[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

new vulnerability

To: ircd-users@xxxxxxx
Subject: new vulnerability
From: Christophe Kalt <kalt@xxxxxxxxxxx>
Date: Sat, 22 May 1999 16:58:59 -0400
Delivered-to: ircd-users-out@irc.org
Delivered-to: ircd-users@irc.org
Mail-followup-to: ircd-users@irc.org

Hi,

a new problem was found in the IRC server which potentially
affects all existing versions which are configured to use
iauth.  Exploiting this problem allow a user to generate
network splits.

Fortunately, there is a quick fix which consists of:
	a) not running iauth
or
	b) disabling the rfc931 module

A patch will be released early next week, to allow some time
for admins to install the workaround described above.

Christophe

Attachment: pgp00013.pgp
Description: PGP signature

Follow-Ups:
- critical iauth fix (Re: new vulnerability)
  - From: Christophe Kalt

Prev by Date: Re: ircd2.10.2 and IPv6
Next by Date: Re: ircd2.10.2 and IPv6
Previous by thread: Re: ircd2.10.2 and IPv6
Next by thread: critical iauth fix (Re: new vulnerability)
Index(es):
- Date
- Thread