Re: mirc32 6.0x crash when resolving dns.

From: Davide Del Vecchio (danteat_private)
Date: Tue May 27 2003 - 14:57:45 PDT

Next message: Christopher Canova: "RE: mirc32 6.0x crash when resolving dns."

Previous message: Bram Matthys (Syzop): "Re: mirc32 6.0x crash when resolving dns."
In reply to: aT4r InsaN3: "mirc32 6.0x crash when resolving dns."
Next in thread: Christopher Canova: "RE: mirc32 6.0x crash when resolving dns."
Reply: Christopher Canova: "RE: mirc32 6.0x crash when resolving dns."
Reply: 3APA3A: "Re[2]: mirc32 6.0x crash when resolving dns."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Andres, 

here Windows 98 B, mIRC v6.03 nothin happens when tryin to resolve that ip. 

[23:57] * Looking up 210.193.16.22
 -
[23:57] * Looking up 210.193.16.23
 -
[23:57] * Looking up 210.193.16.24
 -
[23:57] * Looking up 210.193.16.25
 -
[23:57] * Unable to resolve 210.193.16.22
 -
[23:57] * Looking up 210.193.16.26
 -
[23:57] * Unable to resolve 210.193.16.23
 -
[23:57] * Unable to resolve 210.193.16.24
 -
[23:57] * Unable to resolve 210.193.16.25
 -
[23:57] * Unable to resolve 210.193.16.26
 - 

Davide Del Vecchio, Dante Alighieri danteat_private ~ www.alighieri.org 


aT4r InsaN3 Scrive: 

> While checking yesterday my snort database i found some attacks from the 
> host 210.193.16.22 so  i began to resolve the dns from the hosts with 
> mirc32 and i executed the following commands in the status window: 
> 
> /dns 210.193.16.22
> /dns 210.193.16.23
> /dns 210.193.16.24
> * Looking up 210.193.16.22
> * Looking up 210.193.16.23
> * Looking up 210.193.16.24
> * Unable to resolve 210.193.16.22
> /dns 210.193.16.25
> * Looking up 210.193.16.25
> * Unable to resolve 210.193.16.23
> (** MIRC CRASH**) 
> 
> every time i tried to resolve a few ips mirc32 dies. the problem seems to 
> be in the WSAAsyncGetHostByName() call.
> i have tested this feature in both mirc  6.01 and 6.03 in diferent 
> computers. SO: winxp
> I cant give too many information about how to reproduce it, just try to 
> resolve some dns like the example.
> there are some mirc scripts that resolve dns after some events like ctcps 
> , so maybe this bug can be used remotely as a Denial of Service. 
> 
> Windbg:
> 0:004> g
> ModLoad: 76ee0000 76f05000   C:\WINDOWS\System32\DNSAPI.dll
> ModLoad: 76f70000 76f77000   C:\WINDOWS\System32\winrnr.dll
> ModLoad: 76f20000 76f4d000   C:\WINDOWS\system32\WLDAP32.dll
> ModLoad: 76f80000 76f85000   C:\WINDOWS\System32\rasadhlp.dll
> (794.788): Access violation - code c0000005 (first chance)
> First chance exceptions are reported before any exception handling.
> This exception may be expected and handled.
> eax=00000000 ebx=005ea830 ecx=00000001 edx=71a42268 esi=005ea830 
> edi=71a42268
> eip=71a38d72 esp=01a8ff34 ebp=01a8ff5c iopl=0         nv up ei pl nz na pe 
> nc
> cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000             
> efl=00010202
> *** ERROR: Symbol file could not be found.  Defaulted to export symbols 
> for C:\WINDOWS\System32\WS2_32.dll -
> WS2_32!WSAAsyncGetHostByName+407:
> 71a38d72 8a10             mov     dl,[eax]                
> ds:0023:00000000=?? 
> 
> regards 
> 
> Andres Tarascó Acuña
> 3W Design Security - 2003 
> 
> _________________________________________________________________
> MSN Compras: Veinte tiendas personales abiertas todo el día.  
> http://www.msn.es/compras/ 
>

Next message: Christopher Canova: "RE: mirc32 6.0x crash when resolving dns."
Previous message: Bram Matthys (Syzop): "Re: mirc32 6.0x crash when resolving dns."
In reply to: aT4r InsaN3: "mirc32 6.0x crash when resolving dns."
Next in thread: Christopher Canova: "RE: mirc32 6.0x crash when resolving dns."
Reply: Christopher Canova: "RE: mirc32 6.0x crash when resolving dns."
Reply: 3APA3A: "Re[2]: mirc32 6.0x crash when resolving dns."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue May 27 2003 - 15:24:46 PDT