Ticket #531 (closed Defect: invalid)

Opened 4 years ago

Last modified 22 months ago

DCC SEND exploit can cause Colloquy to drop connections

Reported by: nessup[at]gmail.com Owned by: timothy
Priority: Highest Milestone:
Component: Chat Core (IRC) Version: 2.0 (Mac)
Severity: Critical Keywords: linksys netgear dcc send chat
Cc: bobmo@…

Description

An exploit found only to affect people with Linksys or Netgear routing hardware with non-encrypted IRC connections over port 6667 will cause the connection to drop.

To reproduce this bug, type "DCC SEND [INSERT AT LEAST 14 CHARACTERS HERE]" into any non-encrypted IRC session on port 6667 with a Linksys/Netgear router.

mIRC has a fix to this, but I am not aware of it.

Change History

Changed 4 years ago by nessup @…

ADD:  http://www.irchelp.org/irchelp/mirc/exploit.html

Changed 4 years ago by timothy

  • status changed from new to closed
  • resolution set to invalid

I am unable to reproduce this in Colloquy. Did you actually get this to work?

Changed 4 years ago by timothy

The reproducible steps do not describe this correctly.

Here is another report that use to crash the old Irssi nightly, but the new 3/11 nightly is not affected.

 http://www.hm2k.org/?article=mirc-exploit.txt

Here's the link, not sure if the bug is *identical*, but the string we were using that crashed you was DCC SEND "anythinggoeshere" 0 0 0

If the text contained spaces, it didn't work. Either way, should be an easy fix since it's reproducible.

Changed 4 years ago by timothy

Please try with the latest beta.

Changed 4 years ago by bobmohotmail.com

  • cc bobmo@… added

nhjgk

Note: See TracTickets for help on using tickets.