IRC-Junkie.org – IRC News

All about Internet Relay Chat

UnrealIRCd 3.2.9 – New stable version after 2 years

UnrealIRCd, the IRCd that still dominates the usage statistics of all IRCds, has seen another stable release and is now at version 3.2.9.

After 2 release candidates and with 212 changes and bugfixes – almost the same amount as the last three stable releases combined – among which is a “substantial amount of new features” as Syzop writes in their announcement.

He thanks everyone that made this release possible but especially mentions binki who did a “considerable amount of work to make this release possible”.

And indeed, there is a large amount of changes – for example:

  • Extended Bans (new modes introduced, ban stacking behaviour)
  • Extended Invite Exceptions / Invex
  • New Channelmode +Z which works in conjunction with +z (SSL only) and is set once every joined user is on SSL which might not be the case during netsplits/-joins
  • Remote MOTD support
  • Remote includes caching so that an old version of a remote include is loaded in case the webserver containing the include is down
  • /rehash -global – rehashes all servers at once
  • STARTTLS – connect to a “regular” port SSL encrypted
  • IPv6 clones detection support, defaults to /64

A small excerpt of the bugs that have been fixed:

  • Low connection frequencies (connfreq) no longer pose a problem due to reworking the corresponding code
  • IPv6 related fixes
  • an obscure crash bug that only occured rarely on outgoing connects

Work on UnrealIRCd 3.3 already has begun and is, according to development plans, the replacement for the often retried and ultimately failed rewrite which was to be released as UnrealIRCd 4.

The release announcement can be found here and the full changelog for changes since UnrealIRCd 3.2.8.1 is here (you need to scroll all the way down).

  Copyright secured by Digiprove

Hybrid releases 7.3.0

Earlier this week, Jon Lusky released a new version of ircd-hybrid. The version number has now reached 7.3.0. Among the changes you find a new Bulgarian translation, a fixed IPv6 implementation and channel modes O and S for opers-only respective SSL/TLS-only clients. Server administrators now get to choose whether they want to use SSLv3 or TLSv1 to secure connections. All spy-notice modules that previously covered reports for usage of STATS, TRACE, MOTD and ADMIN have been replaced by server-sided notices. The old LazyLinks concept has now been removed, as it was half broken. The WATCH command known from UnrealIRCd and Bahamut has been added. In addition to that, a few minor cleanups and bugs leading to crashes have been fixed.

Hybrid is used together with Ratbox (which is a fork) and CSIRCd on both EFnet and IRCsource. It has been forked many times and it’s known for its stability and quality of code.

By looking at the SVN repository it seems like the developer team behind Hybrid is working towards a 8.0 release, featuring better services support while still keeping simplicity.

  Copyright secured by Digiprove

ii – A Filesystem-based IRC Client

There are many different IRC clients out there and no matter what your preferences are, you’re almost guaranteed to find one that will suit your needs.

Most clients today provide some sort of graphical user interface or come with an ASCII-based interface. And while the latter, CLI-based clients, are commonly thought to be the most basic variant of an IRC client, i was surprised to find a client that manages to be even more plain: ii or IRC IT.

ii is a “minimalist FIFO and filesystem-based IRC client”, meaning every channel, private message and other server communication is represented by a directory containing an in and an out file.

Even though its sourcecode is just under 500 lines, it supports the most basic commands like joining and parting, changing nickname and setting topics. All other commands currently not understood by ii can be written as per the RFC and will get sent directly to the server then.

Using standard Linux/Unix commandline-tools like echo, cat, tail and grep you can control IRC IT which almost behaves like a normal IRC client then.

Join a channel? Sure, just echo “/j #yourchannelname” > servernamedir/in and you’ll join that channel, creating an out file you can monitor with tail -f.

ii Channelview

ii Channelview

After a little while, your directory structure will look like this:

ii Treeview

ii Treeview

Users of the vim editor who always looked envious at the Emacs editor because of its built-in IRC client ERC – fret not: This blog-post details how to configure vim to be used as an IRC client in combination with ii.

So if you feel like trying something new, grab ii from here and after a fast and hassle-free compiler-run you’re up and running – Who knows, maybe you’ve got a favourite new IRC client?

  Copyright secured by Digiprove

KVIrc 3.x and 4.x Remote Command Execution Vulnerability

All current versions of the KVIrc IRC client contain a remotely exploitable command execution vulnerability, including builds of KVIrc 4 from subversion up to revision 4692 as well as the older 3.x versions.

The bug, triggered by inserting carriage returns (r) into DCC GET commands, can be used to execute every command the IRCd understands in the context of the user running the vulnerable client instance.

To check if your version is exploitable you can either take a look at the “About KVIrc” tab under “Help” and check the revision or execute the following command on IRC:

/echo $version

To make matters worse, whole channels can be exploited at once if they don’t have a mode set that disallows CTCPing them.

A quick workaround is to execute the following command, effectively preventing those “failed” DCC handshakes to be notified and disabling the bug:

/option boolNotifyFailedDccHandshakes 0

To see if you’ve already been exploited you can take a look in your server window and search for lines that look similar to these:

[01:27:46] Processing DCC GET PRIVMSG #kvirc :I’m owned
request from ATTACKER [ATTACKER@HOSTNAME] (DCC GETrPRIVMSG40#kvirc40:I’m40ownedr)
[01:27:46] Unable to process the above request: Unknown DCC type ‘GET PRIVMSG #KVIRC :I’M OWNED ‘, Ignoring and notifying failure

Updated builds of KVIrc are available on their homepage – some distributions also already have updated builds in their repository. If you can’t update because your distribution is not among the one with updated builds, the workaround helps to not fall prey to any possible attackers.

Original report on KVIrc bugtracker
Advisory on Secunia.com

  Copyright secured by Digiprove

mIRC 7.1 Final is out

The “mIRC Unicode project” was successful it seems and Khaled Mardam-Bey just released version 7.1 of his famous IRC client.

The project to convert mIRC to Unicode has taken almost two years of development and testing and has required tens of thousands of changes to 150,000+ lines of source code. This has been the most complex and time-consuming update to mIRC since it was created in 1995, when it started out as a non-Unicode, 16-bit, Windows 3.1 application.

When looking at the changelog, there have been made well over 180 bugfixes and feature enhancements since mIRC 6.35 so it comes as no surprise that according to Khaled “many areas of mIRC have had to be updated or re-written” but should result in it “being faster, more stable, and more compatible with the latest versions of Windows”.

Aside from being converted to Unicode, the client gained a few new features too:

mIRC now supports configuration via UPnP which automatically opens ports for DCC on compatible routers and you may put it into full distraction fullscreen mode with the F11 key, starting from Beta 6.

You can take a look at the history of changes either on our own posting here or in the changelog that is supplied with the client itself which is available from the usual location, here.

Thanks for the tip go to wayne!

Copyright secured by Digiprove