"\001DCC SEND "loljewsdidwtc.jpg" 0 0 0" Absolutely love the example filename.
On Tue, Jun 21, 2011 at 9:31 PM, Laurelai Storm <[email protected]>wrote: > this vulnerability is very old > > On Tue, Jun 21, 2011 at 4:12 PM, DiKKy Heartiez <[email protected] > > wrote: > >> We've just stumbled upon a few dangerous exploits which can be used in >> conjunction to wreak havoc in online chatrooms, which could potentially be >> very dangerous. >> >> >> Home routers running VXWorks, such as the Netgear 614, 624, and Linksys >> WRT54G v5 routers, allow remote attackers to cause a denial of service by >> sending a malformed DCC SEND string to an IRC channel, which causes an IRC >> connection reset, possibly related to the masquerading code for NAT >> environments, and as demonstrated via (1) a DCC SEND with a single long >> argument, or (2) a DCC SEND with IP, port, and filesize arguments with a 0 >> value. >> >> >> Using such a string as >> >> >> \001DCC SEND "hello.jpg" 0 0 0 >> >> >> would exploit this flaw. >> >> >> This exploit is exacerbated by a buffer overflow vulnerability in mIRC >> version 6.12 whereby using filename longer than fourteen characters will >> cause the client to crash. By combining these two flaws, we get >> >> >> \001DCC SEND "loljewsdidwtc.jpg" 0 0 0 >> >> >> which will cause a Denial of Service condition in a minimum of four >> products. >> >> >> This would be bad enough, however users of Norton's Personal Firewall >> product are faced with even more risk. Symantec generally makes the BEST >> security products on the market and we are very surprised that this slipped >> through. Norton's Personal Firewall will drop a connection if it detects >> the string "startkeylogger" or "stopkeylogger" in incoming data. This is to >> prevent the spread of the new Spybot worm but also has unintended >> consequences. By using the string >> >> >> \001DCC SEND "startkeylogger" 0 0 0 >> >> >> a Denial of Service condition is created on multiple hardware routers and >> multiple software products. Such exploits have been seen running rampant in >> channels such as #lulzsec, #anonops, #ix, #nanog, #2600, and #phonelosers. >> Please be wary of any chats from unknown parties, and keep your software up >> to date. We will update you more as this situation unfolds. >> >> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
