Anope Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001720Anope Stable (2.0.x series)[All Projects] Generalpublic2019-03-29 12:092019-03-29 12:09
Assigned To 
PlatformLinux/UnixOSDebianOS VersionDebian 9
Summary0001720: /cs mode does not check if the person executing it has permission to set a +L channel as redirect
DescriptionWhen using /cs mode to set modes, the channel mode +L on InspIRCd and UnrealIRCd can be used to redirect people to a channel once a channel limit has been reached.
The issue is, that /cs mode does not check whether the person using /cs mode to set +L has permission to set said redirect channel (the IRCd would check for ops on InspIRCd and owner on UnrealIRCd).
This could be abused to set a very low channel limit and redirect join everyone to another channel (it respects join restrictive modes, but this is an issue for channels that want to in general allow everyone in).

Steps To Reproduce1. Have a user be identified to his NickServ account and have his own channel # OR one where he has access to /cs mode hereby reffered to as #A

2. Have the user from 1. execute /cs mode #A set +L #B OR /cs mode #A lock add +L #B whereby this user has NO access in #B whatsoever

3. Observe how Anope (through the respective BotServ bot or, if non present, through ChanServ) sets +L #B even though this user has no ChanServ access in #B whatsoever (and also no (half)ops or higher status prefix)
Additional InformationThis bug effects all IRCd's that have a +L channel mode for redirects on reachec channel limits and could possibly effect IRCd's with other forms of redirects as well, for example CharybdisIRCd with chanmode +f (this is untested though a distinct possibility unfortunately).
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
There are no notes attached to this issue.

- Issue History
Date Modified Username Field Change
2019-03-29 12:09 Koragg New Issue

Copyright © 2000 - 2019 MantisBT Team
Powered by Mantis Bugtracker