While checking yesterday my snort database i found some attacks from the host 210.193.16.22 so i began to resolve the dns from the hosts with mirc32 and i executed the following commands in the status window: /dns 210.193.16.22 /dns 210.193.16.23 /dns 210.193.16.24 * Looking up 210.193.16.22 * Looking up 210.193.16.23 * Looking up 210.193.16.24 * Unable to resolve 210.193.16.22 /dns 210.193.16.25 * Looking up 210.193.16.25 * Unable to resolve 210.193.16.23 (** MIRC CRASH**) every time i tried to resolve a few ips mirc32 dies. the problem seems to be in the WSAAsyncGetHostByName() call. i have tested this feature in both mirc 6.01 and 6.03 in diferent computers. SO: winxp I cant give too many information about how to reproduce it, just try to resolve some dns like the example. there are some mirc scripts that resolve dns after some events like ctcps , so maybe this bug can be used remotely as a Denial of Service. Windbg: 0:004> g ModLoad: 76ee0000 76f05000 C:\WINDOWS\System32\DNSAPI.dll ModLoad: 76f70000 76f77000 C:\WINDOWS\System32\winrnr.dll ModLoad: 76f20000 76f4d000 C:\WINDOWS\system32\WLDAP32.dll ModLoad: 76f80000 76f85000 C:\WINDOWS\System32\rasadhlp.dll (794.788): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=00000000 ebx=005ea830 ecx=00000001 edx=71a42268 esi=005ea830 edi=71a42268 eip=71a38d72 esp=01a8ff34 ebp=01a8ff5c iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00010202 *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\System32\WS2_32.dll - WS2_32!WSAAsyncGetHostByName+407: 71a38d72 8a10 mov dl,[eax] ds:0023:00000000=?? regards Andres Tarascó Acuña 3W Design Security - 2003 _________________________________________________________________ MSN Compras: Veinte tiendas personales abiertas todo el día. http://www.msn.es/compras/
This archive was generated by hypermail 2b30 : Tue May 27 2003 - 14:08:45 PDT