WebMaster ConferenceRoom Developer Edition DoS Vulnerability
BID:2178
Info
WebMaster ConferenceRoom Developer Edition DoS Vulnerability
| Bugtraq ID: | 2178 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2001-0177 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Jan 10 2001 12:00AM |
| Updated: | Jul 11 2009 04:46AM |
| Credit: | Discovered and posted to Bugtraq on Jan 10, 2001 by Murat - 2 <[email protected]>. |
| Vulnerable: |
WebMaster ConferenceRoom 1.8.1 |
| Not Vulnerable: |
WebMaster ConferenceRoom 1.8.2 |
Discussion
WebMaster ConferenceRoom Developer Edition DoS Vulnerability
WebMaster ConferenceRoom Developer Edition is a chat package which enables a large community of users to chat together. ConferenceRoom has a wide range of capabilities and a user friendly channel moderation feature.
It is possible to cause a denial of service in ConferenceRoom. By making duplicate connections and executing special server commands in both sessions, ConferenceRoom will crash and refuse any new connections. A restart of the service is required in order to gain normal functionality.
WebMaster ConferenceRoom Developer Edition is a chat package which enables a large community of users to chat together. ConferenceRoom has a wide range of capabilities and a user friendly channel moderation feature.
It is possible to cause a denial of service in ConferenceRoom. By making duplicate connections and executing special server commands in both sessions, ConferenceRoom will crash and refuse any new connections. A restart of the service is required in order to gain normal functionality.
Exploit / POC
WebMaster ConferenceRoom Developer Edition DoS Vulnerability
The following exploit has been provided by Murat - 2 <[email protected]>:
ConferenceRoom 1.8.1:
Make to connections to the irc server second being the clone of other. On second connection (clone) type "/ns buddy on". on first connection type "/ns buddy add <clone client nickname>". on clone type "/ns auth accept 1" and the services crashes.
ConferenceRoom 1.8.2:
"/ns buddy on" can't run, cuz professional edt. can't support "buddy" command. Register it one channel, and type it commands "/ns set authorize chanlists on", "/cs aop <#ChannelName> add <NickName>", "/ns auth accept 1". and the services crashes.
The following exploit has been provided by Murat - 2 <[email protected]>:
ConferenceRoom 1.8.1:
Make to connections to the irc server second being the clone of other. On second connection (clone) type "/ns buddy on". on first connection type "/ns buddy add <clone client nickname>". on clone type "/ns auth accept 1" and the services crashes.
ConferenceRoom 1.8.2:
"/ns buddy on" can't run, cuz professional edt. can't support "buddy" command. Register it one channel, and type it commands "/ns set authorize chanlists on", "/cs aop <#ChannelName> add <NickName>", "/ns auth accept 1". and the services crashes.
Solution / Fix
WebMaster ConferenceRoom Developer Edition DoS Vulnerability
Solution:
WebMaster has addressed this issue in the release of ConferenceRoom 1.8.2a:
WebMaster ConferenceRoom 1.8.1
Solution:
WebMaster has addressed this issue in the release of ConferenceRoom 1.8.2a:
WebMaster ConferenceRoom 1.8.1
-
WebMaster CR1.8.2a-BSDi
BSDI
http://www.webmaster.com/products/CR1.8.2a-BSDi.tar.gz -
WebMaster CR1.8.2a-FreeBSD3
FreeBSD 3.1
http://www.webmaster.com/products/CR1.8.2a-FreeBSD3.tar.gz -
WebMaster CR1.8.2a-FreeBSD4
FreeBSD 4.0
http://www.webmaster.com/products/CR1.8.2a-FreeBSD4.tar.gz -
WebMaster CR1.8.2a-Linux
Linux
http://www.webmaster.com/products/CR1.8.2a-Linux.tar.gz -
WebMaster CR1.8.2a-Solaris2.6-sparc
Solaris sparc
http://www.webmaster.com/products/CR1.8.2a-Solaris2.6-sparc.tar.Z -
WebMaster CR1.8.2a-Solaris2.7-x86
Solaris x86
http://www.webmaster.com/products/CR1.8.2a-Solaris2.7-x86.tar.Z -
WebMaster crinst182a
Windows
http://www.webmaster.com/products/crinst182a.exe