|View Issue Details [ Jump to Notes ] ||[ Issue History ] [ Print ] |
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0001720||Anope Stable (2.0.x series)||[All Projects] General||public||2019-03-29 12:09||2019-03-29 12:09|
|Assigned To|| |
|Platform||Linux/Unix||OS||Debian||OS Version||Debian 9|
|Summary||0001720: /cs mode does not check if the person executing it has permission to set a +L channel as redirect|
|Description||When using /cs mode to set modes, the channel mode +L on InspIRCd and UnrealIRCd can be used to redirect people to a channel once a channel limit has been reached. |
The issue is, that /cs mode does not check whether the person using /cs mode to set +L has permission to set said redirect channel (the IRCd would check for ops on InspIRCd and owner on UnrealIRCd).
This could be abused to set a very low channel limit and redirect join everyone to another channel (it respects join restrictive modes, but this is an issue for channels that want to in general allow everyone in).
|Steps To Reproduce||1. Have a user be identified to his NickServ account and have his own channel # OR one where he has access to /cs mode hereby reffered to as #A|
2. Have the user from 1. execute /cs mode #A set +L #B OR /cs mode #A lock add +L #B whereby this user has NO access in #B whatsoever
3. Observe how Anope (through the respective BotServ bot or, if non present, through ChanServ) sets +L #B even though this user has no ChanServ access in #B whatsoever (and also no (half)ops or higher status prefix)
|Additional Information||This bug effects all IRCd's that have a +L channel mode for redirects on reachec channel limits and could possibly effect IRCd's with other forms of redirects as well, for example CharybdisIRCd with chanmode +f (this is untested though a distinct possibility unfortunately).|
|Tags||No tags attached.|