Bugtraq mailing list archives
Re: Mirc 5.5 'DCC Server' hole
From: devil () BETA COSAPIDATA COM PE (Sandro Jurado)
Date: Tue, 26 Jan 1999 11:40:49 -0500
On 24 Jan 99, at 8:44, Spikeman wrote:
while talking with typo he gave me this mIRC bug as it says in the file # bug description: mirc 5.5's newly introduced dcc server feature doesn't # filter metachars(such as . and \) from sent filenames. this script fakes the # sending of a harmless file and then puts malicious file in a wanted # destination dir on the same harddrive (autostart dir is a good choice) If you have problems with the attchmnt i have the file at http://spikeman.genocide2600.com/balu.pl
As I see, this will only work if you have the mIRC DCCSERVER in ON. If not, you wont have a port 59 listening to DCCs.
Current thread:
- Re: Sendmail 8.8.x/8.9.x bugware, (continued)
- Re: Sendmail 8.8.x/8.9.x bugware John Mizzi (Jan 17)
- Personal web server kiborg (Jan 17)
- Re: Personal web server Dave Pifke (Jan 18)
- Another web-based mail reader hole Dave Pifke (Jan 18)
- Re: Another web-based mail reader hole Peter van Dijk (Jan 19)
- Personal web server kiborg (Jan 17)
- Re: Sendmail 8.8.x/8.9.x bugware Michal Zalewski (Jan 18)
- Re: Sendmail 8.8.x/8.9.x bugware John Mizzi (Jan 17)
- Re: Sendmail 8.8.x/8.9.x bugware Nic Bellamy (Jan 19)
- NetBSD Security Advisory 1999-001: select(2)/accept(2) race Luke Mewburn (Jan 20)
- Re: NetBSD Security Advisory 1999-001: select(2)/accept(2) race Alan Cox (Jan 23)
- Mirc 5.5 'DCC Server' hole Spikeman (Jan 24)
- Re: Mirc 5.5 'DCC Server' hole Sandro Jurado (Jan 26)
- Re: NetBSD Security Advisory 1999-001: select(2)/accept(2) race Casper Dik (Jan 25)
- Announcement: Wietse's FTP site has moved Wietse Venema (Jan 25)
- Re: NetBSD Security Advisory 1999-001: select(2)/accept(2) race Alan Cox (Jan 23)
- Re: Nobo and Netbuster Dos Flavio Veloso (Jan 21)
- CFP: New Security Paradigms Workshop 1999 Crispin Cowan (Jan 21)