EFNet ircd Channel Keys Arbitrary Serve Command Vulnerability
BID:2233
Info
EFNet ircd Channel Keys Arbitrary Serve Command Vulnerability
| Bugtraq ID: | 2233 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Apr 11 1996 12:00AM |
| Updated: | Apr 11 1996 12:00AM |
| Credit: | Reported by Roger Espel Llima on April 11, 1996. |
| Vulnerable: |
EFNet ircd 2.8.21 EFNet ircd 2.8 /digi+th EFNet ircd 2.8 /digi EFNet ircd 2.8 +TS |
| Not Vulnerable: | |
Discussion
EFNet ircd Channel Keys Arbitrary Serve Command Vulnerability
A vulnerability has been identified in EFnet versions of the irc daemon (ircd). in the daemon's handling of channel keys.
Properly exploited, a remote attacker can cause the server to send arbitrary strings to any connected server. This can permit the exploiter to perform a number of restricted functions including KILLing (temporarily ejecting) users, create false users and servers, impersonating a channel operator, and entering channels without detection.
Systems prior to 2.8.21 are reported vulnerable.
A patch is available via Web from www.eleves.ens.fr.
http://www.iagora.com/~espel/TS/channel.diff-keybug
A vulnerability has been identified in EFnet versions of the irc daemon (ircd). in the daemon's handling of channel keys.
Properly exploited, a remote attacker can cause the server to send arbitrary strings to any connected server. This can permit the exploiter to perform a number of restricted functions including KILLing (temporarily ejecting) users, create false users and servers, impersonating a channel operator, and entering channels without detection.
Systems prior to 2.8.21 are reported vulnerable.
A patch is available via Web from www.eleves.ens.fr.
http://www.iagora.com/~espel/TS/channel.diff-keybug
References
EFNet ircd Channel Keys Arbitrary Serve Command Vulnerability
References:
References:
- EFNet ircd keybug patch (Roger Espel Llima