Hi, i think i've found a new (exploitable) bug in ircii and the likes. here's a short description on what i did: i telneted onto an irc server (hb.irc.at) and let someone dcc chat me. this looked somehow like this: :forcer!forcerat_private-net.de PRIVMSG flowmne :DCC CHAT chat 3500393993 28219 the first number stands for the longip(a shorter form for ips) and the second for the port the dcc chat initiator is listening on. Now i telneted to ppp09.junior-net.de port 28219 and sent about 2000 A's and then a \n after that the connection was closed and forcer's irc client exited with (EOF from Client). We tested this with BitchX 74p2,74p4 and ircII 4.4. All of them showed the same symptoms.. It looks as though this is exploitable and you can do your standard "execute arbitary code" exploit after being dcc chat. I don't know if this works too if you've chat an ircII/BitchX(/Epic?) user but i see no reason why it shouldn't. Special thanks go out to forcer from #linux.de who helped me testing the bug and currently is working on a patch for it. bye, paul(infected on irc) -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Name: Paul S. Boehm || Freelance Security Consulter. Email: paulat_private || PGPkey available at: Url: http://paul.boehm.org/ || http://paul.boehm.org/paul-pgp.asc -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- There is is no reason for any individual to have a computer in their home. --Ken Olsen (Digital Corp CEO) 1977. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:55:48 PDT