this vulnerability is very old On Tue, Jun 21, 2011 at 4:12 PM, DiKKy Heartiez <[email protected]>wrote:
> We've just stumbled upon a few dangerous exploits which can be used in > conjunction to wreak havoc in online chatrooms, which could potentially be > very dangerous. > > > Home routers running VXWorks, such as the Netgear 614, 624, and Linksys > WRT54G v5 routers, allow remote attackers to cause a denial of service by > sending a malformed DCC SEND string to an IRC channel, which causes an IRC > connection reset, possibly related to the masquerading code for NAT > environments, and as demonstrated via (1) a DCC SEND with a single long > argument, or (2) a DCC SEND with IP, port, and filesize arguments with a 0 > value. > > > Using such a string as > > > \001DCC SEND "hello.jpg" 0 0 0 > > > would exploit this flaw. > > > This exploit is exacerbated by a buffer overflow vulnerability in mIRC > version 6.12 whereby using filename longer than fourteen characters will > cause the client to crash. By combining these two flaws, we get > > > \001DCC SEND "loljewsdidwtc.jpg" 0 0 0 > > > which will cause a Denial of Service condition in a minimum of four > products. > > > This would be bad enough, however users of Norton's Personal Firewall > product are faced with even more risk. Symantec generally makes the BEST > security products on the market and we are very surprised that this slipped > through. Norton's Personal Firewall will drop a connection if it detects > the string "startkeylogger" or "stopkeylogger" in incoming data. This is to > prevent the spread of the new Spybot worm but also has unintended > consequences. By using the string > > > \001DCC SEND "startkeylogger" 0 0 0 > > > a Denial of Service condition is created on multiple hardware routers and > multiple software products. Such exploits have been seen running rampant in > channels such as #lulzsec, #anonops, #ix, #nanog, #2600, and #phonelosers. > Please be wary of any chats from unknown parties, and keep your software up > to date. We will update you more as this situation unfolds. > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
