I need to point out the facts about Pirch. With the release of Pirch 1.0 that problem is fixed on New installs. Pirch creates the subdirectory for the downloads and set it to that in the prefs now. This only applies to new installs not upgrades. For people upgrading they will have to create a download directory and set it in there prefs. I would hope that none of the pirch users would be downloading there stuff to the system dir of pirch anyway... Hope that helps clairfy this string. StudNo1 Dalnet IRCop -----Original Message----- From: Security Admin <adminat_private> To: BUGTRAQat_private <BUGTRAQat_private> Date: Friday, November 20, 1998 1:42 PM Subject: Re: Old IRC Client bug Re-Applied >As far as I knew, Pirch development was discontinued quite sometime ago >(although going to the official home page now reveals they've got a new >domain), so if thats the case, fixing this bug will be up to the >individual user.. although the VAST majority of windows IRC users use mIRC >anyway... > >-pat > >On Thu, 12 Nov 1998, rewtat_private wrote: > >> If this has already been announced, well, screw me. >> >> Problem: >> The IRC (Internet Relay Chat) Client, pIRCh automatically assigns >> your main pirch directory to where DCC downloads are sent. >> >> Exploit: >> You can replace someone's script file with a malicious one, >> therefore recieving control over an ignorant irc tenant. This can be >> done by sending a replacement file via DCC to the user. Most >> people could tell the user that it was something cool, and they >> would accept it. >> >> Fix: >> Simply goto Tools.. then Preferences. Flip to the DCC tab and >> change your default DCC recieve directory to something that is not >> the main pIRCh directory. >> >> Tested On: >> pIRCh32 0.92 >> If there's a new version out that fixes it, well crap, I'm sorry for >> taking up your time. >> >> Cheers, >> REwT <rewtat_private> >> PaKT-TeCH Sekurity | REwT Technologies >> >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:24:07 PDT