[NEWS] Some IRC Servers Auto-DeOP Users Too Slowly
From: support@securiteam.comDate: 02/16/02
- Previous message: support@securiteam.com: "[NT] Falcon Web Server Authentication Circumvention Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Sat, 16 Feb 2002 17:47:22 +0100 (CET)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Some IRC Servers Auto-DeOP Users Too Slowly
------------------------------------------------------------------------
SUMMARY
Most IRC-Servers give the option of registering Channels. If a user enters
an empty registered channel, he is "deopped" automatically by the
ChanServ. On some IRC-Servers (for example: irc.euirc.net) this happens
too slowly, and as a result the person who enters the channel has operator
rights for a few seconds.
DETAILS
Impact:
Possible Denial of Service by placing a bot in the channel that sets any
mode. If nobody is in the channel, the channel modes seem to be resetted,
so someone has to "hold" the channel. Any Operator can reset the modes
with the ChanServ commands.
Exploit:
Connect to a vulnerable IRC-Server (for example irc.euirc.net). Before you
join a channel copy the string "/topic #channel 123456". For #channel just
enter the empty but registered channel in which you want to set the topic
"123456". Now enter #channel, paste the string as fast as possible into
the chat window, and press Enter. If you were fast enough, the new topic
is set.
Solution:
A final solution could only implement on the server. As a temporary
solution, you should check that topiclock and the modelock are activated
in your ChanServ properties. The result is that only privileged users are
allowed to change the Channel Modes.
ADDITIONAL INFORMATION
The information has been provided by <mailto:genius28@gmx.de> Florian
Hobelsberger / BlueScreen.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[NT] Falcon Web Server Authentication Circumvention Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
