mIRC Home    About    Download    Register    News    Help

Print Thread
#54978 15/10/03 12:52 PM
Joined: Oct 2003
Posts: 2
Z
Zeo Offline OP
Bowl of petunias
OP Offline
Bowl of petunias
Z
Joined: Oct 2003
Posts: 2
I know its commom knowledge now that 6.0-11 has a hole that 12 suppsoedly fixes, but I had a user get hacked with exactly the same calling card using 6.12 this morning.

If a hacker knows the the intricate deatials of the hole in 6.x, are they able to bypass the fix?



#54979 15/10/03 03:03 PM
Joined: Dec 2002
Posts: 86
D
Babel fish
Offline
Babel fish
D
Joined: Dec 2002
Posts: 86
'get hacked' ? The bug could only crash mIRC, is this what you are speaking of? It is more likely that something besides mIRC was the cause of your users problem (if they did in fact install 6.12).

There have been _all kinds_ of rumors circling about other bugs, but none that anybody has been able to reproduce or that anybody can even confirm.

-chris

#54980 15/10/03 04:30 PM
Joined: Dec 2002
Posts: 2,809
C
Hoopy frood
Offline
Hoopy frood
C
Joined: Dec 2002
Posts: 2,809
It was a buffer overflow, you can certainly get hacked from that. All it takes is someone to craft an exploit that will inject some shell code. To my knowledge, no one has done this yet, but that doesn't mean no one will...

#54981 15/10/03 05:23 PM
Joined: Dec 2002
Posts: 86
D
Babel fish
Offline
Babel fish
D
Joined: Dec 2002
Posts: 86
Yes, and I'm sure you're aware that not all buffer overflows _are_ exploitable. Also, with this, you've got very limited space because of the IRC servers truncating the lines.

It is exceedingly unlikey that the person in question was hacked because of this bug. There are many other places I'd look into first.

-chris

#54982 15/10/03 05:59 PM
Joined: Dec 2002
Posts: 2,809
C
Hoopy frood
Offline
Hoopy frood
C
Joined: Dec 2002
Posts: 2,809
Agreed, however you didn't say it is not likely that this is the case, you said that the exploit "can only" crash mIRC, and that is not necessarily true.

#54983 15/10/03 10:37 PM
Joined: Feb 2003
Posts: 29
S
Ameglian cow
Offline
Ameglian cow
S
Joined: Feb 2003
Posts: 29
Someone took over his account and behing hop in a few channels the topics and bans got changed. We don't know how it was done.

#54984 15/10/03 11:40 PM
Joined: Dec 2002
Posts: 3,127
P
Hoopy frood
Offline
Hoopy frood
P
Joined: Dec 2002
Posts: 3,127
i would suggest your friend run at least a couple good virus scans and take a good look around in his remotes. The dcc exploit that was fixed in v6.12 wasnt one that could have gotten access to your friends password. It goes without saying that leaving any passwords in a script or in perform isnt a good idea. Many passwords are easy to guess, and many are lost because ppl type commands containing a password in a channel or query window rather than in status and its shown if they typo.


ParaBrat @#mIRCAide DALnet
#54985 16/10/03 06:43 PM
Joined: Oct 2003
Posts: 2
Z
Zeo Offline OP
Bowl of petunias
OP Offline
Bowl of petunias
Z
Joined: Oct 2003
Posts: 2
The reason I think it had something to do with this is because ever since the new realese and thepublicity is when these problems started.

so far, no more problems though *crosses fingers*


Link Copied to Clipboard