Bugtraq mailing list archives

ConferenceRoom Exploit [tRa BuG LaBz0rz]

From: rewt () MAGIBOX NET (Rick Branson)
Date: Sun, 29 Mar 1998 02:34:55 -0600


the ereet bug trackz0r hq has found a bug in the ConferenceRoom
IRC server software.

REwT Reports:

 CR has a serious bug which enables people to really annoy IRCops
 and users of the network. Not only that, but the IRCops don't have
 a clue of where it's coming from. the ereet bug trackz0r hq has
 known about this bug for quite a while, but has not released the
 nfo, thinking WebMaster would clean up. Well, they haven't. The
 ereet bug trackz0r hq has released a comemoritive WarForge Edition
 of the bug exploiter (FoQeR). Download it here:
http://baste.magibox.net/~rewt/foq-wf.zip

 More nfo:
  The bug is a buffer overflow in the ConferenceRoom SNOTICE. It's
  a variation of the earlier "False Server SNOTICE." But this time,
  the IRCops have no idea where it's coming from. All you have to
  do is send alot of stuff along with your message (Message should
  be first, then all of the Alt+160s or whatever) when you do a
  "False Server SNOTICE" attack.

 Fix:
  I guess the WebMaster boiz will have to figer that out.

for the tRa ereet bug trackz0r hq..
I'm Dr. REwT

Current thread:

ConferenceRoom Exploit [tRa BuG LaBz0rz] Rick Branson (Mar 29)
- <Possible follow-ups>
- Re: ConferenceRoom Exploit [tRa BuG LaBz0rz] Phillip Pudney (Mar 30)