IRC-Junkie.org – IRC News

All about Internet Relay Chat

Atheme NickServ CertFP Vulnerability

A security vulnerability related to certificate fingerprints has been found in the Atheme IRC services package.

 

All versions that have CertFP functionality are affected, which are version 5.2.x, 6.x and the current testing release, version 7.x.

 

The vulnerability is triggered once a NickServ user is dropped or expires that has a CertFP entry attached to it which will not be cleaned up upon deletion of the user account.

This will cause the CertFP entry to be in limbo and might result in pointing the entry to an other account which will result in being able to identify as another user via that certificate fingerprint.

 

Atheme maintainer nenolod released an update for all currently maintained versions of the services package so it is advised that you upgrade your IRC services immediately.

 

The advisory can be found here and the original bug report can be found here.

InspIRCd 2.0.5 Vulnerability [Updated]

There has been a vulnerability reported in InspIRCd 2.0.5 and possibly other versions of the IRC daemon.

The problem lies in the buffer handling of dns.cpp, can be triggered by remote users and might result in arbitrary code execution according to the advisory.

 

There currently is a workaround in the form of a config setting, namely to set

<performance:nouserdns>

to yes.

 

There also have been pull requests on GitHub by Atheme developer nenolod which fix the underlying code, although those – as of now – haven’t been pulled in yet.

 

The fixes above have been pulled in and the official sources have been moved from Gitorious to GitHub.

 

Due to the serious nature of the vulnerability, watch the development of this closely and even though there currently are no reports of this vulnerability being exploited in the wild.

 

The advisory can be found here and one of the temporary InspIRCd websites (which is currently still down after a break-in into ChatSpike/InspIRCd servers) can be found here.

 

We’ll keep this entry updated on any new developments regarding this issue.

IRCjr – An IRC Client for DOS

There are IRC clients for every platform and every OS – wait, really every platform, every OS?

 

Lets see:

Windows? More than you can handle..

OS X? Sure

Linux/UNIX? Of course

 

…and more – i’ll spare you listing every platform there’s an IRC client for.

 

But.. what about DOS you say? Yes, yes – there is one: IRCjr.

 

It’s not only a proof-of-concept but is a fully-featured client. It supports CTCP messages such as /me and /version, has timestamps, logging to disk, a user-configurable scrollback buffer and supports every display from MDA/monochrome up to VGA resolutions and colors.

 

DOS IRC Client IRCjr running in DOSBox

DOS IRC Client IRCjr running in DOSBox

 

As you can see from the screenshot it sports a split-screen layout and according to its website it’ll run even on “the oldest 8088 based systems” from DOS 2.1 and newer.

 

Being in multiple channels and private messages at the same time is no problem – IRCjr is even compatible with multiple monitors, although it can only use one at a time.

 

Since DOS is pretty much obsolete these days and being asked about the reason why he wrote a program for a dead platform the programmer, Michael  Brutman, said that he had rediscovered the fun in retro computing and since all TCP/IP stacks for DOS sucked, he wrote his own and the first application he developed for it was IRCjr.

 

One of the main concerns while programming was stability and according to Michael Brutman it’s really stable and can be left running even in very busy channels such as #ubuntu on freenode without problems.

 

On the feature-side he said that he’s looking to bring multi-server support and maybe mIRC color codes into the client but sadly Unicode support is pretty much ruled out as most of the old hardware can’t load fonts.

 

So if you’re a retro computing enthusiast and addicted to IRC – give it a go and let us know what you think about it in the comments!

 

More details about the setup, configuration and capabilities of IRCjr can be found on the IRCjr website.

Anope releases v1.9.6

Anope has officially released v1.9.6 as of Feb. 3rd, 2012. This release has some major changes. Not only adds and fixes but some interior changes as well.

As of 1.9.6, Anope has changed some of the configuration, so it is recommended that users upgrading should start with a fresh configuration file.

There is also a new database format, so therefore the old db_plain has now been depreciated. It is recommended that users upgrading should read the example configuration on how to upgrade your databases.

Users using MySQL with previous versions will need to export their databases to flatfile first before importing into 1.9.6.

There have been some significant changes in this version, they are as followed:

  • Added ability to configure emails sent by services
  • Added chanserv/up and chanserv/down
  • Added m_proxyscan
  • Added more configurability for what vhosts are valid
  • Added chanserv/log
  • Added ability to configure ChanServ privileges
  • Added a new database format
  • Added SQLite support
  • Added more verbose messages on start up
  • Added ability for chanserv/suspend and nickserv/suspend to take an expiry time
  • Added no nickname ownership config option
  • Added m_rewrite
  • Added akill IDs
  • Fixed crash in clearusers
  • Fixed crash in /os oper info
  • Fixed eventfd Config check to work properly on OpenVZ

To download this version from the source, Click Here.
To download this version for Windows, Click Here.

Sources: http://www.anope.org/news_index.php

lightIRC v1.2.3 Build 101

As most already know, lightIRC is one of the most popular and most used Flash Clients used on IRC to this date. It has support for multiple languages, css styling, and even a webcam!

The newest version of lightIRC, recently released on Feb. 16, 2012 has added the following features:

  • Added Arabian (ar) translation
  • Parameter showVerboseUserInformation (default false) adds ident and host information for joins, parts and quits
  • Parameter targetFrame (default “_blank”) lets you specify the target frame for clicked URLs in the chat area
  • Fix: Focus did jump to channel input if identify password popup was open
  • Fix: Space key did accept webcam requests while typing a message
  • Fix: Errors occured if having webcam enabled without rtmfp parameter
  • Fix: webcamVideoOnly/webcamAudioOnly bug

lightIRC can be used for both personal use, as well as commercial use, which requires a special license. It can be easily used by all users no matter how IRC savvy they are. It can also be hosted either by yourself, or by using the lightIRC servers.

The most recent version can be obtained Here.

For more information regarding lightIRC, Click Here.