Old IRC Client bug Re-Applied

From: rewtat_private
Date: Thu Nov 12 1998 - 09:20:56 PST

Next message: Eric Kimminau: "Re: Gandalf xpresstack bug"

Previous message: Marc Slemko: "Re: NT DNS hacked ... ?"
Next in thread: knarphat_private-CORP.COM: "Re: Old IRC Client bug Re-Applied"
Reply: knarphat_private-CORP.COM: "Re: Old IRC Client bug Re-Applied"
Reply: Security Admin: "Re: Old IRC Client bug Re-Applied"
Reply: IRCop: "Re: Old IRC Client bug Re-Applied"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

If this has already been announced, well, screw me.

Problem:
The IRC (Internet Relay Chat) Client, pIRCh automatically assigns
your main pirch directory to where DCC downloads are sent.

Exploit:
You can replace someone's script file with a malicious one,
therefore recieving control over an ignorant irc tenant. This can be
done by sending a replacement file via DCC to the user. Most
people could tell the user that it was something cool, and they
would accept it.

Fix:
Simply goto Tools.. then Preferences. Flip to the DCC tab and
change your default DCC recieve directory to something that is not
the main pIRCh directory.

Tested On:
pIRCh32 0.92
If there's a new version out that fixes it, well crap, I'm sorry for
taking up your time.

Cheers,
REwT <rewtat_private>
PaKT-TeCH Sekurity | REwT Technologies

Next message: Eric Kimminau: "Re: Gandalf xpresstack bug"
Previous message: Marc Slemko: "Re: NT DNS hacked ... ?"
Next in thread: knarphat_private-CORP.COM: "Re: Old IRC Client bug Re-Applied"
Reply: knarphat_private-CORP.COM: "Re: Old IRC Client bug Re-Applied"
Reply: Security Admin: "Re: Old IRC Client bug Re-Applied"
Reply: IRCop: "Re: Old IRC Client bug Re-Applied"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:23:09 PDT