View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0004283 | unreal | ircd | public | 2014-03-14 01:14 | 2014-03-14 01:14 |
| Reporter | peterkingalexander | Assigned To | |||
| Priority | high | Severity | major | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Product Version | 3.2.10.1 | ||||
| Fixed in Version | 3.4-alpha1 | ||||
| Summary | 0004283: CAP Negotiation can be used to bypass PING cookie | ||||
| Description | Summary says it all really but basically a client can send CAP LS, NICK, USER, CAP END and not have to send PONG <cookie> to connect. Allowing malicious code to bypass the PING cookie IP spoof protection. | ||||
| Steps To Reproduce | telnet <server> 6667 CAP LS NICK SomeNick USER User meh meh :Gecos CAP END *connected* | ||||
| Tags | No tags attached. | ||||
| 3rd party modules | |||||
|
|
Fortunately 99% of the people run OS's that have no (known) weak ISN. Still, this also means HTTP POST protection can be bypassed, oh well.. actually not.. because that's caught by another module ;p. Still.. should be fixed. nenolod? you added the code, so you probably know where the problem lies. Btw, I would swear I tested this, because it was so logical that this would happen :p. |
|
|
Confirmed. I think it should be fixed out of principle if nothing else, its still a weakness even if it is minor. My 2ยข :) |
|
|
http://hg.unrealircd.com/hg/unreal/rev/0d8f213feb59 |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2014-03-14 01:14 | peterkingalexander | New Issue | |
| 2014-03-14 01:14 | peterkingalexander | Issue generated from: 0004222 |
