SIRCD May Grant Operator Privileges to Remote Authenticated Users
|
|
SecurityTracker Alert ID: 1008279
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Nov 22 2003
|
Impact: User access via network
|
Exploit Included: Yes
|
Version(s): 0.5.2, 0.5.3
|
Description: A vulnerability was reported in the Smart IRC Daemon (SIRCD). A remote authenticated user may be able to gain operator privileges.
It is reported that a remote authenticated user can set their usermode to '+o' as follows:
MODE <nick> +o
The flaw reportedly resides in 's_client.c'.
The vendor has reportedly been notified.
|
Impact: A remote authenticated user can gain operator privileges on an IRC channel.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.sircd.org/ (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Linux (Any), UNIX (Any)
|
Reported By: Victor Jerlin <vigge@vigge.fulhack.nu>
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 20 Nov 2003 17:30:02 +0100 (CET)
From: Victor Jerlin <vigge@vigge.fulhack.nu>
Subject: SIRCD: Anyone can set umode +o(oper).
|
I recently accidentially set my own usermode to +o in SIRCD, (MODE <nick>
+o), and hey! I was oper! :)
Versions affected is atleast 0.5.2 och 0.5.3..
The developer has been informed about this, and I assume that it will be
fixed ASAP. Here's a quick fix for those who doesnt have time to wait (at
least I think it works, but had no time modifying the sourcecode so it
could compile on my system).
sircd/s_client.c
On row 844 change:
if (action > 0 && !chk) break;"
to:
if (action > 0 && !chk && strcmp(cl->name, target->name)) break;
|
|
