[UNIX] psyBNC Allows Encrypted Text to be "spoofed" in Others IRC Terminals
From: support@securiteam.comDate: 01/25/02
- Previous message: support@securiteam.com: "[UNIX] DNRD Contains Security Vulnerabilities (Request, Reply)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Fri, 25 Jan 2002 15:47:39 +0100 (CET)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
psyBNC Allows Encrypted Text to be "spoofed" in Others IRC Terminals
------------------------------------------------------------------------
SUMMARY
<http://www.psychoid.lam3rz.de> psyBNC is an IRC bouncer with a variety
of features. One of these features in encryption of IRC text, with keys
set on a per-channel basis. Someone (call them person A) in an IRC channel
where psyBNC users are chatting encrypted can generate channel text that
would make these encrypted users think person A is trusted and using their
key. Person A would NOT be able to see their conversation but could
"insert" lines into it.
DETAILS
Vulnerable systems:
psyBNC version 2.3 Beta
When running psyBNC and encrypting channels, all other encrypted users'
text lines being with the string "[B]". This is the flag for psyBNC to
attempt to decrypt all following text. The [B] also appears in the IRC
terminal window. If a NON-encrypted user begins a line of text with a [B]
this will not matter, no other encrypted user will see what was written,
as psyBNC will attempt to decrypt it and fail doing so, leaving the line
blank after the [B]
However, if a non-encrypted user begins a line with "[" then inserts ANSI
codes, such as turning bold on and back off again, then "B]" the encrypted
users will see the "[B]" normally AND all text that the user wrote.
Exploit:
A non-trusted, non-encrypted user (person A) who has gained access to a
channel where psyBNC users are speaking using channel encryption could
fool these users into thinking that person A is encrypted along with them
and that they should be trusted. person A would NOT be able to read the
encrypted conversation but WOULD be able to type a line of text such as,
say, "[B] I am at my cousin's university but I need something from the FTP
server... could you please add this IP mask to the allowed hosts for my
account?"
Risk:
Low, mainly social engineering, and even then the victim must be obeying
orders or fulfilling a request by someone who cannot reply to any comments
directed to him/her. This is not likely if the victim is competent enough
to use an encrypted IRC bouncer.
ADDITIONAL INFORMATION
The information has been provided by <mailto:brea@physiometrics.net>
Brian Rea.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[UNIX] DNRD Contains Security Vulnerabilities (Request, Reply)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
