supposed 1.6.x eggdrop exploit posted on bugtraq

subsoniq · Post by **subsoniq** » Mon Feb 09, 2004 10:41 pm

I'm not a programmer so I cant' make heads or tails if this is legitimate:

http://www.securityfocus.com/archive/1/ ... 04-02-13/0

bobjuh · Post by **bobjuh** » Tue Feb 10, 2004 6:42 am

subsoniq wrote:I'm not a programmer so I cant' make heads or tails if this is legitimate:

http://www.securityfocus.com/archive/1/ ... 04-02-13/0

The origenal mail

http://mogan.nonsoloirc.com/egg_advisory.txt also was send to eggdev list

egghead · Post by **egghead** » Tue Feb 10, 2004 11:10 am

bobjuh wrote: The origenal mail

http://mogan.nonsoloirc.com/egg_advisory.txt also was send to eggdev list

Yeah, from that message:

Issue date: 07/02/2004
[snip]
Vendor status:
===============
Notified on 07 February 2004

/me nods

GodOfSuicide · Post by **GodOfSuicide** » Thu Feb 12, 2004 7:17 am

btw, is there a patch for .13 out ? dont want to upgrade

ppslim · Post by **ppslim** » Thu Feb 12, 2004 7:36 am

It has been fixed, though there are no work arounds other than to upgrade to 1.6.16 (when made available soon we hope) or to patch your current version.

Let me know what versions you want guys, and I will try and fix some patches up.

bobjuh · Post by **bobjuh** » Thu Feb 12, 2004 10:32 am

Hope there will me a 1.6.13 patch soon.
I don't want to upgrade when 1.6.16 gets out and wait to see if there are bugs in it like in 1.6.15

GodOfSuicide · Post by **GodOfSuicide** » Thu Feb 12, 2004 12:18 pm

from dun_dacil:
/* If it's a share bot that hasnt been sharing, ask again */
} else if (!(dcc.status & STAT_SHARE)) {
if (dcc.user && (bot_flags(dcc.user) & BOT_AGGRESSIVE)) {
dprintf(i, "s u?\n");
dcc.status |= STAT_OFFERED;
}
}
}
}

you just have to add a { behind the 2nd "...& BOT_AGGRESSIVE))" and a } behind "..STAT_OFFERED;"

ppslim · Post by **ppslim** » Fri Feb 13, 2004 3:42 pm

I would advise an upgrade to 1.6.16 when it comes out.

There are a few bugs that have been ironed out in the source tree. IPv6 has been stripped, which was the mega headache.

MasterJM · Post by **MasterJM** » Sun Feb 15, 2004 2:59 pm

ppslim wrote:I would advise an upgrade to 1.6.16 when it comes out.

There are a few bugs that have been ironed out in the source tree. IPv6 has been stripped, which was the mega headache.

wooo

when is .16 going public for release?
I hope soon

because this http://www.securityfocus.com/bid/9606/info/ is not good :<

MfG JM

]Kami[ · Post by **]Kami[** » Sun Feb 15, 2004 8:20 pm

Yeah saw about bug, strange that nobody discovered it so long...

reaction · Post by **reaction** » Tue Feb 17, 2004 5:31 pm

if those two {} fix the vulnerability, here is the patch for 1.6.13

http://www.lownoise.org/downloads/eggdr ... tion.patch

patch -p0 < eggdrop1.6.13+p1_ReAction.patch from outside eggdrop1.6.13 directory.

have fun

ReAction

Ice--Cube · Post by **Ice--Cube** » Thu Apr 01, 2004 5:45 pm

I really hope that eggdrop and windrop 1.6.16 will be reelased soon, becource this exploit is a serius problem...i have experienced some attacks on my botnet myself...

Ice--Cube · Post by **Ice--Cube** » Wed Apr 07, 2004 8:12 am

Does anybody know how to patch windrop 1.6.15 from this vulnerability?

dollar · Post by **dollar** » Wed Apr 07, 2004 9:38 am

Ice--Cube wrote:Does anybody know how to patch windrop 1.6.15 from this vulnerability?

Just make sure every bot has a pass, and you'll be fine.

Ice--Cube · Post by **Ice--Cube** » Wed Apr 14, 2004 5:32 pm

They have passes..but attacker can still hack in one egg and op itself on channels...

egghelp/eggheads community

supposed 1.6.x eggdrop exploit posted on bugtraq

supposed 1.6.x eggdrop exploit posted on bugtraq

Re: supposed 1.6.x eggdrop exploit posted on bugtraq

Re: supposed 1.6.x eggdrop exploit posted on bugtraq

eggdrop 1.6.13 patch