Next Page >>
IRC chat
In October 2006 I discovered many "now playing" scripts for various IRC
clients allow an attacker to send commands to the IRC server on behalf of the
user.
Details
=======
Many scripts for various IRC clients, that report the name of the currently
playing song in a media player on IRC share the same security bug. They don't
sanitize the name of the song before sending it to the IRC server. When a
user plays a song with a newline (LF or CR, which are both message separators
Ircu is the open source IRC server used on Undernet and other IRC networks.
I (Wouter Coekaerts) discovered multiple vulnerabilities in various versions
some time ago, which have all been fixed for some time (since 2.10.12.06)
but not yet made public. Now that servers have had enough time to upgrade,
I feel it's time to do so.
None of these bugs can be abused for arbitrary code execution. Two are about
crashing a server, one about exposing IP addresses, and the effect of the
others stay within IRC: they allow clients to get more privileges on the IRC
network then they are supposed to have.
Background
==========
IRC Services is a system of services to be used with Internet Relay
Chat networks.
Affected packages
=================
-------------------------------------------------------------------
[DCA-0010]
[Software]
- IrcDelphi Daemon Server
[Vendor Product Description]
- IRC Daemon (IRCd, IRC Server) coded in Delphi/Kylix using Indy
components. Easy to use and light irc daemon.
[Bug Description]
06/18/10 Advisory released
=============
Vulnerability
=============
The IRC client component of UFO: Alien Invasion 2.2.1 contains multiple
security vulnerabilities that allow a malicious IRC server to remotely execute
arbitrary code on the client's system. There are numerous ways that an attacker
could cause a player to connect to a malicious server, for example:
- Perform a man-in-the-middle attack to inject IRC server responses into the
of arbitrary code or symlink attacks.
Background
==========
BitchX is an IRC client.
Affected packages
=================
-------------------------------------------------------------------
compromise the "unrealircd" account, or cause a Denial of Service.
Background
==========
UnrealIRCd is an Internet Relay Chat (IRC) daemon.
Affected packages
=================
-------------------------------------------------------------------
a Denial of Service.
Background
==========
ngIRCd is a free open source daemon for Internet Relay Chat (IRC).
Affected packages
=================
-------------------------------------------------------------------
Secure Internet Life Conferencing (SILC) is open protocol aimed at
providing encrypted and authenticated communications over an insecure
medium such as the Internet. The SILC application of the same name
implements the protocol as an open source project. SILC is generally
used as a more secure replacement for Internet Relay Chat (IRC) networks
and other open and publicly accessible as well as private instant
messaging networks. A remote buffer overflow vulnerability found in a
library used by both the SILC server and client to process packets
containing cryptographic material may allow an un-authenticated client
to execute arbitrary code on the server with the privileges of the user
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: KVIrc: Remote arbitrary code execution
Date: September 13, 2007
Bugs: #183174
ID: 200709-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Once speakers send in their talk abstracts, we will put it online for
the community members to decide which talks they want to attend. On the
day of the conference, speakers will broadcast their talks using
screencasting software and the interested participants will tune in. The
participants will use IRC / chat rooms to ask questions to the speakers
during the talks.
What else is unique about SecurityTubeCon?
a. This conference will be held completely online!
Original URL:
http://securityreason.com/achievement_securityalert/71
- --- 0.Description ---
The SeaMonkey project is a community effort to develop the SeaMonkey all-in-one internet application suite (see below). Such a software suite was previously made popular by Netscape and Mozilla, and the SeaMonkey project continues to develop and deliver high-quality updates to this concept. Containing an Internet browser, email & newsgroup client with an included web feed reader, HTML editor, IRC chat and web development tools, SeaMonkey is sure to appeal to advanced users, web developers and corporate users.
- --- 1. SeaMonkey 1.1.18 Remote Array Overrun (Arbitrary code execution) ---
The main problem exist in dtoa implementation. SeaMonkey has the same dtoa as a KDE, Opera and all BSD systems. This issue has been fixed in Firefox 3.5.4 and fix
when connecting to older Jabber servers that do not follow the XMPP
specification, which causes libpurple to connect to the server without
the expected encryption and allows remote attackers to sniff sessions
(CVE-2009-3026).
libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple
in Pidgin before 2.6.2 allows remote IRC servers to cause a denial
of service (NULL pointer dereference and application crash) via a
TOPIC message that lacks a topic string (CVE-2009-2703).
The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the
Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim)
before 2.5.6 allows remote attackers to cause a denial of service
(application crash) via a QQ packet (CVE-2009-1374).
The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before
2.5.6 does not properly maintain a certain buffer, which allows
remote attackers to cause a denial of service (memory corruption
and application crash) via vectors involving the (1) XMPP or (2)
Sametime protocol (CVE-2009-1375).
The SA25276 patch ([1]) uses strncpy to fix a buffer overflow vulnerability
in src/mod/server.mod/servmsg.c (gotmsg). The last argument is not checked
for being non-negative, but that can happen if ctcpbuf is "". That causes
a remote crash vulnerability to be exploited by anyone connected to the same
IRC network as eggdrop. The SA25276 patch has been applied to the eggdrop1.6.18
debian package and was later adopted by Eggheads into eggdrop1.6.19.
One possible exploit anyone can send to the IRC server to crash eggdrop:
PRIVMSG eggdrop :\1\1
found in irssi which might result in the execution of arbitrary code.
Background
==========
irssi is a modular textUI IRC client with IPv6 support.
Affected packages
=================
-------------------------------------------------------------------
<!--
KVIrc 3.4.2 Shiny (uri handler) remote command execution exploit
by Nine:Situations:Group::strawdog
Tested against IE8beta/WINxpsp3
software site:
http://www.kvirc.net/?lang=en
description:
"KVIrc is a Multilanguage, graphical IRC-Client for Windows, Linux, Unix and Mac
OS.[..]"
necessary changes.
Details follow:
It was discovered that irssi did not properly check the length of strings
when processing WALLOPS messages. If a user connected to an IRC network
where an attacker had IRC operator privileges, a remote attacker could
cause a denial of service.
Updated packages for Ubuntu 6.06 LTS:
the necessary changes.
Details follow:
It was discovered that Pidgin did not properly handle certain topic
messages in the IRC protocol handler. If a user were tricked into
connecting to a malicious IRC server, an attacker could cause Pidgin to
crash, leading to a denial of service. This issue only affected Ubuntu 8.04
LTS, Ubuntu 8.10 and Ubuntu 9.04. (CVE-2009-2703)
It was discovered that Pidgin did not properly enforce the "require
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: InspIRCd: Denial of Service
Date: May 09, 2008
Bugs: #215704
ID: 200805-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
A remote stack-based buffer overflow has been discovered in Eggdrop.
Background
==========
Eggdrop is an IRC bot extensible with C or Tcl.
Affected packages
=================
-------------------------------------------------------------------
Debian Bug : 519940
BugTraq ID : 34148
Sebastien Helleu discovered that an error in the handling of color codes
in the weechat IRC client could cause an out-of-bounds read of an internal
color array. This can be used by an attacker to crash user clients
via a crafted PRIVMSG command.
The weechat version in the oldstable distribution (etch) is not affected
>
>
>
>
> ----------------------------------------------------------------------------
> Join us on IRC: irc.freenode.net #webappsec
>
> Have a question? Search The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/archive/
>
> Subscribe via RSS:
------------------------------------------------------------------------
----
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
Exploit Discovery
------------------
I was analyzing packets for an application of my own to figure out an
issue with my own protocol when I noticed I was receiving packets that
looked similar to that of IRC, so I decided to take a break from my own
project and figure out what application it was. I noticed it was the
voice communication and chat program called GSC. Since I was bored I
figured I would poke around at some of these packets.
First I logged on to my own channel as an administrator and kicked a
Background
==========
Wee Enhanced Environment for Chat (WeeChat) is a light and extensible
console IRC client.
Affected packages
=================
-------------------------------------------------------------------
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2007-2807
Debian Bug : 427157
It was discovered that eggdrop, an advanced IRC robot, was vulnerable
to a buffer overflow which could result in a remote user executing
arbitrary code.
For the stable distribution (etch), this problem has been fixed in version
1.6.18-1etch1.
Common scenario:
The attacker sends to the victim (using emails, IM or IRC) the malicious link and with some social techs
makes the victim click on it.
After this, the attacker can access the victim's wlan that is now open to everybody.
Other devices of the same family could be vulnerable too but I did not test it.
damages so the foregoing limitation may not apply.
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
Thursday, May 1st, 2008 @ 7:21 am | Privacy, News
http://www.infiltrated.net/?p=92
After reading through Microsoft's comments repeatedly yesterday, I cannot come to the
conclusion that Microsoft's "Malware Removal Tool" is not some form of backdoor.
Their comments in the initial article are extremely disturbing and anyone using a
Microsoft product should now be extremely weary about downloading new updates if
even deciding to continue using Microsoft at all.
So let's take a look at the top botnets. Srizbi, Bobax, Rustock, Cutwail, Ozdok, Nucrypt,
Wopla, Spamthru, Storm, Grum, Onewordsub; These are the top as reported by Secure
Next Page>>
|
