Hi there, At 1:55 +0200 10-08-1999, Simon Coggins wrote: >I'm sure your all on the list but just incase. > >----- Original Message ----- >From: <psychoidat_private> >> qident does not check sucessfully for spaces and characters >> as like *, ! and @. >> >> When using an ident as like "@o ! ! !", o would be treated as >> host, the parameters which are left, would be enhanced by the number of >> spaces provided by the ident. thanks for the report, no I am not on bugtraq, I rely on people in there contacting us to forward what's relevant ;) As reported I don't think this problem exists on undernet's codebase, since version .02 or such the reply of ident is strongly checked and allows a very restricted set of chars, dropping off (either by replacing them with _ or by forcing them to terminate the userid) basically any non plain ascii char and any char that has a special meaning to the irc protocol. Should something have slipped out of the checks.. jst report it to me and will be fixed on the fly, as of now I think that Undernet's ircu is safe from this kind of exploit. Regards, Andrea aka Nemesi Undernet's coders committee. [P.S.: Why there are on bugtraq 50 persons unable to tell their "vacation" message to not be sent to the posters of the mailing lists ? Lameness....]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:55:54 PDT