Re: IRC problems & other fun?
matthew green (mrg@mame.mu.OZ.AU)
Wed, 12 Oct 1994 15:34:18 +1000
We've had a few account violations at a site I administer, and I believe
that the problem has been pinpointed as being IRC. One user pointed this out
as the access point into his own account, and this seems to be confirmed by
a co-worker who also had his account broken, in apparently the same meathod.
So, the question is -- Have there been any new holes in IRC (the newest non-
beta version... IRCII 2.2.9, I think) discovered recently? I'm aware of the
"ON EXEC" problems, and the like, but the co-worker who's account was broken
ran no scripts, nor executed any command to disable EXEC_PROTECTION or
anything simular (he's a very lightweight IRC user).
I'd -really- like to find the specific meathod of entry here -- Disabling
IRC is really not an option.
as far as i'm aware (as ircii's maintainer) there are no bugs in
a standard 2.2.9 that give this access. there are, however, some
versions that were on various ftp sites that had some backdoors
in them (CTCP GROK and CTCP JUPE are the ones i know about), that
would give someone `control' over the client - which is as good
as giving someone a shell. run
% strings /usr/local/bin/irc | egrep 'JUPE|GROK'
and see if the client has those strings. if so, i'd suggest
getting and installing a new client. (email me if you want to
be sure the client is `clean').
if anyone knows of anything else, i'd really like to know about it.
.mrg.