----------------------------------------------------------------------- CRACKED Security Advisory - 00001 July 11, 2002 http://www.cracked.net crackedsecurityat_private ----------------------------------------------------------------------- *Vulnerable Product(s)- Variety of automated IRC scripts providing the !seen service. -Various BitchX and mIRC scripts -Bots such as Eggdrop *Vulnerability- Remote DoS Against A Given Chat Client With the !seen Service *Severity- CRITICAL - POTENTIALLY DISRUPTS THE FLOW OF PIRATED SOFTWARE!! ----------------------------------------------------------------------- Introduction ----------------------------------------------------------------------- Many people who "IRC" use automated scripts when chatting on their favorite IRC server. This advisory is most important for the ereet warez hackers who populate massive channels to transfer their filez. When exploiting the following vulnerability properly, it could distract the warez hackers from leeching their goodz effectively for a given amount of time. The !seen service is a useful public service offered by many users of various IRC networks. When someone in a given channel types !seen [nickname], all of the people in that channel who have their service enabled will respond to the request. This response usually looks something like this: Sorry, I don't remember seeing [nickname] around. or... Yes, I last saw [nickname] 12 hours 3 minutes ago with quit message (bye). The !seen service is most popular with mIRC users, and is used by many in public juarez channels. ----------------------------------------------------------------------- Vulnerabiliy ----------------------------------------------------------------------- The majority of !seen service scripts will continuously report until you stop sending requests. When sending an extra large request multiple times with multiple IRC clients, it is possible to flood every user off of the given chat channel who is offering a !seen service. CRACKED Security feels that this is a very serious issue for the juarez community. Many warez chimps who play with fserves and such have the !seen script turned on with their Polaris scriptz. The majority of !seen scripts have no limit to the number of times you can send a !seen request. In a large chat channel on IRC that consists mainly of young kids with customized mIRC scripts (warez channels), launching a repeating !seen request with multiple clients will cause many users to Excess Flood from the network. This will also delay the spread of warez for a couple minutes. Make sure to check out our released exploit. CRACKED_seen_DoS.ini ----------------------------------------------------------------------- Patch ----------------------------------------------------------------------- How to patch your mIRC client if you are running the !seen service. 1.) Click on Tools. 2.) Move your mouse down and click on Remotes. 3.) Click on Listen. 4.) Make sure Events is unchecked. 5.) All done. kthxbye ----------------------------------------------------------------------- Misc. ----------------------------------------------------------------------- Greetz: khaled mardam-bey, panasync, dianora, msk, and all the rest of the dedicated irc'ers out there.
This archive was generated by hypermail 2b30 : Fri Jul 12 2002 - 16:57:44 PDT