#531 closed Defect (Invalid)
DCC SEND exploit can cause Colloquy to drop connections
| Reported by: | nessup[at]gmail.com | Owned by: | timothy |
|---|---|---|---|
| Component: | Chat Core (IRC) | Version: | 2.0 (Mac) |
| Severity: | Critical | Keywords: | linksys netgear dcc send chat |
| Cc: | bobmo@… |
Description
An exploit found only to affect people with Linksys or Netgear routing hardware with non-encrypted IRC connections over port 6667 will cause the connection to drop.
To reproduce this bug, type "DCC SEND [INSERT AT LEAST 14 CHARACTERS HERE]" into any non-encrypted IRC session on port 6667 with a Linksys/Netgear? router.
mIRC has a fix to this, but I am not aware of it.
Change History (5)
comment:1 Changed 12 years ago by nessup @…
comment:2 Changed 12 years ago by timothy
- Resolution set to invalid
- Status changed from new to closed
I am unable to reproduce this in Colloquy. Did you actually get this to work?
comment:3 Changed 12 years ago by timothy
The reproducible steps do not describe this correctly.
Here is another report that use to crash the old Irssi nightly, but the new 3/11 nightly is not affected.
http://www.hm2k.org/?article=mirc-exploit.txt
Here's the link, not sure if the bug is *identical*, but the string we were using that crashed you was DCC SEND "anythinggoeshere" 0 0 0
If the text contained spaces, it didn't work. Either way, should be an easy fix since it's reproducible.
comment:4 Changed 12 years ago by timothy
Please try with the latest beta.
ADD: http://www.irchelp.org/irchelp/mirc/exploit.html