mIRC Home    About    Download    Register    News    Help

Print Thread
#212780 04/06/09 08:25 AM
Joined: Jun 2009
Posts: 48
Ameglian cow
OP Offline
Ameglian cow
Joined: Jun 2009
Posts: 48
I searched the forum for this but couldn't find any details. Sorry if I missed them but has this issue been fixed?

mIRC "PRIVMSG" Processing Buffer Overflow Vulnerability

Thanks for any responses ^^

Joined: Oct 2003
Posts: 3,918
A
Hoopy frood
Offline
Hoopy frood
A
Joined: Oct 2003
Posts: 3,918
You should check versions.txt and/or reproduce a bug before posting in this forum. This forum is for reports, not questions.

http://www.mirc.com/versions.txt
Item 1 in 6.35 shows the fix.


- argv[0] on EFnet #mIRC
- "Life is a pointer to an integer without a cast"
argv0 #212782 04/06/09 08:55 AM
Joined: Jun 2009
Posts: 48
Ameglian cow
OP Offline
Ameglian cow
Joined: Jun 2009
Posts: 48
1.Fixed nickname bug where very long nicknames (hundreds of characters in length) sent by the server would cause mIRC to crash.

Sorry for the wrong forum but doesn't the advisory I linked to say PRIVMSG not nick length?

Joined: Oct 2003
Posts: 3,918
A
Hoopy frood
Offline
Hoopy frood
A
Joined: Oct 2003
Posts: 3,918
The advisory title is wrong, then. Look at the proof of concept exploit and you'll see what that advisory is describing. The exploit comes from the PRIVMSG command but the buffer overflow field is the nickname.


- argv[0] on EFnet #mIRC
- "Life is a pointer to an integer without a cast"
Joined: Dec 2002
Posts: 5,433
Hoopy frood
Offline
Hoopy frood
Joined: Dec 2002
Posts: 5,433
They are indeed the same issue - the item description in versions.txt is just a little more specific about the cause :-)

Khaled #212806 05/06/09 09:20 AM
Joined: Jun 2009
Posts: 48
Ameglian cow
OP Offline
Ameglian cow
Joined: Jun 2009
Posts: 48
Thank you so much for the reply ^^


Link Copied to Clipboard