Menu

#26 [SECURITY] ANY OPERATOR CAN GIVE THEMSELVES ANY MODE

security_bugs
closed-fixed
9
2005-04-18
2004-02-06
Keith Gable
No

This is a security bulletin (I guess). Local IRC
Operators can become Global IRC Operators by using an
unofficial command that was added for opers by the
original pureIRCd crew. I'm not going to reveal this,
just in case some local operator wants to abuse the
system. However, this bug takes all priority over all
other bugs and all tasks.

Discussion

  • Keith Gable

    Keith Gable - 2004-02-06

    Logged In: YES
    user_id=919946

    Wow. This bug is serious. Any level operator can give
    themselves any mode, including the ability to /restart and
    /die. This is critical enough to release a patch to 0.1.2-R2.

     
  • Keith Gable

    Keith Gable - 2004-02-06
    • summary: [SECURITY] LocOps can make themselves GlobOps! --> [SECURITY] ANY OPERATOR CAN GIVE THEMSELVES ANY MODE
     
  • Keith Gable

    Keith Gable - 2004-02-06
    • milestone: 359421 --> 374653
     
  • Keith Gable

    Keith Gable - 2004-02-06

    Logged In: YES
    user_id=919946

    The reported bug has been fixed in the sourcecode and will be
    avaliable in the CVS within the next 24 hours.

     
  • Keith Gable

    Keith Gable - 2004-02-06
    • milestone: 374653 --> 359422
    • status: open --> closed-fixed
     
  • Nigel Jones

    Nigel Jones - 2004-03-01
    • milestone: 359422 --> 359423
     
  • Nigel Jones

    Nigel Jones - 2004-03-01

    Logged In: YES
    user_id=924961

    The reported bug has now being included in an offical release. In
    this case ignitionServer 0.2.1(BETA RC1).

    If this bug still exists please create a new bug refering to this bug.

     
  • Keith Gable

    Keith Gable - 2005-04-18
    • milestone: 359423 --> security_bugs
     

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.