lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <Pine.LNX.4.58.0311201721060.26449@Pepsi>
Date: Thu, 20 Nov 2003 17:30:02 +0100 (CET)
From: Victor Jerlin <vigge@...ge.fulhack.nu>
To: bugtraq@...urityfocus.com
Subject: SIRCD: Anyone can set umode +o(oper).


I recently accidentially set my own usermode to +o in SIRCD, (MODE <nick>
+o), and hey! I was oper! :)

Versions affected is atleast 0.5.2 och 0.5.3..

The developer has been informed about this, and I assume that it will be
fixed ASAP. Here's a quick fix for those who doesnt have time to wait (at
least I think it works, but had no time modifying the sourcecode so it
could compile on my system).

sircd/s_client.c
On row 844 change:
  if (action > 0 && !chk) break;"
to:
  if (action > 0 && !chk && strcmp(cl->name, target->name)) break;

Powered by blists - more mailing lists