lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: andrewg at d2.net.au (andrewg@...net.au)
Subject: IRC DCC Exploit

Normally I wouldn't of replied, but due to the other answers people have
provided, I will.

>
> Hey,
>       I want to know about DCC Exploit,
>
> 1)  What is Irc DCC Exploit ?

Its a denial of service in MIRC versions >=6.0 and <6.12

> 2)  How it works ?

>From what I've told, it causes a out of bounds read error in the MIRC
client , after parsing the string.

> 3)  What is its Source/code ?

I've probably got the thingy in a log, iirc, its dcc send/get x x x x x x
x x x x x x x x x x x x x x more or less (around 12 or something.

> 4)  How to protect from this exploit ?

Either upgrade to MIRC 6.12, or do /ignore -wd * which will prevent it
from happening.

> 5)  And in which language people were made ?

?!

>
>       I am asking you about it because it is harmfull full, when i join
> channel i disconnected 4 times with Critical Error. so please
> reply me as soon as possible. Thanks
>
> Best Regards from,
> Farrukh Hussain.
>

Hope this helps,
Andrew Griffiths

P.S No, I don't care this affects windows people, I'm sure if they notice
their client keeps on crashing, they'll look for more information.



Powered by blists - more mailing lists