]>
Commit | Line | Data |
---|---|---|
3bd189cb JR |
1 | <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> |
2 | <HTML> | |
3 | <HEAD> | |
4 | <TITLE> [IRCServices] unhappy restart quirks with 5.0.10 (was 5.0.9) | |
5 | </TITLE> | |
6 | <LINK REL="Index" HREF="index.html" > | |
7 | <LINK REL="made" HREF="mailto:ircservices%40ircservices.za.net?Subject=%5BIRCServices%5D%20unhappy%20restart%20quirks%20with%205.0.10%20%28was%205.0.9%29&In-Reply-To=Pine.LNX.4.53L0.0302221955380.5210%40phoenix.siarch.net"> | |
8 | <META NAME="robots" CONTENT="index,nofollow"> | |
9 | <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> | |
10 | <LINK REL="Previous" HREF="003595.html"> | |
11 | <LINK REL="Next" HREF="003596.html"> | |
12 | </HEAD> | |
13 | <BODY BGCOLOR="#ffffff"> | |
14 | <H1>[IRCServices] unhappy restart quirks with 5.0.10 (was 5.0.9)</H1> | |
15 | <B>Andrew Church</B> | |
16 | <A HREF="mailto:ircservices%40ircservices.za.net?Subject=%5BIRCServices%5D%20unhappy%20restart%20quirks%20with%205.0.10%20%28was%205.0.9%29&In-Reply-To=Pine.LNX.4.53L0.0302221955380.5210%40phoenix.siarch.net" | |
17 | TITLE="[IRCServices] unhappy restart quirks with 5.0.10 (was 5.0.9)">achurch at achurch.org | |
18 | </A><BR> | |
19 | <I>Sun Feb 23 09:45:50 PST 2003</I> | |
20 | <P><UL> | |
21 | <LI>Previous message: <A HREF="003595.html">[IRCServices] unhappy restart quirks with 5.0.10 (was 5.0.9) | |
22 | </A></li> | |
23 | <LI>Next message: <A HREF="003596.html">[IRCServices] Problem with v5.0.11 | |
24 | </A></li> | |
25 | <LI> <B>Messages sorted by:</B> | |
26 | <a href="date.html#3597">[ date ]</a> | |
27 | <a href="thread.html#3597">[ thread ]</a> | |
28 | <a href="subject.html#3597">[ subject ]</a> | |
29 | <a href="author.html#3597">[ author ]</a> | |
30 | </LI> | |
31 | </UL> | |
32 | <HR> | |
33 | <!--beginarticle--> | |
34 | <PRE>><i>Now the obvious corollary question: with a single unlinked server running | |
35 | </I>><i>Unreal 3.2 with IRCServices U:lined in - are there any security issues | |
36 | </I>><i>raised by disabling NoSplitRecovery? I.e. there any way a malicious | |
37 | </I>><i>client could fake a timestamp during an /msg operserv restart to steal | |
38 | </I>><i>somebody's nick privileges? | |
39 | </I> | |
40 | Zero (for all practical purposes) under Unreal. From the source code | |
41 | (modules/nickserv/util.c): | |
42 | ||
43 | /* | |
44 | * This can be exploited to gain improper privilege if an attacker | |
45 | * has the same Services stamp, username and hostname as the | |
46 | * victim. | |
47 | * | |
48 | * Under ircd.dal 4.4.15+ (Dreamforge) and other servers supporting | |
49 | * a Services stamp, Services guarantees that the first condition | |
50 | * cannot occur unless the stamp counter rolls over (2^31-1 client | |
51 | * connections). This is practically infeasible given present | |
52 | * technology. As an example, on a network of 30 servers, an | |
53 | * attack introducing 50 new clients every second on every server, | |
54 | * requiring at least 10-15 megabits of bandwidth, would need to be | |
55 | * sustained for over 16 days to cause the stamp to roll over. | |
56 | * | |
57 | * Under other servers, an attack is theoretically possible, but | |
58 | * would require access to either the computer the victim is using | |
59 | * for IRC or the DNS servers for the victim's domain and IP | |
60 | * address range in order to have the same hostname, and would | |
61 | * require that the attacker connect so that he has the same server | |
62 | * timestamp as the victim. Practically, the former can be | |
63 | * accomplished either by finding a victim who uses a shell account | |
64 | * on a multiuser system and obtaining an account on the same | |
65 | * system, or through the scripting capabilities of many IRC | |
66 | * clients combined with social engineering; the latter could be | |
67 | * accomplished by finding a server with a clock slower than that | |
68 | * of the victim's server and timing the connection attempt | |
69 | * properly. | |
70 | * | |
71 | * If someone gets a hacked server into your network, all bets are | |
72 | * off. | |
73 | */ | |
74 | ||
75 | ||
76 | --Andrew Church | |
77 | <A HREF="http://www.ircservices.za.net/mailman/listinfo/ircservices">achurch at achurch.org</A> | |
78 | <A HREF="http://achurch.org/">http://achurch.org/</A> | |
79 | </PRE> | |
80 | ||
81 | <!--endarticle--> | |
82 | <HR> | |
83 | <P><UL> | |
84 | <!--threads--> | |
85 | <LI>Previous message: <A HREF="003595.html">[IRCServices] unhappy restart quirks with 5.0.10 (was 5.0.9) | |
86 | </A></li> | |
87 | <LI>Next message: <A HREF="003596.html">[IRCServices] Problem with v5.0.11 | |
88 | </A></li> | |
89 | <LI> <B>Messages sorted by:</B> | |
90 | <a href="date.html#3597">[ date ]</a> | |
91 | <a href="thread.html#3597">[ thread ]</a> | |
92 | <a href="subject.html#3597">[ subject ]</a> | |
93 | <a href="author.html#3597">[ author ]</a> | |
94 | </LI> | |
95 | </UL> | |
96 | ||
97 | </body></html> |