Re: Long-standing bug in AustNet IRC network Virtual World

From: Roger Yerramsetti (rogeryat_private)
Date: Mon Apr 05 1999 - 18:04:22 PDT

Next message: Jan Vogelgesang: "security hole in ICQ-Webserver"

Previous message: Joshua R. Poulson: "Re: Security Hole in Java 2 (and JDK 1.1.x)"
Maybe in reply to: Grant Bayley: "Long-standing bug in AustNet IRC network Virtual World"
Next in thread: Paul McGovern: "Re: Long-standing bug in AustNet IRC network Virtual World"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 5 Apr 1999, Grant Bayley wrote:

| I've documented (with examples) a long standing bug in the AustNet IRC
| network "Virtual World" service which masks user IP address/hostnames for
| the purpose of preventing nukes and other fun things.

This /WHO problem has been known, and was fixed in servd7.5 with the
following lines of code.

          (!IsAnOper(sptr) || match(mymask, acptr->user->host)) &&
          (!IsVirtual(acptr) || match(mymask, acptr->user->virthost)) &&
          (IsVirtual(acptr) || match(mymask, acptr->user->host)) &&

servd7.5 has been pending for a while now, and its release has been mainly
held up whilst writing some code and systems to combat the open proxy
riding issue (not using a plain port 23/1080 test). That code I believe is
very close to release, only testing remains now.

Contrary to the webpage mentioned, austhex is not closed source. Our
source code is and has been freely downloadable, through
http://www.download.net.au which is affiliated with one of our irc servers
(we do not have an ftp.austnet.org site). Simply search for austhex at
www.download.net.au.

Our services are closed source software however and copyright to myself,
but that has nothing to do with VirtualWorld.


I've put a patch on

http://www.austnet.org/ircd/austhex.servd7.4.vwfix.PATCH.gz

for those using servd7.4 to fix the problem until servd7.5 is released
(which will be announced to our mailing list austnetat_private).


If ircd availability is important on the webpage then:

servd7.4 source:
                  http://www.austnet.org/ircd/austhex.servd7.4.tgz
servd7.4 with above patch:
                  http://www.austnet.org/ircd/austhex.servd7.4.whofix.tgz

I shall get our austnet.org webmaster to create some appropiate pages when
he returns from university for http://www.austnet.org/ircd (which will
also have links to austhex.servd7.5 when released).

-----
Roger Yerramsetti      [   rogeryat_private   ]  if (sleep) {
Snr Sys Administrator  [ http://www.wantree.com.au ]   /* as if :) */
Wantree Internet       [     Ph: (08) 9221 8899    ]  }

Next message: Jan Vogelgesang: "security hole in ICQ-Webserver"
Previous message: Joshua R. Poulson: "Re: Security Hole in Java 2 (and JDK 1.1.x)"
Maybe in reply to: Grant Bayley: "Long-standing bug in AustNet IRC network Virtual World"
Next in thread: Paul McGovern: "Re: Long-standing bug in AustNet IRC network Virtual World"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:41:34 PDT