Hello, I've just found a big hole in services provided by IRC networks. The services in question are Chanserv, Nickserv, Memoserv. I've found them at Portuguese IRC Network aka PTNET but I think these can be applied to other IRC networks that are based around DALNET code since PTNET is a modified version of Dalnet code. If this doesn't work in other IRC networks at least can be a good example of very bad programming in areas related to security and networking. So let's start with a bit of background so everyone can understand what happened... As I said PTNET is based in Dalnet code and a some time ago started to provide 3 services to users: Chanserv ( for channels) , Nickserv ( for registering nicks) and Memoserv (to leave notes to other users). One of the problems with these services were when a netsplit occured you had to identify your nick when the servers rejoined so you can imagine how annoying it can be always having to identify the nick back every network split. So it came the new version of the servers this time with a nice feature ! You didnt need to identify the nick when the servers rejoined from the split ! The first time I saw this I tought about how would the services recognize me as the true nick before the split... I never had the chance to test this theory until some days ago. So one server splitted and I took a nick from one administrator that wasn't even online ! And for my surprise when the servers rejoined I had full access to administrator privileges ! It just recognized the nick as a valid one and gave me the privileges. This feature as you can see is very very badly coded ( hi tourist, pantmar and rob_ :) ) and it's a huge security hole because anyone can just ride a split and take a administrator nick and then do whatever he wants ( you could get some user nick and what all his memos and do whatever you feel to his nick). This type of thing occurs because the server doesn't make any check, only checking if the nick exists in it's database. One solution of this problem would be keeping a database of user/ip before the split and then compare when servers rejoin. Coding something that is working on a open environment without any checks makes the coders being guilty in every attack the network suffers. There's no absolute security in a computer but these stupid things can be avoided and contribute to a more secure networking environment. I think Dalnet and other networks use the same services so if they could be exploitable too. Hoping my little contribute to be usefull to improve security around the world, Fractal Guru Any doubt feel free to email me! Greetings to : Smiler, Jaeger, Origin, Psy, Bibo, all TRPS members and the rest of my friends around the world! -- Student at Oporto Faculty of Economy - Porto - Portugal Email: fractalgat_private iCQ #: 17994722 WWW soon at http://www.dual-security.com
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:38:53 PDT