[NT] ignitionServer Server Linking Password Verification Vulnerability

2004-06-18T00:00:00
ID SECURITYVULNS:DOC:6367
Type securityvulns
Reporter Securityvulns
Modified 2004-06-18T00:00:00

Description

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source. http://www.securiteam.com/mailinglist.html


ignitionServer Server Linking Password Verification Vulnerability

SUMMARY

<http://www.ignition-project.com/ignition/server/> ignitionServer is "an Internet Relay Chat Server for the Windows platform".A vulnerability has been discovered in ignitionServer, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to missing password verification when linking servers. Successful exploitation requires use of linking, which is currently experimental, and allows the password restriction to be bypassed.

DETAILS

Vulnerable Systems: * ignitionServer version 0.1.2 through version 0.3.1

Immune Systems: * ignitionServer version 0.3.1-P1

Vulnerable code: The problematic code can be found at /codemodules/modConf.bas: If Len(ILine(I).Pass) 0 Then cptr.PassOK = False Else cptr.PassOK = True

Which means that if the password is of 0 length, it is ok and we can continue. This is of course incorrect behavior, it shouldn't be regarded as ok, but rather as if the wrong password was provided.

ADDITIONAL INFORMATION

The information has been provided by Keith Gable, Lead Programmer of the Ignition Project.

========================================

This bulletin is sent to members of the SecuriTeam mailing list. To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================

DISCLAIMER: The information in this bulletin is provided "AS IS" without warranty of any kind. In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.