lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <BANLkTimc=s9qz67B39R_T=Gtvcx69jHwMQ@mail.gmail.com>
Date: Tue, 21 Jun 2011 21:31:34 -0500
From: Laurelai Storm <laurelai@...echan.org>
To: DiKKy Heartiez <dikkyheartiez@...mail.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Goatse Security EMERGENCY RELEASE - RAMPANT
 VULNERABILITY SPREADING LIKE WILDFIRE

this vulnerability is very old

On Tue, Jun 21, 2011 at 4:12 PM, DiKKy Heartiez
<dikkyheartiez@...mail.com>wrote:

>  We've just stumbled upon a few dangerous exploits which can be used in
> conjunction to wreak havoc in online chatrooms, which could potentially be
> very dangerous.
>
>
> Home routers running VXWorks, such as the Netgear 614, 624, and Linksys
> WRT54G v5 routers, allow remote attackers to cause a denial of service by
> sending a malformed DCC SEND string to an IRC channel, which causes an IRC
> connection reset, possibly related to the masquerading code for NAT
> environments, and as demonstrated via (1) a DCC SEND with a single long
> argument, or (2) a DCC SEND with IP, port, and filesize arguments with a 0
> value.
>
>
> Using such a string as
>
>
> \001DCC SEND "hello.jpg" 0 0 0
>
>
> would exploit this flaw.
>
>
> This exploit is exacerbated by a buffer overflow vulnerability in mIRC
> version 6.12 whereby using filename longer than fourteen characters will
> cause the client to crash.  By combining these two flaws, we get
>
>
> \001DCC SEND "loljewsdidwtc.jpg" 0 0 0
>
>
> which will cause a Denial of Service condition in a minimum of four
> products.
>
>
> This would be bad enough, however users of Norton's Personal Firewall
> product are faced with even more risk.  Symantec generally makes the BEST
> security products on the market and we are very surprised that this slipped
> through.  Norton's Personal Firewall will drop a connection if it detects
> the string "startkeylogger" or "stopkeylogger" in incoming data.  This is to
> prevent the spread of the new Spybot worm but also has unintended
> consequences.  By using the string
>
>
> \001DCC SEND "startkeylogger" 0 0 0
>
>
> a Denial of Service condition is created on multiple hardware routers and
> multiple software products.  Such exploits have been seen running rampant in
> channels such as #lulzsec, #anonops, #ix, #nanog, #2600, and #phonelosers.
>  Please be wary of any chats from unknown parties, and keep your software up
> to date.  We will update you more as this situation unfolds.
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ