Eggdrop set owner vulnerability
|Description:||Apparently some versions of eggdrop allow people with master access to become owner with .set owner <nick>. You can then do stuff like .tcl exec cat /etc/passwd|
|Author:||-*- Chotaire -*- <chotaire@CHOTAIRE.NET>|
|Compromise:||obtain complete access to account running eggdrop bot (if you have master access already)|
|Vulnerable Systems:||Those running vulnerable versions of eggdrop (an IRC bot) |
|Date:||29 August 1997 |
Date: Fri, 29 Aug 1997 22:32:33 +0200
From: -*- Chotaire -*- <chotaire@CHOTAIRE.NET>
Subject: Re: Having fun with eggdrop bot
At 19:43 29.08.97 +0200, you wrote:
>> Eggdrops bots can access files all over the system if you're owner and
>> the bot runs with root permissions.
>1) who runs a bot as root?
>2) who gives away owner-access?
I have come across many bots being run as root. So people should look out.
And in earlier versions of Eggdrop there is one serious bug to become
OWNER when someone has master access. I will demonstrate on eggdrop 0.9p,
this bug still works in lotsa newer versions aswell:
.set owner Chotaire
.chattr Chotaire +n
When another owner tries to remove your owner and master access, you will
still be able to re-"own" yourself unless they have detected you in the
.set owner variable.
Now for FIXING YOUR TCL problem, take a look at this one...
recompile your bot, and that's it... no more problems.
Eggdrop Guru since 1993
Chotaire E-Mail: firstname.lastname@example.org
Network Operator IRC: irc.majesty.de (Chotaire)
Administrative Manager Private: http://www.chotaire.net
Majesty Net Solutions GmbH - On the 7th day, god was busy surfing the net
The master index of all exploits is available
here (Very large file)
Or you can pick your favorite operating system:
This page is part of Fyodor's exploit
For a free program to automate scanning your network for vulnerable
hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resources: