mIRC Home    About    Download    Register    News    Help

Print Thread
Secunia Advisory #212780 04/06/09 08:25 AM
Joined: Jun 2009
Posts: 48
StrawberryKitty Offline OP
Ameglian cow
OP Offline
Ameglian cow
Joined: Jun 2009
Posts: 48
I searched the forum for this but couldn't find any details. Sorry if I missed them but has this issue been fixed?

mIRC "PRIVMSG" Processing Buffer Overflow Vulnerability

Thanks for any responses ^^

Re: Secunia Advisory [Re: StrawberryKitty] #212781 04/06/09 08:30 AM
Joined: Oct 2003
Posts: 3,918
A
argv0 Offline
Hoopy frood
Offline
Hoopy frood
A
Joined: Oct 2003
Posts: 3,918
You should check versions.txt and/or reproduce a bug before posting in this forum. This forum is for reports, not questions.

http://www.mirc.com/versions.txt
Item 1 in 6.35 shows the fix.


- argv[0] on EFnet #mIRC
- "Life is a pointer to an integer without a cast"
Re: Secunia Advisory [Re: argv0] #212782 04/06/09 08:55 AM
Joined: Jun 2009
Posts: 48
StrawberryKitty Offline OP
Ameglian cow
OP Offline
Ameglian cow
Joined: Jun 2009
Posts: 48
1.Fixed nickname bug where very long nicknames (hundreds of characters in length) sent by the server would cause mIRC to crash.

Sorry for the wrong forum but doesn't the advisory I linked to say PRIVMSG not nick length?

Re: Secunia Advisory [Re: StrawberryKitty] #212784 04/06/09 09:46 AM
Joined: Oct 2003
Posts: 3,918
A
argv0 Offline
Hoopy frood
Offline
Hoopy frood
A
Joined: Oct 2003
Posts: 3,918
The advisory title is wrong, then. Look at the proof of concept exploit and you'll see what that advisory is describing. The exploit comes from the PRIVMSG command but the buffer overflow field is the nickname.


- argv[0] on EFnet #mIRC
- "Life is a pointer to an integer without a cast"
Re: Secunia Advisory [Re: StrawberryKitty] #212785 04/06/09 11:03 AM
Joined: Dec 2002
Posts: 4,862
Khaled Offline
Hoopy frood
Offline
Hoopy frood
Joined: Dec 2002
Posts: 4,862
They are indeed the same issue - the item description in versions.txt is just a little more specific about the cause :-)

Re: Secunia Advisory [Re: Khaled] #212806 05/06/09 09:20 AM
Joined: Jun 2009
Posts: 48
StrawberryKitty Offline OP
Ameglian cow
OP Offline
Ameglian cow
Joined: Jun 2009
Posts: 48
Thank you so much for the reply ^^