lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.58.0311201721060.26449@Pepsi> Date: Thu, 20 Nov 2003 17:30:02 +0100 (CET) From: Victor Jerlin <vigge@...ge.fulhack.nu> To: bugtraq@...urityfocus.com Subject: SIRCD: Anyone can set umode +o(oper). I recently accidentially set my own usermode to +o in SIRCD, (MODE <nick> +o), and hey! I was oper! :) Versions affected is atleast 0.5.2 och 0.5.3.. The developer has been informed about this, and I assume that it will be fixed ASAP. Here's a quick fix for those who doesnt have time to wait (at least I think it works, but had no time modifying the sourcecode so it could compile on my system). sircd/s_client.c On row 844 change: if (action > 0 && !chk) break;" to: if (action > 0 && !chk && strcmp(cl->name, target->name)) break;
Powered by blists - more mailing lists