[NEWS] OpenProjects IRCD Allows DNS Spoofing
From: support@securiteam.comDate: 10/11/01
- Previous message: support@securiteam.com: "[TOOL] VMA Read Write Checking Tool"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Subject: [NEWS] OpenProjects IRCD Allows DNS Spoofing Message-Id: <20011011102301.AE1D4138BF@mail.der-keiler.de> Date: Thu, 11 Oct 2001 12:23:01 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
OpenProjects IRCD Allows DNS Spoofing
------------------------------------------------------------------------
SUMMARY
OpenProjects.net's ircd suffers from a security vulnerability due to lack
of a proper double-reverse DNS lookup. This allows attackers to spoof any
hostname that actually exists on the internet.
DETAILS
Vulnerable systems:
OpenProjects u2.10.05.18.(ipcheck4-5)
Recreate:
1. Choose a Hostname to Spoof. It is important to keep in mind that you
must choose a hostname that actually exists, for our example we will use
'host.example.com'
2. Point Your Reverse Lookup To The Hostname. For our example, we will put
the following in our BIND zonefile: 1.2.3.4.in-addr.arpa. IN PTR
host.example.com.
Where we will assume you are using the same IP I used, 1.2.3.4.
3. Connect To A Vulnerable IRC Server. BitchX -H 1.2.3.4 jmutex
asimov.openprojects.net
Try a WHOIS on yourself.
/whois jmutex
jmutex (jmutex@ host.example.com)
ircname : Jukka Mutex
server : asimov.openprojects.net (Fremont, CA)
idle : 0 hours 0 mins 24 secs (signon: Tue Oct 9 05:32:16 2001)
ADDITIONAL INFORMATION
The information has been provided by <mailto:jmutex@Aphex.NewGold.NET>
Jukka Mutex, <mailto:chrisj@newgold.net> chrisj@newgold.net and Joseph
Mallett.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[TOOL] VMA Read Write Checking Tool"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
- RE: HTTP request working via hostname but not via IP address
... Sometimes you can get the hostname return the correct IP, ... Concerned about
Web Application Security? ... Download FREE whitepaper on how a managed service
... Download FREE whitepaper on how a managed service can ... (Pen-Test) - Re: block internet at two workstations
... protocol identifier, not a hostname. ... files, the IP is listed first, then
the hostname. ... to your HOSTS, ... Thinking About Security Training?
... (Security-Basics) - Re: X11 forwarding after suing
... changing users remotely (especially to root with su/sudo) ... Comments please
on the security side of this 'solution' and the ... "ListenAddress <hostname
on ethx>" ... ACL allow, hostname, root, dummy0 ... (SSH) - ISS Security Audit
... We recently had a security audit of our network by our corporate network ...
The software they used was "ISS Internet Scanner v. ... HostName: ... (comp.security.misc) - Security Audit
... recently had a security audit of our network by our corporate network ...
The software they used was "ISS Internet Scanner v. ... HostName: ... (microsoft.public.win2000.security)
