Opened 14 years ago

Closed 14 years ago

Last modified 12 years ago

#531 closed Defect (Invalid)

DCC SEND exploit can cause Colloquy to drop connections

Reported by: nessup[at]gmail.com Owned by: timothy
Component: Chat Core (IRC) Version: 2.0 (Mac)
Severity: Critical Keywords: linksys netgear dcc send chat
Cc: bobmo@…

Description

An exploit found only to affect people with Linksys or Netgear routing hardware with non-encrypted IRC connections over port 6667 will cause the connection to drop.

To reproduce this bug, type "DCC SEND [INSERT AT LEAST 14 CHARACTERS HERE]" into any non-encrypted IRC session on port 6667 with a Linksys/Netgear? router.

mIRC has a fix to this, but I am not aware of it.

Change History (5)

comment:2 Changed 14 years ago by timothy

  • Resolution set to invalid
  • Status changed from new to closed

I am unable to reproduce this in Colloquy. Did you actually get this to work?

comment:3 Changed 14 years ago by timothy

The reproducible steps do not describe this correctly.

Here is another report that use to crash the old Irssi nightly, but the new 3/11 nightly is not affected.


http://www.hm2k.org/?article=mirc-exploit.txt

Here's the link, not sure if the bug is *identical*, but the string we were using that crashed you was DCC SEND "anythinggoeshere" 0 0 0

If the text contained spaces, it didn't work. Either way, should be an easy fix since it's reproducible.

comment:4 Changed 14 years ago by timothy

Please try with the latest beta.

comment:5 Changed 14 years ago by bobmohotmail.com

  • Cc bobmo@… added

nhjgk

Note: See TracTickets for help on using tickets.