IrcII DCC Chat Buffer Overflow Vulnerability
BID:1046
Info
IrcII DCC Chat Buffer Overflow Vulnerability
| Bugtraq ID: | 1046 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Mar 10 2000 12:00AM |
| Updated: | Mar 10 2000 12:00AM |
| Credit: | First posted to BugTraq by bladi <[email protected]> on March 10, 2000. |
| Vulnerable: |
Michael Sandrof IrcII 4.4 -7 |
| Not Vulnerable: |
Michael Sandrof IrcII 4.4 M |
Discussion
IrcII DCC Chat Buffer Overflow Vulnerability
IrcII is a well-known Internet Relay Chat (IRC) client for unix. Version 4.4-7 and possibly previous versions are known to be vulnerable to a buffer overflow condition in their direct client-to-client (DCC) chat implementation. It may be possible to execute arbitrary code on a client attempting to initiate a dcc chat. Exploitation this vulnerability could result in a remote compromise with the privileges of the user running the ircII client.
This vulnerability was present in the "port" made available with FreeBSD. It is not installed by default.
IrcII is a well-known Internet Relay Chat (IRC) client for unix. Version 4.4-7 and possibly previous versions are known to be vulnerable to a buffer overflow condition in their direct client-to-client (DCC) chat implementation. It may be possible to execute arbitrary code on a client attempting to initiate a dcc chat. Exploitation this vulnerability could result in a remote compromise with the privileges of the user running the ircII client.
This vulnerability was present in the "port" made available with FreeBSD. It is not installed by default.
Exploit / POC
IrcII DCC Chat Buffer Overflow Vulnerability
An exploit has been made available.
An exploit has been made available.
Solution / Fix
IrcII DCC Chat Buffer Overflow Vulnerability
Solution:
bladi <[email protected]> suggested upgrading to IrcII version 4.4M in his post to BugTraq on March 10, 2000.
A fix was made available for the FreeBSD port of IrcII 4.4. From the advisory:
1) Upgrade your entire ports collection and rebuild the ircII port.
2) Reinstall a new package dated after the correction date, obtained from:
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/irc/ircII-4.4S.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/irc/ircII-4.4S.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-3-stable/irc/ircII-4.4S.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/irc/ircII-4.4S.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/irc/ircII-4.4S.tgz
3) download a new port skeleton for the ircII port from:
http://www.freebsd.org/ports/
and use it to rebuild the port.
4) Use the portcheckout utility to automate option (3) above. The
portcheckout port is available in /usr/ports/devel/portcheckout or the
package can be obtained from:
ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz
Michael Sandrof IrcII 4.4 -7
Solution:
bladi <[email protected]> suggested upgrading to IrcII version 4.4M in his post to BugTraq on March 10, 2000.
A fix was made available for the FreeBSD port of IrcII 4.4. From the advisory:
1) Upgrade your entire ports collection and rebuild the ircII port.
2) Reinstall a new package dated after the correction date, obtained from:
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/irc/ircII-4.4S.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/irc/ircII-4.4S.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-3-stable/irc/ircII-4.4S.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/irc/ircII-4.4S.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/irc/ircII-4.4S.tgz
3) download a new port skeleton for the ircII port from:
http://www.freebsd.org/ports/
and use it to rebuild the port.
4) Use the portcheckout utility to automate option (3) above. The
portcheckout port is available in /usr/ports/devel/portcheckout or the
package can be obtained from:
ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz
Michael Sandrof IrcII 4.4 -7
-
Michael Sandrof IrcII 4.4M
ftp://ircftp.au.eterna.com/pub/ircII/ircii-4.4M.tar.gz
References
IrcII DCC Chat Buffer Overflow Vulnerability
References:
References: