[20387] in bugtraq
Re: Fw: [net-com] Bug in Mirc v5.82
daemon@ATHENA.MIT.EDU (Gossi The Dog)
Mon Apr 23 15:59:55 2001
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.LNX.4.33.0104222053200.8096-100000@owned.lab6.com>
Date: Sun, 22 Apr 2001 20:58:27 +0100
Reply-To: Gossi The Dog <gossi@OWNED.LAB6.COM>
From: Gossi The Dog <gossi@OWNED.LAB6.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <001d01c0cb2f$e892a540$0a00a8c0@home>
*** Now talking in #xnet
*** Topic is '606 users! -=- <ben> 'im the special ed teacher, you look
special to me, come and sit on my lap''
*** Set by wnfAknd on Sat Apr 21 21:20:17
<Gossi> hey
<Gossi> anybody seen Trax lurking?
<[\]> oh f\ck, another one
<Syzop> wehe
<[\]> F\CK OF!"
<Syzop> lol
[..]
[\] is traxster@host-removed.webport.bt.net * Trax
[\] on @#z @#xnet @#viagra @#radio-one @#leech @#happyland #GiMP
[\] using viagra.tx.us.xnet.org [64.242.77.168] Up, up and away!
[\] is away: F\CK OFF! (29m 13s)
[\] is an IRC Operator
[\] is client 1 of an allowed 0 from 62.7.156.105
[\] End of /WHOIS list.
[..]
<[\]> some asswipe forwarded it from a PRIVATE LIST
<Gossi> but the point is, everybody is freaking out now, because nobody
knows the details of the problem
<[\]> hense the reason im awaiting the person who forwarded the email to
get off his ass and stop watching the simpsons
<[\]> ok you wanaks, ive just emailed all the people who experienced it,
requested all info's on it, now would you please leave me alone ? :)
[..]
<[\]> i know what script bugs look like, and this effected 4 different
people, using different scripts, and one with a bare mirc
Apparently a few Xnet users were experiencing problems with mIRC doing
funny stuff. It's unclear at this stage if it's mIRCs fault, or a third
part scripts fault.
Regards,
Gossi The Bugtraq Hassler.
On Sun, 22 Apr 2001, Chris King wrote:
> ----- Original Message -----
> From: Trax <traxster@atlas.co.uk>
> To: opers-xnet <opers@xnet.org>
> Cc: net-com-xnet <net-com@xnet.org>
> Sent: Sunday, April 22, 2001 1:40 PM
> Subject: [net-com] Bug in Mirc v5.82
>
>
> > There is a bug in mirc v5.82 that allows remote control of clients via
> > /quote and /ctcp (not the ctcp *:*:*:* code tho), this is different, it's
> > the mirc coder's fault.
> >
> > Simple solution:
> > Downgrade mirc to v5.81 till a fix/new mirc comes out.
> >
> > Other Solution:
> > Put these in your remotes as they are printed here:
> >
> > ctcp 1:finger:haltdef
> > ctcp 1:userinfo:haltdef
> > ctcp 1:clientinfo:haltdef
> > ctcp 1:ping:haltdef
> > ctcp 1:time:haltdef
> > ctcp 1:sound:haltdef
> > ctcp 1:msg:haltdef
> > ctcp 1:/msg:haltdef
> >
> >
> > From my point of view, this *may* screw up your scripts, so the downgrade
> is
> > the easier option.
> >
> > This hole in mirc enable's people to remotely control people using mirc
> > v5.82 using /quote and /ctcp. This morning on another network, someone
> did
> > it to an ircop and globaled, if they wanted to they could have
> > killed/akilled people.
> >
> > So please either ditch Mirc v5.82 or insert the above code.
> >
> > Laters
> > Trax.
> >
> >
> >
>
