From owner-freebsd-security Fri Dec 1 21:36:30 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id VAA22131 for security-outgoing; Fri, 1 Dec 1995 21:36:30 -0800 Received: from soda.CSUA.Berkeley.EDU (soda.CSUA.Berkeley.EDU [128.32.43.52]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id VAA22105 for ; Fri, 1 Dec 1995 21:35:19 -0800 Received: (mconst@localhost) by soda.CSUA.Berkeley.EDU (8.6.11/PHILMAIL-1.11) id VAA04777; Fri, 1 Dec 1995 21:33:35 -0800 Date: Fri, 1 Dec 1995 21:33:35 -0800 From: Michael Constant Message-Id: <199512020533.VAA04777@soda.CSUA.Berkeley.EDU> To: jkh@time.cdrom.com, rdugaue@calweb.com Subject: Re: ****HELP***** Cc: security@freebsd.org Sender: owner-security@freebsd.org Precedence: bulk > One thing very strange was my user said this guy appeared to be > controling him in IRC. He (the perp) was moving the user around from room > to room (joining him into gay channels and stuff) and then typing in > lines for him also. All with the user watching without able to control > what he was doing to him. This is a very standard "hacker" thing to do. All you have to do is convince the victim to type something stupid, like "/on ^msg * $1-" and then you have control over their entire irc session, and since you can force them to use the "/exec" command against their will, you also have control over their entire account. Also, instead of asking the victim to execute a stupid command, you can give them a security- compromising script and ask them to load it. Some IRC scripts have very subtle security holes; I personally refuse to use any IRC script I didn't write myself. Check your system for vulnerability from the inside. What can your users do? The hacker has complete control over the victim's account, and can thus do anything that your ordinary users can do. - Michael Constant