WircSrv MOTD Read Vulnerability
BID:1472
Info
WircSrv MOTD Read Vulnerability
| Bugtraq ID: | 1472 |
| Class: | Design Error |
| CVE: | |
| Remote: | Unknown |
| Local: | Unknown |
| Published: | Jul 17 2000 12:00AM |
| Updated: | Jul 17 2000 12:00AM |
| Credit: | This vulnerabuility was posted to the Bugtraq mailing list on Thu Jul 13 2000 by Andrew Lewis <[email protected]>. |
| Vulnerable: |
WircSrv IRC Server 5.0.7 s |
| Not Vulnerable: | |
Discussion
WircSrv MOTD Read Vulnerability
Certain versions of WircSrv, a personal IRC server for Windows NT or Windows, have a vulnerability which allows certain users to read files to which they possibly should not have access to. This vulnerability is via a command within the server which is accessible only to pre-authorized IRCop's (moderators for the IRC server). This command is supposed to allow the user to access an MOTD (Message Of The Day) for display inside of the IRC session (displayed to users upon login). However, instead of simply allowiong access to a prearranged file it allows access to any file within the permission range of the user running the server.
Certain versions of WircSrv, a personal IRC server for Windows NT or Windows, have a vulnerability which allows certain users to read files to which they possibly should not have access to. This vulnerability is via a command within the server which is accessible only to pre-authorized IRCop's (moderators for the IRC server). This command is supposed to allow the user to access an MOTD (Message Of The Day) for display inside of the IRC session (displayed to users upon login). However, instead of simply allowiong access to a prearranged file it allows access to any file within the permission range of the user running the server.
Exploit / POC
WircSrv MOTD Read Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
WircSrv MOTD Read Vulnerability
Solution:
Currently the SecurityFocus staff are not ware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not ware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].