lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <4E01893D.4030501@gmail.com> Date: Tue, 21 Jun 2011 23:18:37 -0700 From: IA64 LOL <ia64lol@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: Goatse Security EMERGENCY RELEASE - RAMPANT VULNERABILITY SPREADING LIKE WILDFIRE http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1068 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1067 lol On 06/21/2011 07:53 PM, adam wrote: > "\001DCC SEND "loljewsdidwtc.jpg" 0 0 0" > > Absolutely love the example filename. > > On Tue, Jun 21, 2011 at 9:31 PM, Laurelai Storm <laurelai@...echan.org>wrote: > >> this vulnerability is very old >> >> On Tue, Jun 21, 2011 at 4:12 PM, DiKKy Heartiez <dikkyheartiez@...mail.com >>> wrote: >> >>> We've just stumbled upon a few dangerous exploits which can be used in >>> conjunction to wreak havoc in online chatrooms, which could potentially be >>> very dangerous. >>> >>> >>> Home routers running VXWorks, such as the Netgear 614, 624, and Linksys >>> WRT54G v5 routers, allow remote attackers to cause a denial of service by >>> sending a malformed DCC SEND string to an IRC channel, which causes an IRC >>> connection reset, possibly related to the masquerading code for NAT >>> environments, and as demonstrated via (1) a DCC SEND with a single long >>> argument, or (2) a DCC SEND with IP, port, and filesize arguments with a 0 >>> value. >>> >>> >>> Using such a string as >>> >>> >>> \001DCC SEND "hello.jpg" 0 0 0 >>> >>> >>> would exploit this flaw. >>> >>> >>> This exploit is exacerbated by a buffer overflow vulnerability in mIRC >>> version 6.12 whereby using filename longer than fourteen characters will >>> cause the client to crash. By combining these two flaws, we get >>> >>> >>> \001DCC SEND "loljewsdidwtc.jpg" 0 0 0 >>> >>> >>> which will cause a Denial of Service condition in a minimum of four >>> products. >>> >>> >>> This would be bad enough, however users of Norton's Personal Firewall >>> product are faced with even more risk. Symantec generally makes the BEST >>> security products on the market and we are very surprised that this slipped >>> through. Norton's Personal Firewall will drop a connection if it detects >>> the string "startkeylogger" or "stopkeylogger" in incoming data. This is to >>> prevent the spread of the new Spybot worm but also has unintended >>> consequences. By using the string >>> >>> >>> \001DCC SEND "startkeylogger" 0 0 0 >>> >>> >>> a Denial of Service condition is created on multiple hardware routers and >>> multiple software products. Such exploits have been seen running rampant in >>> channels such as #lulzsec, #anonops, #ix, #nanog, #2600, and #phonelosers. >>> Please be wary of any chats from unknown parties, and keep your software up >>> to date. We will update you more as this situation unfolds. >>> >>> >>> >>> _______________________________________________ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists