www.IRC-Junkie.org – IRC News

“This website is temporary down because the idiot admin (i.e. me) didn’t update phpBB to a non exploitable version” webmaster Doc stated on the Bahamut-community.org website.

Bahamut-community.org is a website with got started to help users with this popular IRCd, and to relieve the support channel #bahamut on DALnet from FAQ’s.

The website is based on the popular phpBB forum software, which recently saw an important update due to a serious exploit. Webmaster Doc stated in a  reaction to IRC-Junkie: “I had been warned about it soon after it came out by several people, however I’ve recently just got a job and a new girlfriend, so I’ve had very little time for the internet :. I guess this has taught me a lesson.”

Since a few days channel managers of XXX password channels on DALnet have been directed to read this page. “You have been directed to this page because you are listed as founder on a channel which has been reported to us as a location where passwords for adult sites are traded”, the page starts.

Users of the Undernet network have noticed the site has been down for a few days. The website had an old calendar PHP script which was unused, but never deleted from the site.

“The calendar had an exploit that allowed users to read local files on the server by issuing local commands thought the php query string”, the admin of the Undernet website magic explained IRC-Junkie in a reaction.

“The website is running in a jail so he was unable to get anything of importance. He was able to read a very old sql dump where all password except two test passwords was encrypted using MD5.”

“As you may have noticed, earlier today the password for every Q account was changed. This was due to a suspected leak of some encrypted passwords from the QuakeNet website, shortly beforehand, causing the passwords to be changed as a precautionary measure whilst we investigated”, magpie reports at the QuakeNet website.

The site also recommends that if you use this same password for other services, on IRC or not, to change those passwords as well.

“We would like to assure users that we are working hard to ensure this cannot happen again, and we apologise for any inconvenience caused”, magpie finishes.

The well known bouncer BNC contains a remote buffer overflow exploit.

“There is a buffer overflow vulnerability in getnickuserhost() function that is called when BNC is processing response from some IRC server. When BNC is connected to some IRC server, it will send ‘USER’ and ‘NICK’ command. Server response is at some point processed with getnickuserhost() function.” This post at Security Focus explains.

The overflow is present in version 2.8.9 and below. “Vulnerability can be exploited if attacker tricks user to connect to his fake IRC server that will exploit this vulnerability. If the attacker has access to BNC proxy server, this vulnerability can be used to gain shell access on machine here BNC proxy server is set.“, the Security Focus post explains.