mIRC 6.03 and below allow the ability for a remote attacker to spoof a dcc chat request in a targets client.
e563523994f9fa8795dd89183f1920def4ff07f15d1392c758656569e82a5204I. BACKGROUND
mIRC is "a friendly IRC client that is well equipped with options and
tools"
More information about the application is available at
https://www.mirc.com
II. DESCRIPTION
The DCC server which is builtin in mirc listens on port 59 if enabled,
and is insecure by design.
III. ANALYSIS
Connecting to the target om port 59 via for example netcat and typing
100 nick-to-spoof will show a dcc chat request in the targets client,
appearing to originate from nick-to-spoof.
This can be dangerous if trust relationships are observed between
a vulnerable user and a user on a multi-user system, be it a
shellprovider/vhost supplier or the likes.
IV. DETECTION
mIRC 6.03 and below (those versions who incorporate the DCC server) are
found to be vulnerable.
V. WORKAROUND
unknown
VI. VENDOR FIX
unknown
VII. CVE INFORMATION
unknown
VIII. DISCLOSURE TIMELINE
unknown
IX. CREDIT
/
Knud Erik Højgaard/kokaninATdtors.net
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed