The flaw is said to be within the InspIRCd link module for which a patched version exists, but according to the original post to the IRC-Security mailinglist there are more flaws within the InspIRCd link module and also within the UnrealIRCd link module.

The original poster on the mailinglist suggests to get rid of IRC Defender immediately and to replace it with something else (have a look at Omega Security Services) and also to check for signs of recent intrusions which have taken place on or after 15th November. He also urges to look out for rogue entries in ~/.ssh/authorized_keys and look for suspicious processes.

So far, at least three networks seem to have been exploited due to this flaw – the highest profile victim so far seems to be the hack of the AnonOps network which also seems to have been possible due to that flaw – contrary to the rumored Anope 0-day.

Original post on the IRC-Security mailinglist is here (needs registration).

Thanks to alyx for the tip etc!

The patched inspircd12.pm link module can be obtained from here.

  Copyright secured by Digiprove

IRC Defender arbitrary code execution exploit is a post from: IRC-Junkie.org - IRC News

This post is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Deutschland license.

Related posts:

1. IRC Defender 1.5 Released
2. IRC Defender Back Under Development
3. IRCu Family IRCd DoS Exploit

After 2 release candidates and with 212 changes and bugfixes – almost the same amount as the last three stable releases combined – among which is a “substantial amount of new features” as Syzop writes in their announcement.

He thanks everyone that made this release possible but especially mentions binki who did a “considerable amount of work to make this release possible”.

And indeed, there is a large amount of changes – for example:

• Extended Bans (new modes introduced, ban stacking behaviour)
• Extended Invite Exceptions / Invex
• New Channelmode +Z which works in conjunction with +z (SSL only) and is set once every joined user is on SSL which might not be the case during netsplits/-joins
• Remote MOTD support
• Remote includes caching so that an old version of a remote include is loaded in case the webserver containing the include is down
• /rehash -global – rehashes all servers at once
• STARTTLS – connect to a “regular” port SSL encrypted
• IPv6 clones detection support, defaults to /64

A small excerpt of the bugs that have been fixed:

• Low connection frequencies (connfreq) no longer pose a problem due to reworking the corresponding code
• IPv6 related fixes
• an obscure crash bug that only occured rarely on outgoing connects

Work on UnrealIRCd 3.3 already has begun and is, according to development plans, the replacement for the often retried and ultimately failed rewrite which was to be released as UnrealIRCd 4.

The release announcement can be found here and the full changelog for changes since UnrealIRCd 3.2.8.1 is here (you need to scroll all the way down).

  Copyright secured by Digiprove

UnrealIRCd 3.2.9 – New stable version after 2 years is a post from: IRC-Junkie.org - IRC News

This post is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Deutschland license.

Related posts:

1. UnrealIRCd 3.2.8-rc1 is ready for testing
2. InspIRCd stable 1.2.3 released
3. UnrealIRCd updates their IRCd to 3.2.8.1

Earlier this week, Jon Lusky released a new version of ircd-hybrid. The version number has now reached 7.3.0. Among the changes you find a new Bulgarian translation, a fixed IPv6 implementation and channel modes O and S for opers-only respective SSL/TLS-only clients. Server administrators now get to choose whether they want to use SSLv3 or TLSv1 to secure connections. All spy-notice modules that previously covered reports for usage of STATS, TRACE, MOTD and ADMIN have been replaced by server-sided notices. The old LazyLinks concept has now been removed, as it was half broken. The WATCH command known from UnrealIRCd and Bahamut has been added. In addition to that, a few minor cleanups and bugs leading to crashes have been fixed.

Hybrid is used together with Ratbox (which is a fork) and CSIRCd on both EFnet and IRCsource. It has been forked many times and it’s known for its stability and quality of code.

By looking at the SVN repository it seems like the developer team behind Hybrid is working towards a 8.0 release, featuring better services support while still keeping simplicity.

  Copyright secured by Digiprove

Hybrid releases 7.3.0 is a post from: IRC-Junkie.org - IRC News

This post is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Deutschland license.

Related posts:

1. IRCd-Hybrid derivate “esphyb” releases version 1.0.4 [Updated]
2. InspIRCd releases 1.2.0rc2 “PepperSteik”
3. Anope releases 1.8.0-stable of their IRC services package

Most clients today provide some sort of graphical user interface or come with an ASCII-based interface. And while the latter, CLI-based clients, are commonly thought to be the most basic variant of an IRC client, i was surprised to find a client that manages to be even more plain: ii or IRC IT.

ii is a “minimalist FIFO and filesystem-based IRC client”, meaning every channel, private message and other server communication is represented by a directory containing an in and an out file.

Even though its sourcecode is just under 500 lines, it supports the most basic commands like joining and parting, changing nickname and setting topics. All other commands currently not understood by ii can be written as per the RFC and will get sent directly to the server then.

Using standard Linux/Unix commandline-tools like echo, cat, tail and grep you can control IRC IT which almost behaves like a normal IRC client then.

Join a channel? Sure, just echo “/j #yourchannelname” > servernamedir/in and you’ll join that channel, creating an out file you can monitor with tail -f.

ii Channelview

After a little while, your directory structure will look like this:

ii Treeview

Users of the vim editor who always looked envious at the Emacs editor because of its built-in IRC client ERC – fret not: This blog-post details how to configure vim to be used as an IRC client in combination with ii.

So if you feel like trying something new, grab ii from here and after a fast and hassle-free compiler-run you’re up and running – Who knows, maybe you’ve got a favourite new IRC client?

  Copyright secured by Digiprove

ii – A Filesystem-based IRC Client is a post from: IRC-Junkie.org - IRC News

This post is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Deutschland license.

Related posts:

1. KDE IRC client Konversation releases version 1.2.3
2. Yaaic – Yet another Android IRC client 0.1 Beta released
3. IRC client Nettalk 6.7.4 released

The bug, triggered by inserting carriage returns (r) into DCC GET commands, can be used to execute every command the IRCd understands in the context of the user running the vulnerable client instance.

To check if your version is exploitable you can either take a look at the “About KVIrc” tab under “Help” and check the revision or execute the following command on IRC:

/echo $version

To make matters worse, whole channels can be exploited at once if they don’t have a mode set that disallows CTCPing them.

A quick workaround is to execute the following command, effectively preventing those “failed” DCC handshakes to be notified and disabling the bug:

/option boolNotifyFailedDccHandshakes 0

To see if you’ve already been exploited you can take a look in your server window and search for lines that look similar to these:

[01:27:46] Processing DCC GET PRIVMSG #kvirc :I’m owned
request from ATTACKER [ATTACKER@HOSTNAME] (DCC GETrPRIVMSG40#kvirc40:I’m40ownedr)
[01:27:46] Unable to process the above request: Unknown DCC type ‘GET PRIVMSG #KVIRC :I’M OWNED ‘, Ignoring and notifying failure

Updated builds of KVIrc are available on their homepage – some distributions also already have updated builds in their repository. If you can’t update because your distribution is not among the one with updated builds, the workaround helps to not fall prey to any possible attackers.

Original report on KVIrc bugtracker
Advisory on Secunia.com

  Copyright secured by Digiprove

KVIrc 3.x and 4.x Remote Command Execution Vulnerability is a post from: IRC-Junkie.org - IRC News

This post is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Deutschland license.

Related posts:

1. KVIrc 3.4.0 irc:// URI handler format string vulnerability – reloaded
2. BNC 2.8.9 remote buffer overflow
3. KVIrc 3.4.2 URI handler in combination with IE exploitable [Updated]