This is the new home of the egghelp.org community forum.
All data has been migrated (including user logins/passwords) to a new phpBB version.


For more information, see this announcement post. Click the X in the top right-corner of this box to dismiss this message.

fanthomatic eggdrop 1.6.15 exploit?

Old posts that have not been replied to for several years.
Locked
User avatar
FIDe`
Voice
Posts: 32
Joined: Fri Feb 21, 2003 5:41 am
Location: Naples, Italy

fanthomatic eggdrop 1.6.15 exploit?

Post by FIDe` »

today, logging in my outlandz.net shell account, I found this in MOTD:

|
|**NOTICE**
|
| "Eggdrop.1.6.15 is a bug trap. it creates new +n users. do NOT upgrade to it."
Its openly exploitable. |
|
|
|7/14/03

anyone knows about it..?
I hope it's a hoax.
tnx for answers
g
guppy
eggdrop engineer
Posts: 199
Joined: Mon Sep 24, 2001 8:00 pm
Location: Canada
Contact:

Post by guppy »

not that I know of -- 1.6.15 has bugs but none of them are security ones as far as I know.
e
egghead
Master
Posts: 481
Joined: Mon Oct 29, 2001 8:00 pm
Contact:

Re: fanthomatic eggdrop 1.6.15 exploit?

Post by egghead »

FIDe` wrote:today, logging in my outlandz.net shell account, I found this in MOTD:

|
|**NOTICE**
|
| "Eggdrop.1.6.15 is a bug trap. it creates new +n users. do NOT upgrade to it."
Its openly exploitable. |
|
|
|7/14/03

anyone knows about it..?
I hope it's a hoax.
tnx for answers
FIDe`, can you contact the admins of that shell and ask them to forward any info on that exploit, if there is one, and forward it to guppy privately?
User avatar
FIDe`
Voice
Posts: 32
Joined: Fri Feb 21, 2003 5:41 am
Location: Naples, Italy

Post by FIDe` »

ok, I'm going to send a mail to the admin, if he tells me something interesting I will forward it to guppy :wink:
User avatar
Dedan
Master
Posts: 260
Joined: Wed Jul 09, 2003 10:50 pm
Location: Memphis

Post by Dedan »

I would like to know if there is abuse.
I am not asking for information about
it, just if there is one.
I once was an intelligent young man, now i am old and i can not remember who i was.
User avatar
GodOfSuicide
Master
Posts: 463
Joined: Mon Jun 17, 2002 8:00 pm
Location: Austria

Post by GodOfSuicide »

i havent found anything about this yet..(packetstorm etc)
User avatar
FIDe`
Voice
Posts: 32
Joined: Fri Feb 21, 2003 5:41 am
Location: Naples, Italy

Post by FIDe` »

egghead, I forwarded to guppy the infos that the admin gave me about that issues :)
User avatar
Dedan
Master
Posts: 260
Joined: Wed Jul 09, 2003 10:50 pm
Location: Memphis

Post by Dedan »

Does there seem to be a real abuse?
I once was an intelligent young man, now i am old and i can not remember who i was.
User avatar
caesar
Mint Rubber
Posts: 3778
Joined: Sun Oct 14, 2001 8:00 pm
Location: Mint Factory

Post by caesar »

The only thing that comes in my mind about the +n thing is that some (l)users forgot to remove the learn users and/or the open telnets, I mean set them to 0 after they made theyr *first* account, when they are creating the userfile for the first time. Hope this is the *real* problem.. :)
Once the game is over, the king and the pawn go back in the same box.
p
ppslim
Revered One
Posts: 3914
Joined: Sun Sep 23, 2001 8:00 pm
Location: Liverpool, England

Post by ppslim »

I have had a look at the problem reported, and so far am unable to replicate what has been shown.

So far, I have only generated 15 nickname likes those discribed in the report, so guess I might need to try further (500+ say).

There are however a few things to consider in what tests they conducted.

1: They removed scripts, due didn't restart the bot fully
2: Learn users (as sugested)

You should note to them, if they feel there are bugs, to present further and more clear evidance of what happened. It would help a lot if we knew exactly what nicknames and idents caused it to happen on there systems.

As for password sniffing. This is somthing that would also need to be elaborated further. I can name a few ways to sniff out password in eggdrop, but these are known, and are more a side effect of the debug process.

Scripts again can cause this. I have a bug in my own secure logging system that shows peoples passwords (it's still perfectly secure thank god).

While I am not going to deny outright that these issues do not exist, as there may be perfectly good explanations, they may be bugs they may be somthing else. The fact remains, what they presented was small and has obviously never been seen by the development team, there was also a lack of information (though there may be good grounds for that).
Locked