Go Back   nV News Forums > Software Forums > General Software
Reload this Page Two or more exploitable holes in trillian's irc module
Home Feed Me Chat Register FAQ Calendar Mark Forums Read

Newegg Daily Deals

Reply
 
Thread Tools
Old 08-01-02, 11:59 PM   #1
volt
 
Join Date: Jul 2002
Location: /dev/null
Posts: 1,556
Default Two or more exploitable holes trillian irc module
You might want to stop using IRC and DCC in trillian until there is a patch

Sent the following advisory to trillian: Tue, 16 Jul 2002 16:49:19 -0400 (EDT)

Submitted by : Josh (josh@pulltheplug.com),
omega (mtwoar@hotmail.com) on July 16th, 2002
Vulnerability : Format strings bug and buffer overflow in the IRC client of Trillian
Tested On : Trillian v0.73,0.72
Remote : Yes
Greets to : SooT, zen-parse, arcanum, lockdown, brian, Bryan S.,
#social on ptp, jade, fr3n3tic

There exists a format strings vulnerability in the way trillian handles channel
invites. It's invoked by merely joining a channel, #%n%n%n for example, and inviting the
victim to it. Using a specially crafted invitation it is possible to overwrite EIP or
EBP, depending on the method you chose. While the format strings exploit would be a hard
one to write, treating this as a text book buffer overflow by using a string like
#%4095x<some 4 byte addy here>, you can overwrite EIP with ease. The only problem with
exploitation after overwriting EIP is getting the incredibly large win32 shellcode somewhere
where it can be located, and where it's not broken up. IRC messages allow only 448 bytes
per message. It might be possible, though, to initiate a DCC chat with the user (which they
would have to accept) and store the shellcode there. Another option is to store the
shellcode in multiple messages and have the shellcode itself jump around... either way
exploitation isn't trivial.
The next overflow is entirely unrelated to the above, but exists in the DCC chat
itself. Flooding the user with about 4282 characters in one dcc message will overwrite
EAX
__________________
[b]Optimization guidelines by Koji Ashida of NVIDIA:[/b][list][*]Use fx12 instructions whenever possible[*]Use lowest pixel shader version[/list][url=http://developer.nvidia.com/docs/IO/10878/ChinaJoy2004_OptimizationAndTools.pdf]source[/url]

[size=1]The politics are invading the technology. We don't really like to mess with politics because that kind of adversarial relationship has nothing to do with pure technical operations and the technical specifications of what we like to play with, the hardware![/size]
volt is offline   Reply With Quote
Old 08-02-02, 07:33 PM   #2
saturnotaku
Apple user. Deal with it.
 
Join Date: Jul 2001
Location: The 'burbs, IL USA
Posts: 12,502
Default
It doesn't really matter too much for me becuase Trillian's implementation of IRC sucks nutter anyway - you're lucky if you can stay connected to a server for more than 2 minutes.
saturnotaku is offline   Reply With Quote
Old 08-02-02, 08:51 PM   #3
volt
 
Join Date: Jul 2002
Location: /dev/null
Posts: 1,556
Default
hehehe, I never even used it
thought it might be of interest for some.
__________________
[b]Optimization guidelines by Koji Ashida of NVIDIA:[/b][list][*]Use fx12 instructions whenever possible[*]Use lowest pixel shader version[/list][url=http://developer.nvidia.com/docs/IO/10878/ChinaJoy2004_OptimizationAndTools.pdf]source[/url]

[size=1]The politics are invading the technology. We don't really like to mess with politics because that kind of adversarial relationship has nothing to do with pure technical operations and the technical specifications of what we like to play with, the hardware![/size]
volt is offline   Reply With Quote
Old 08-02-02, 11:18 PM   #4
|JuiceZ|
Registered User
 
|JuiceZ|'s Avatar
 
Join Date: Aug 1999
Location: Louisville, KY
Posts: 3,285
Send a message via ICQ to |JuiceZ| Send a message via AIM to |JuiceZ| Send a message via Yahoo to |JuiceZ| Send a message via Skype™ to |JuiceZ|
Default
Quote:
Originally posted by saturnotaku
It doesn't really matter too much for me becuase Trillian's implementation of IRC sucks nutter anyway - you're lucky if you can stay connected to a server for more than 2 minutes.
LOL! sho'nuff, I think I tried to connect to an irc srv using trillian once and have regretted it ever since. I use it for everything else but for irc, I'm stickin' w/ MiRC
__________________
primary MBP Core i5 2010 | HR | OCZ 120GB SSD
gaming Core i5-2500K @ 4.1GHz w/ CM Hyper212+ | MSI N560GTX-Ti TF II/OC | MSI P67A-GD55 | Silverstone FT02 | X360 250GB | Kinect
htpc IONITX-A-U | 2GB | M350 | XBMC Linux | SABnzbd, sickbeard, couchpotato | NAS Synology DS411J | 4TB
hometheater KURO PDP-5020 | HK AVR2600 | Definitive BP2006TL(2) & CLR2300 | Polk R50(2) | Sony S470 | HarmonyOne
|JuiceZ| is offline   Reply With Quote
Old 08-04-02, 07:02 AM   #5
vampireuk
**** Holster
 
vampireuk's Avatar
 
Join Date: Mar 2001
Location: The armoury
Posts: 2,813
Send a message via AIM to vampireuk
Default
Yeah I only use mIRC, anyone tried those crappy java chat boxes for it? god they suck
vampireuk is offline   Reply With Quote
Reply


« Previous Thread | Next Thread »
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


Similar Threads
Thread Thread Starter Forum Replies Last Post
nvidia + 2.4.19 gentoo = messed up ulukay NVIDIA Linux 18 11-01-02 11:58 PM
X Failed to load NVdriver c00lr4c3r NVIDIA Linux 13 10-22-02 01:44 PM
Error messages... HELP!!!! Imperito NVIDIA Linux 3 09-24-02 10:46 PM
GForce drivers installed...but dont work tomfullery NVIDIA Linux 6 09-22-02 08:23 AM
Need help to get the X to work on my Acer TravelMate 630 knchee NVIDIA Linux 16 09-19-02 10:16 PM

All times are GMT -5. The time now is 09:00 PM.

nV News - Archive - Top

Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Copyright ©1998 - 2013, nV News.