Re: Fw: [net-com] Bug in Mirc v5.82

From: Gossi The Dog (gossiat_private)
Date: Sun Apr 22 2001 - 12:58:27 PDT

Next message: Nick FitzGerald: "Re: SECURITY.NNOV: The Bat! <cr> bug"

Previous message: Adam Osuchowski: "Re: Mercury for NetWare POP3 server vulnerable to remote buffer overflow"
In reply to: Chris King: "Fw: [net-com] Bug in Mirc v5.82"
Next in thread: Gossi The Dog: "Re: Fw: [net-com] Bug in Mirc v5.82"
Reply: Gossi The Dog: "Re: Fw: [net-com] Bug in Mirc v5.82"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

*** Now talking in #xnet
*** Topic is '606 users! -=- <ben> 'im the special ed teacher, you look
special to me, come and sit on my lap''
*** Set by wnfAknd on Sat Apr 21 21:20:17

<Gossi> hey
<Gossi> anybody seen Trax lurking?
<[\]> oh f\ck, another one
<Syzop> wehe
<[\]> F\CK OF!"
<Syzop> lol

[..]

[\] is traxster@host-removed.webport.bt.net * Trax
[\] on @#z @#xnet @#viagra @#radio-one @#leech @#happyland #GiMP
[\] using viagra.tx.us.xnet.org [64.242.77.168] Up, up and away!
[\] is away: F\CK OFF! (29m 13s)
[\] is an IRC Operator
[\] is client 1 of an allowed 0 from 62.7.156.105
[\] End of /WHOIS list.

[..]

<[\]> some asswipe forwarded it from a PRIVATE LIST
<Gossi> but the point is, everybody is freaking out now, because nobody
knows the details of the problem
<[\]> hense the reason im awaiting the person who forwarded the email to
get off his ass and stop watching the simpsons
<[\]> ok you wanaks, ive just emailed all the people who experienced it,
requested all info's on it, now would you please leave me alone ? :)

[..]

<[\]> i know what script bugs look like, and this effected 4 different
people, using different scripts, and one with a bare mirc

Apparently a few Xnet users were experiencing problems with mIRC doing
funny stuff.  It's unclear at this stage if it's mIRCs fault, or a third
part scripts fault.

Regards,
Gossi The Bugtraq Hassler.

On Sun, 22 Apr 2001, Chris King wrote:

> ----- Original Message -----
> From: Trax <traxsterat_private>
> To: opers-xnet <opersat_private>
> Cc: net-com-xnet <net-comat_private>
> Sent: Sunday, April 22, 2001 1:40 PM
> Subject: [net-com] Bug in Mirc v5.82
>
>
> > There is a bug in mirc v5.82 that allows remote control of clients via
> > /quote and /ctcp  (not the ctcp *:*:*:* code tho), this is different, it's
> > the mirc coder's fault.
> >
> > Simple solution:
> > Downgrade mirc to v5.81 till a fix/new mirc comes out.
> >
> > Other Solution:
> > Put these in your remotes as they are printed here:
> >
> > ctcp 1:finger:haltdef
> > ctcp 1:userinfo:haltdef
> > ctcp 1:clientinfo:haltdef
> > ctcp 1:ping:haltdef
> > ctcp 1:time:haltdef
> > ctcp 1:sound:haltdef
> > ctcp 1:msg:haltdef
> > ctcp 1:/msg:haltdef
> >
> >
> > From my point of view, this *may* screw up your scripts, so the downgrade
> is
> > the easier option.
> >
> > This hole in mirc enable's people to remotely control people using mirc
> > v5.82 using /quote and /ctcp.  This morning on another network, someone
> did
> > it to an ircop and globaled, if they wanted to they could have
> > killed/akilled people.
> >
> > So please either ditch Mirc v5.82 or insert the above code.
> >
> > Laters
> > Trax.
> >
> >
> >
>

Next message: Nick FitzGerald: "Re: SECURITY.NNOV: The Bat! <cr> bug"
Previous message: Adam Osuchowski: "Re: Mercury for NetWare POP3 server vulnerable to remote buffer overflow"
In reply to: Chris King: "Fw: [net-com] Bug in Mirc v5.82"
Next in thread: Gossi The Dog: "Re: Fw: [net-com] Bug in Mirc v5.82"
Reply: Gossi The Dog: "Re: Fw: [net-com] Bug in Mirc v5.82"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Apr 23 2001 - 12:12:58 PDT