View Issue Details

IDProjectCategoryView StatusLast Update
0001720Anope Stable (2.0.x series)Generalpublic2019-03-29 12:09
ReporterKoragg Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status newResolutionopen 
PlatformLinux/UnixOSDebian 
Summary0001720: /cs mode does not check if the person executing it has permission to set a +L channel as redirect
DescriptionWhen using /cs mode to set modes, the channel mode +L on InspIRCd and UnrealIRCd can be used to redirect people to a channel once a channel limit has been reached.
The issue is, that /cs mode does not check whether the person using /cs mode to set +L has permission to set said redirect channel (the IRCd would check for ops on InspIRCd and owner on UnrealIRCd).
This could be abused to set a very low channel limit and redirect join everyone to another channel (it respects join restrictive modes, but this is an issue for channels that want to in general allow everyone in).

Steps To Reproduce1. Have a user be identified to his NickServ account and have his own channel # OR one where he has access to /cs mode hereby reffered to as #A

2. Have the user from 1. execute /cs mode #A set +L #B OR /cs mode #A lock add +L #B whereby this user has NO access in #B whatsoever

3. Observe how Anope (through the respective BotServ bot or, if non present, through ChanServ) sets +L #B even though this user has no ChanServ access in #B whatsoever (and also no (half)ops or higher status prefix)
Additional InformationThis bug effects all IRCd's that have a +L channel mode for redirects on reachec channel limits and could possibly effect IRCd's with other forms of redirects as well, for example CharybdisIRCd with chanmode +f (this is untested though a distinct possibility unfortunately).
TagsNo tags attached.

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2019-03-29 12:09 Koragg New Issue