[IRCServices] unhappy restart quirks with 5.0.10 (was 5.0.9)
Andrew Church
achurch at achurch.org
Sun Feb 23 09:45:50 PST 2003
>Now the obvious corollary question: with a single unlinked server running
>Unreal 3.2 with IRCServices U:lined in - are there any security issues
>raised by disabling NoSplitRecovery? I.e. there any way a malicious
>client could fake a timestamp during an /msg operserv restart to steal
>somebody's nick privileges?
Zero (for all practical purposes) under Unreal. From the source code
(modules/nickserv/util.c):
/*
* This can be exploited to gain improper privilege if an attacker
* has the same Services stamp, username and hostname as the
* victim.
*
* Under ircd.dal 4.4.15+ (Dreamforge) and other servers supporting
* a Services stamp, Services guarantees that the first condition
* cannot occur unless the stamp counter rolls over (2^31-1 client
* connections). This is practically infeasible given present
* technology. As an example, on a network of 30 servers, an
* attack introducing 50 new clients every second on every server,
* requiring at least 10-15 megabits of bandwidth, would need to be
* sustained for over 16 days to cause the stamp to roll over.
*
* Under other servers, an attack is theoretically possible, but
* would require access to either the computer the victim is using
* for IRC or the DNS servers for the victim's domain and IP
* address range in order to have the same hostname, and would
* require that the attacker connect so that he has the same server
* timestamp as the victim. Practically, the former can be
* accomplished either by finding a victim who uses a shell account
* on a multiuser system and obtaining an account on the same
* system, or through the scripting capabilities of many IRC
* clients combined with social engineering; the latter could be
* accomplished by finding a server with a clock slower than that
* of the victim's server and timing the connection attempt
* properly.
*
* If someone gets a hacked server into your network, all bets are
* off.
*/
--Andrew Church
achurch at achurch.org
http://achurch.org/