Register Log In

Forums Bug Reports Secunia Advisory

Print Thread

Secunia Advisory #212780 04/06/09 08:25 AM
S StrawberryKitty
StrawberryKitty S	I searched the forum for this but couldn't find any details. Sorry if I missed them but has this issue been fixed? mIRC "PRIVMSG" Processing Buffer Overflow Vulnerability Thanks for any responses ^^

Re: Secunia Advisory #212781 04/06/09 08:30 AM
Joined: Oct 2003 Posts: 3,641 Montreal, QC, Canada A argv0 Hoopy frood
argv0 Hoopy frood A Joined: Oct 2003 Posts: 3,641 Montreal, QC, Canada	You should check versions.txt and/or reproduce a bug before posting in this forum. This forum is for reports, not questions. http://www.mirc.com/versions.txt Item 1 in 6.35 shows the fix.

Re: Secunia Advisory argv0 #212782 04/06/09 08:55 AM
S StrawberryKitty
StrawberryKitty S	1.Fixed nickname bug where very long nicknames (hundreds of characters in length) sent by the server would cause mIRC to crash. Sorry for the wrong forum but doesn't the advisory I linked to say PRIVMSG not nick length?

Re: Secunia Advisory #212784 04/06/09 09:46 AM
Joined: Oct 2003 Posts: 3,641 Montreal, QC, Canada A argv0 Hoopy frood
argv0 Hoopy frood A Joined: Oct 2003 Posts: 3,641 Montreal, QC, Canada	The advisory title is wrong, then. Look at the proof of concept exploit and you'll see what that advisory is describing. The exploit comes from the PRIVMSG command but the buffer overflow field is the nickname.

Re: Secunia Advisory #212785 04/06/09 11:03 AM
Joined: Dec 2002 Posts: 3,845 London, UK Khaled Hoopy frood
Khaled Hoopy frood Joined: Dec 2002 Posts: 3,845 London, UK	They are indeed the same issue - the item description in versions.txt is just a little more specific about the cause :-)

Re: Secunia Advisory Khaled #212806 05/06/09 09:20 AM
S StrawberryKitty
StrawberryKitty S	Thank you so much for the reply ^^

Link Copied to Clipboard