Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

xchat 2.0.6. DCC bug...

[es] :: Instant Messaging :: IRC :: xchat 2.0.6. DCC bug...

[ Pregleda: 4491 | Odgovora: 3 ] > FB > Twit

Postavi temu Odgovori

Autor
Pretraga teme: Traži
Markiranje Štampanje RSS

kUdtiHaEX
Beograd, Yugoslavia

Član broj: 3372
Poruke: 2598
*.verat.net

ICQ: 167621705
Sajt: www.webhost.co.yu


+4 Profil

icon xchat 2.0.6. DCC bug...18.12.2003. u 15:08 - pre 247 meseci
Cisto da znate da smo i mi, koji verujemo u xchat :) ranjivi. Evo i kako:

Citat:

---------------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200312-06
---------------------------------------------------------------------------

GLSA: 200312-06
Package: net-irc/xchat
Summary: Malformed dcc send requests in xchat-2.0.6 lead to a denial of
service
Severity: medium
Gentoo bug: 35623
Date: 2003-12-14
CVE: none
Exploit: remote
Affected: =2.0.6
Fixed: >=2.0.6-r1


DESCRIPTION:

There is a remotely exploitable bug in xchat 2.0.6 that could lead to a denial
of service attack. This is caused by sending a malformed DCC packet to xchat
2.0.6, causing it to crash. Versions prior to 2.0.6 do not appear to be
affected by this bug.

For more information, please see:

http://mail.nl.linux.org/xchat-announce/2003-12/msg00000.html


SOLUTION:

For Gentoo users, xchat-2.0.6 was marked ~arch (unstable) for most
architectures. Since it was never marked as stable in the portage tree, only
xchat users who have explictly added the unstable keyword to ACCEPT_KEYWORDS
are affected. Users may updated affected machines to the patched version of
xchat using the following commands:

emerge sync
emerge -pv '>=net-irc/xchat-2.0.6-r1'
emerge '>=net-irc/xchat-2.0.6-r1'
emerge clean


Citat:

xchat 2.0.6 crashes with mirc 6.0-6.11 DCC exploit
the machine on which xchat crashed
Linux 2.4.23
xchat 2.0.6

the machine who did the exploit
mirc 6.12
Windows XP

---
what happend:
i starded xchat 2.0.6 on my linux machine and, just for
fun, tried to exploit it via mirc.
if you are not familiar with that: mIRC 6.11 and ealier
6.x crashed on a malformated dcc request. 6.12 fixed that.

oh wonder! xchat closed!!!!
* Quits: <xchat_linux_nick>(who@cares) (Client exited)
(msg in my mirc)

downgraded to 2.0.5 and tried again
--- DCC RECV connect attempt to <mynick> failed
(err=Invalid argument).

this was reproduced on a FreeBSD machine with xchat 2.0.6
Internet ne cini ljude glupima. Internet cini ljudsku glupost dostupnijom (TM by me)

Webhost Hosting Services
 
Odgovor na temu

Nikola Denić
Nikola Denić
Nis/Bgd

Član broj: 6571
Poruke: 1231
*.kru.sezampro.yu

ICQ: 42376797
Sajt: www.nixa.co.yu


Profil

icon Re: xchat 2.0.6. DCC bug...18.12.2003. u 16:49 - pre 247 meseci
LOL .... pa bre .. svi prave greške ...voli mIRC kao samoga sebe ... ;)
ITSolutions - najeftiniji DialUp internet [ dialup flat za samo 275 dinara ]
 
Odgovor na temu

kUdtiHaEX
Beograd, Yugoslavia

Član broj: 3372
Poruke: 2598
*.vdial.verat.net

ICQ: 167621705
Sajt: www.webhost.co.yu


+4 Profil

icon Re: xchat 2.0.6. DCC bug...19.12.2003. u 10:52 - pre 247 meseci
Zanimljivo je da su i oni pogresili na istom mestu!
Internet ne cini ljude glupima. Internet cini ljudsku glupost dostupnijom (TM by me)

Webhost Hosting Services
 
Odgovor na temu

manca
N/A

Član broj: 460
Poruke: 1299
*.verat.net

Jabber: manca@elitesecurity.org
ICQ: 94432046
Sajt: www.mtldesign.co.sr


+1 Profil

icon Re: xchat 2.0.6. DCC bug...20.12.2003. u 23:32 - pre 247 meseci
hehehe., veoma vrlo smesno, kako da im se desi ista greska, a ja tolko volim ovaj Xchat, eh, sad sam se razocarao :)
Keep the faith....
MTL Design Studio....
http://www.mtldesign.co.sr
 
Odgovor na temu

[es] :: Instant Messaging :: IRC :: xchat 2.0.6. DCC bug...

[ Pregleda: 4491 | Odgovora: 3 ] > FB > Twit

Postavi temu Odgovori

Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.