COMMAND

    ircd

SYSTEMS AFFECTED

    Debian Linux

PROBLEM

    There are  a couple  of bugs  in the  Undernet IRC  Server package
    (ircd  2.9.32-3)  which  is  included  in  Debian Linux 1.3.1 (and
    probably earlier versions as well)...

    First,  /etc/ircd/  is  set  world  readable...   This   directory
    contains  the   server  configuration   files  and   irc  operator
    passwords.  By  default, the passwords  are encrypted, but  anyone
    with crack can  easily bypass this  protection in a  few hours and
    /oper themselves!

    Second, the package adds the following line to inetd.conf:

    ircd            stream  tcp     wait    root    /usr/sbin/ircd ircd -i

    ircd is supposed to be run  as 'irc', not 'root'..!  I  don't know
    if this is exploitable in any  way, but the irc server does  -not-
    require root priviledges.  Credit goes to Matt Ainvar.

SOLUTION

    The fix for firs problem (world readable directory) should be:

        chmod 700 /etc/ircd/

    Second problem should be fixed with:

        chown irc.irc /etc/ircd/

    and change the line in inetd.conf to

    ircd            stream  tcp     wait    irc     /usr/sbin/ircd ircd -i

    or (if you are running xinetd)

    service ircd
    {
            socket_type     = stream
            user            = irc
            wait            = yes
            server          = /usr/sbin/ircd
            server_args     = -i
    }