– IRC News

All about Internet Relay Chat

IRC Defender arbitrary code execution exploit

Yesterday, news broke that there is an arbitrary code execution exploit within the still popular IRC security service IRC Defender which is, according to the reporter, being actively exploited.

The flaw is said to be within the InspIRCd link module for which a patched version exists, but according to the original post to the IRC-Security mailinglist there are more flaws within the InspIRCd link module and also within the UnrealIRCd link module.

The original poster on the mailinglist suggests to get rid of IRC Defender immediately and to replace it with something else (have a look at Omega Security Services) and also to check for signs of recent intrusions which have taken place on or after 15th November. He also urges to look out for rogue entries in ~/.ssh/authorized_keys and look for suspicious processes.

So far, at least three networks seem to have been exploited due to this flaw – the highest profile victim so far seems to be the hack of the AnonOps network which also seems to have been possible due to that flaw – contrary to the rumored Anope 0-day.

Original post on the IRC-Security mailinglist is here (needs registration).

Thanks to alyx for the tip etc!

The patched link module can be obtained from here.

Copyright secured by Digiprove
  • Jappy says:

    omega security service is not available anymore .

    December 15, 2011 at 7:59 pm
  • phrozen77 says:

    [quote comment="4296"]omega security service is not available anymore .[/quote]

    True – seems the domain is currently expired, though it seems there’s still hope for it to be renewed..

    December 15, 2011 at 9:57 pm
  • Jappy says:

    Back on business :-)

    December 31, 2011 at 1:48 pm

Your email address will not be published. Required fields are marked *