Next Page >>
IRC network
In October 2006 I discovered many "now playing" scripts for various IRC
clients allow an attacker to send commands to the IRC server on behalf of the
user.
Details
=======
Many scripts for various IRC clients, that report the name of the currently
playing song in a media player on IRC share the same security bug. They don't
sanitize the name of the song before sending it to the IRC server. When a
user plays a song with a newline (LF or CR, which are both message separators
Ircu is the open source IRC server used on Undernet and other IRC networks.
I (Wouter Coekaerts) discovered multiple vulnerabilities in various versions
some time ago, which have all been fixed for some time (since 2.10.12.06)
but not yet made public. Now that servers have had enough time to upgrade,
I feel it's time to do so.
None of these bugs can be abused for arbitrary code execution. Two are about
crashing a server, one about exposing IP addresses, and the effect of the
others stay within IRC: they allow clients to get more privileges on the IRC
network then they are supposed to have.
Background
==========
IRC Services is a system of services to be used with Internet Relay
Chat networks.
Affected packages
=================
-------------------------------------------------------------------
06/18/10 Advisory released
=============
Vulnerability
=============
The IRC client component of UFO: Alien Invasion 2.2.1 contains multiple
security vulnerabilities that allow a malicious IRC server to remotely execute
arbitrary code on the client's system. There are numerous ways that an attacker
could cause a player to connect to a malicious server, for example:
- Perform a man-in-the-middle attack to inject IRC server responses into the
[DCA-0010]
[Software]
- IrcDelphi Daemon Server
[Vendor Product Description]
- IRC Daemon (IRCd, IRC Server) coded in Delphi/Kylix using Indy
components. Easy to use and light irc daemon.
[Bug Description]
of arbitrary code or symlink attacks.
Background
==========
BitchX is an IRC client.
Affected packages
=================
-------------------------------------------------------------------
compromise the "unrealircd" account, or cause a Denial of Service.
Background
==========
UnrealIRCd is an Internet Relay Chat (IRC) daemon.
Affected packages
=================
-------------------------------------------------------------------
Secure Internet Life Conferencing (SILC) is open protocol aimed at
providing encrypted and authenticated communications over an insecure
medium such as the Internet. The SILC application of the same name
implements the protocol as an open source project. SILC is generally
used as a more secure replacement for Internet Relay Chat (IRC) networks
and other open and publicly accessible as well as private instant
messaging networks. A remote buffer overflow vulnerability found in a
library used by both the SILC server and client to process packets
containing cryptographic material may allow an un-authenticated client
to execute arbitrary code on the server with the privileges of the user
a Denial of Service.
Background
==========
ngIRCd is a free open source daemon for Internet Relay Chat (IRC).
Affected packages
=================
-------------------------------------------------------------------
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: KVIrc: Remote arbitrary code execution
Date: September 13, 2007
Bugs: #183174
ID: 200709-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
necessary changes.
Details follow:
It was discovered that irssi did not properly check the length of strings
when processing WALLOPS messages. If a user connected to an IRC network
where an attacker had IRC operator privileges, a remote attacker could
cause a denial of service.
Updated packages for Ubuntu 6.06 LTS:
A remote stack-based buffer overflow has been discovered in Eggdrop.
Background
==========
Eggdrop is an IRC bot extensible with C or Tcl.
Affected packages
=================
-------------------------------------------------------------------
the necessary changes.
Details follow:
It was discovered that Pidgin did not properly handle certain topic
messages in the IRC protocol handler. If a user were tricked into
connecting to a malicious IRC server, an attacker could cause Pidgin to
crash, leading to a denial of service. This issue only affected Ubuntu 8.04
LTS, Ubuntu 8.10 and Ubuntu 9.04. (CVE-2009-2703)
It was discovered that Pidgin did not properly enforce the "require
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: InspIRCd: Denial of Service
Date: May 09, 2008
Bugs: #215704
ID: 200805-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
when connecting to older Jabber servers that do not follow the XMPP
specification, which causes libpurple to connect to the server without
the expected encryption and allows remote attackers to sniff sessions
(CVE-2009-3026).
libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple
in Pidgin before 2.6.2 allows remote IRC servers to cause a denial
of service (NULL pointer dereference and application crash) via a
TOPIC message that lacks a topic string (CVE-2009-2703).
The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the
> James Madison University
> www.jmu.edu/computing/security
--
PinkFreud
Chief of Security, Nightstar IRC network
irc.nightstar.net | www.nightstar.net
Server Administrator - Blargh.CA.US.Nightstar.Net
Unsolicited advertisements sent to this address are NOT welcome.
_______________________________________________
To report a botnet PRIVATELY please email: c2report@isotf.org
do the first one since the code is trivially altered to do many of the others.
Also because it is the most fun and easy way to monetize this particular vuln,
and I'm hoping other people will make use of it before Apple patches!
(The best part of our first cross-protocol scripting PoC release:
http://encyclopediadramatica.com/Firefox_XPS_IRC_Attack
was seeing how many other people used it to summarily ruin every IRC network
that exists. What can I say? I love being an enabler.)
What you'll need:
<!--
KVIrc 3.4.2 Shiny (uri handler) remote command execution exploit
by Nine:Situations:Group::strawdog
Tested against IE8beta/WINxpsp3
software site:
http://www.kvirc.net/?lang=en
description:
"KVIrc is a Multilanguage, graphical IRC-Client for Windows, Linux, Unix and Mac
OS.[..]"
Once speakers send in their talk abstracts, we will put it online for
the community members to decide which talks they want to attend. On the
day of the conference, speakers will broadcast their talks using
screencasting software and the interested participants will tune in. The
participants will use IRC / chat rooms to ask questions to the speakers
during the talks.
What else is unique about SecurityTubeCon?
a. This conference will be held completely online!
Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim)
before 2.5.6 allows remote attackers to cause a denial of service
(application crash) via a QQ packet (CVE-2009-1374).
The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before
2.5.6 does not properly maintain a certain buffer, which allows
remote attackers to cause a denial of service (memory corruption
and application crash) via vectors involving the (1) XMPP or (2)
Sametime protocol (CVE-2009-1375).
found in irssi which might result in the execution of arbitrary code.
Background
==========
irssi is a modular textUI IRC client with IPv6 support.
Affected packages
=================
-------------------------------------------------------------------
The SA25276 patch ([1]) uses strncpy to fix a buffer overflow vulnerability
in src/mod/server.mod/servmsg.c (gotmsg). The last argument is not checked
for being non-negative, but that can happen if ctcpbuf is "". That causes
a remote crash vulnerability to be exploited by anyone connected to the same
IRC network as eggdrop. The SA25276 patch has been applied to the eggdrop1.6.18
debian package and was later adopted by Eggheads into eggdrop1.6.19.
One possible exploit anyone can send to the IRC server to crash eggdrop:
PRIVMSG eggdrop :\1\1
>
>
>
>
> ----------------------------------------------------------------------------
> Join us on IRC: irc.freenode.net #webappsec
>
> Have a question? Search The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/archive/
>
> Subscribe via RSS:
Regards,
- WASC Announcements
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
necessary changes.
Details follow:
USN-929-1 fixed vulnerabilities in irssi. The upstream changes introduced a
regression when using irssi with SSL and an IRC proxy. This update fixes
the problem.
We apologize for the inconvenience.
Original advisory details:
vulnerability analysis
3. Build an exemplary file fuzzer for the video- and audio codecs
shipped with current Nokia smartphones
4. List and briefly analyze the identified bugs
5. Discuss further ideas and concepts, such as jailbreak shellcode, and
an IRC bot trojan for Symbian
We aim to show that it is possible to find and exploit bugs on Symbian
smartphones, even in preinstalled system applications, without having
access to special development hardware, and that exploits and worms
similar to those found on desktop systems may be possible on Symbian.
Vulnerability : directory traversal
Problem type : remote
Debian-specific: no
Debian Bug : 537977
It was discovered that znc, an IRC proxy, did not properly process
certain DCC requests, allowing attackers to upload arbitrary files.
For the old stable distribution (etch), this problem has been fixed in
version 0.045-3+etch3.
/*
PJIRC mod phpBB Local File Include
Discrovered by: 0in from DaRk-CodeRs Programming & Security Group!
Contact: 0in(dot)email[at]gmail(dot)com
Description: This is a simply irc applet to phpbb.
Download: http://www.hotscripts.pl/produkt-1998.html
HTTP://Dark-Coders.4rh.eu
Greetz to: All DaRk-CodeRs Team Members: die_anglel, m4r1usz, sun8hclf, djlinux, aristo89
*/
Title =========:: Tornado Knowledge Retrieval System <= 4.2 Remote XSS Vulnerability
Author ========:: unohope [at] chroot [dot] org
IRC ===========:: irc.chroot.org #chroot
ScriptName ====:: Tornado Knowledge Retrieval System
ScriptVendor ==:: http://www.tornado.com.tw/
Title =======:: Insanely Simple Blog 0.5 (index) Remote SQL Injection Vulnerabilities
Author ======:: unohope [at] chroot [dot] org
IRC =========:: irc.chroot.org #chroot
ScriptName ==:: Insanely Simple Blog
Download ====:: http://jaist.dl.sourceforge.net/sourceforge/insanelysimple2/insanely_simple_blog0.5.zip
Next Page>>
|
