IRCu Family IRCd DoS Exploit
9 April 2008
Last month a new bug have been found in IRCu family IRCd's which can be exploited leading to a crashing server.

In this post on Milw0rm the bug and exploit is explained. IRCu (<= 2.10.12.12) and many derivatives are affected.

IRC-Junkie asked Slug, who found the bug and described it on Milw0rm, how he found the bug. "Core dump from one of our servers," Slug starts. "send_user_mode in s_user.c does not check that the argument after a +r mode is present, if it is not than the NULL sentinel may be missed, causing the function to iterate over the boundary of the array."

One way to exploit the bug would be using the command with string /mode nickname i i i i i i i i i i i i i i i r r r r s. Doing so would core the server.

Only cure is to upgrade to the latest version of the IRCd with fix for this exploit.




You think you have something to add to this article? You can do so by using this form below! Your comment will be added on the bottom of this page.



nick:
Tripcode: nick#password allowed
Tripcodes are shown as nick!tripcode
yellow text:
  
comment:
BBCode: [b]text[/b], [i]text[/i], [u]text[/u], [url=http://domain]text[/url], [quote]text[/quote]
Please check your text before submitting, there is no edit function afterwards.
 


      On 9 April 2008 14:08, El_Rico!ztovJb4bGM (?) added the next comment:

I am not too sure that it was a wise idea that slug posted such an easy way to exploit it.

      Quote

      On 13 April 2008 18:59, Asmo!jvtvQ46KlU (?) added the next comment:

Even if it was 'hard' to exploit enough people would be able to exploit. As long as enough time has been given to the users to upgrade...

      Quote







    SearchIRC  Download mIRC Scripts, Bots, and Addons    French language mIRC scripting site   
Loans - Loans - Cheap Flights - Scottsdale Landscaping