IRC-Junkie.org – IRC News

Last month a new bug have been found in IRCu family IRCd’s which can be exploited leading to a crashing server.

In this post on Milw0rm the bug and exploit is explained. IRCu (<= 2.10.12.12) and many derivatives are affected.

IRC-Junkie asked Slug, who found the bug and described it on Milw0rm, how he found the bug. “Core dump from one of our servers,” Slug starts. “send_user_mode in s_user.c does not check that the argument after a +r mode is present, if it is not than the NULL sentinel may be missed, causing the function to iterate over the boundary of the array.”

One way to exploit the bug would be using the command with string /mode nickname i i i i i i i i i i i i i i i r r r r s. Doing so would core the server.

Only cure is to upgrade to the latest version of the IRCd with fix for this exploit.

Last month a new bug have been found in IRCu family IRCd's which can be exploited leading to a crashing server. In this post on Milw0rm the bug and exploit is explained. IRCu (<= 2.10.12.12) and many derivatives are affected. IRC-Junkie asked Slug, who found the bug and described it on Milw0rm, how he found the ...

Related posts:

1. GameSurge tests new IPv6 code in ircu "Our development committee is currently testing our new IPv6 IRC...
2. XChat Author Warns for Firefox Exploit A second more serious security issue has been discovered which...
3. freenode testing a new IRCd freenode, the network hosting the channels for many free /...
4. mIRC Local DCC Issue: Exploit, Vulnerability or Neither? mIRC has seen issues with DCC exploits in the past....
5. UnrealIRCd updates their IRCd to 3.2.8.1 The UnrealIRCd project released a bugfix release of version 3.2.8...

Tags: Hack, IRC, IRCu

This entry was posted on Wednesday, April 9th, 2008 at 10:46 pm and is filed under Hack, IRC, IRCd. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.