<< Storm Trojan infections not nearly as wide spread as thought? | Home | Smaller botnets becoming more prevalent? >>





September 26, 2007

Multiple Vulnerabilities In IRCu?

A security researcher has posted an extensive list of vulnerabilities that he alleges exsist in Ircu, the open source IRC server that Undernet and other networks use.

None of these bugs can be abused for arbitrary code execution. Two are about crashing a server, one about exposing IP adresses, and the effect of the others stay within IRC: they allow clients to get more privileges on the IRC network then they are supposed to have.
Some of these vulnerabilities only affect servers with oplevels or zannels enabled, which was the default (but not anymore). Oplevels (A/Upass) is a feature that allows the creator of a new channel to set passwords on it that, when used to join, automatically give ops. Zannels is a feature introduced in 2.10.12.02 that keeps empty channels alive for a while instead of destroying them immediately, to avoid A/U passwords being set on a channel that was only empty for a short time.

Zannels was enabled on Undernet on some servers for a short time and then disabled because of the trouble it caused. Oplevels never were enabled.

Multiple vulnerabilities in ircu

Posted in IRC News by #!/usr/bin/geek at 2007-09-26 01:56 ET (GMT-5)

Tags:


Comments


Post a comment

(Required)


(Valid Email Required)

Store my name and email in a cookie so I don't have to enter it again:


Comments are subject to the WyldRyde IRC Network Comment Policy

Links, URLs, and Web Addresses are prohibited!




Use of this form signifies your agreement to the WyldRyde IRC Network Comment Policy!


<< Storm Trojan infections not nearly as wide spread as thought? | Home | Smaller botnets becoming more prevalent? >>





Copyright (C) 1994 - 2008 - WyldRyde IRC Network - All rights reserved.
Advertise on WyldRyde | Link to WyldRyde | Network Terms of Service (Rules) | Donate to WyldRyde
Use of this web site signifies your agreement to the Conditions of Use | Copyright Notices | Privacy Policy

WyldRyde, WyldRyde IRC Network, WyldRyde Corp, WyldRyde Corporation, WyldRyde.org, WyldRyde.net, and WyldRyde Chat Script are trademarks of WyldRyde Corporation. All other trademarks and tradenames are property of their respective owners.