***Note to aleph1, replace this with what i sent you earlier plz, thanks.***
The FPSC-IRCD.txt advisory.
---------------------------
By: syg of the FPSC @3/7/98
ircdat_private
http://FPSC.hemp.net
Program affected:
IRCD
Versions affected:
All hybrid and other EFnet IRCD versions. Probably others.
Problem:
According to the date of this file, thier is a few bugs in hybrid IRCD
and maybe others. I've checked DALnet's source and it seems thiers is fixed
and not affected. The bug is in match.c of the source code and starts on line
204 at 'tolowertab[]'. Note the line that consists of the following:
"'t', 'u', 'v', 'w', 'x', 'y', 'z', '{', '|', '}', '~',". Then go to line 238
in match.c to 'touppertab[]'. Note the line that reads:
"'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '[', '\\', ']', '^'," and look at the two
lines. If you notice, it takes the '{' char and defines its uppercase char as
'[' as along with defining '|' to '\', '}' to ']', and '~' to '^'. What this
means is thier the same characters in channel names and nicknames.
Now what can you do with this in such a way it would be a problem?
You can spy on channels that consist of any one of those 8 characters below:
1) { --Defined as LowerCase [
2) [ --Defined as UpperCase {
3) } --Defined as LowerCase ]
4) ] --Defined as UpperCase }
5) | --Defined as LowerCase \
6) \ --Defined as UpperCase |
7) ~ --Defined as LowerCase ^
8) ^ --Defined as UpperCase ~
This problem and mIRC make a dangerous combination. Lets say a bunch of your
friends hang in #mIRC] and you run BitchX. All you have to do is join
#mIRC} and thier mIRC clients wont see you join the channel which means you
are a ghost and therefore are invisible. Another example would be...
two people are in #Love^2 and you ran BitchX. All you would have to do is
join #Love~2 and they wont see you join, therefore you can spy on thier
conversation all night long. Now if one of the mIRC people happened to type
"/names #mIRC]" or "/names #Love^2" you would magically pop up in the nick
list of the channel. That is also the same if someone joins the channel
after you have joined, you will show up in thier names list therefore it will
put you in thier nick list in the channel window. Be creative and have fun.
Logs:
The "->->->" is me telling you whats going on.
->->-> In mIRC I typed /join #[ with the nick mIRC-1
*** Now talking in #[
->->-> No one is in the channel but me in the nick list.
->->-> Then I looked in my status window and got the join info.
#[ @mIRC-1
#[ End of /NAMES list.
#[ created on Thu Feb 25 14:13:45
->->-> Then in another mIRC client I typed /join #{ with the nick mIRC-2
*** Now talking in #{
->->-> No one is in the channel but me in the nick list.
->->-> Then I looked in my status window and got the join info.
#[ mIRC-2 @mIRC-1
#{ End of /NAMES list.
#[ +
#[ created on Thu Feb 25 14:13:45
->->-> NOTE: I can't see mIRC-1 in the nick list in the channel.
->->-> I also can't see mIRC-2 in mIRC-1's nick list.
->->-> So basically it's like two different channels when you are in mIRC.
->->-> Let's now bring bitchX into play...
->->-> In BitchX under the nick BitchX-1 i typed /join #[
BitchX-1 [testat_private] has joined #[
[Users(#[:3)]
[ BitchX-1 ] [ mIRC-2 ] [@mIRC-1 ]
Channel #[ was created at Thu Feb 25 14:13:45 1999
BitchX: Join to #[ was synced in 0.391 secs!
->->-> Now under mIRC-1's client I saw...
*** BitchX-1 (testat_private) has joined #[
->->-> Which I should have because we are both in #[
->->-> But on the other hand, under mIRC-2's client( The one in #{ )...
->->-> I didn't see BitchX-1 join.
->->-> And as you can see, BitchX-1 see's mIRC-2 in the channel #[
->->-> Now let me type with all three of them.
->->-> Under all three clients I will type thier nick and chan to the channel.
->->-> Under BitchX-1's client I saw all three clients talk...
<mIRC-1> mIRC-1 #[
<mIRC-2> mIRC-2 #{
<BitchX-1> BitchX-1 #[
->->-> Under mIRC-1's client I saw myself and BitchX-1 type (We are both
in #[)
<mIRC-1> mIRC-1 #[
<BitchX-1> BitchX-1 #[
->->-> Under mIRC-2's client I saw myself type only ( Im in #{ )
<mIRC-2> mIRC-2 #{
->->-> As you can see mIRC-2 is being spy'd on by the BitchX client.
->->-> End of logs.
Sollution:
The fix would be to simply edit /src/match.c of the source code. DALnet
seems to have a nice match.c at ftp.dal.net in df467.tgz if you EFnet staff
need any ideas. We all hope to see this fixed in your next release of hybrid.
Final Notes:
IRCD coders and staff members of all networks and all IRCD versions need
to check your source for this bug and fix it before it gets abused... maybe it
was you in #^locals^ giving your phone number out to a friend which was being
spy'd on by another local enemy. Other than that, everyone keep up the good
work and so long. Also, thanks to sate for helping me test this out.
Questions/jobs/info/etc: ircdat_private -syg
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:38:22 PDT