ideas?
A while back the IRC main US ftp site, cs-pub.bu.edu was broken into
and the irc clients there were replaced with code that had a back door.
If you got the code that you now run in say early summer, 1994, you may
want to grab new source and recompile.
Normal 2.2.9 code has no backdoors that I am aware of, of course as you stated
, 'on exec' is a constant problem. You could hack exec out of the code you
install as your system client.
Mac.
--
Lawrence C. Mc Abee <lcm@intac.com>|The United States:
Operations Staff. 1800-50INTAC| Not the world's policeman..
INTAC Access Corporation. | more like the world's big brother.
PGP Key:http://www.intac.com/~lcm |