>From: Kevin Day <toastyat_private> >To: BUGTRAQat_private >Subject: ircd exploit in ircu based code > >Most irc networks using ircu based servers have a bug that can cause users >to segfault the server. > >In m_join, the code doesn't check to see if get_channel returned failure (by >returning NULL). As of now I can't even find this bug in the oldest versions of our code, for sure isn't there in u2.10.06, I still have to check on the previous 2.10.05 that is still packaged in some Linux/BSD distributions. Would you please let me know in what version of the Undernet's code you found it and, in case there is still a way to core the current servers report the way to exploit it on bugsat_private ? We would appreciate a lot if any bug that can cause a server coredump is reported on bugsat_private with a few days of advantage respect to the other public lists... so we can fix it on te fly (we happen to have a living network with 38k users on it...). Thanks a lot, Andrea aka Nemesi, Undernet's coder committee.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:52:23 PDT