Remote DoS Against A Given Chat Client With the !seen Service

[crackedsecurity () hushmail com]

-----------------------------------------------------------------------
CRACKED Security Advisory - 00001
July 11, 2002
http://www.cracked.net
crackedsecurity () hushmail com
-----------------------------------------------------------------------

*Vulnerable Product(s)-
  Variety of automated IRC scripts providing the !seen service.
        -Various BitchX and mIRC scripts
        -Bots such as Eggdrop

*Vulnerability-
  Remote DoS Against A Given Chat Client With the !seen Service

*Severity-
  CRITICAL - POTENTIALLY DISRUPTS THE FLOW OF PIRATED SOFTWARE!!

-----------------------------------------------------------------------
Introduction
-----------------------------------------------------------------------
Many people who "IRC" use automated scripts when chatting on their
favorite IRC server. This advisory is most important for the ereet
warez hackers who populate massive channels to transfer their filez.
When exploiting the following vulnerability properly, it could distract
the warez hackers from leeching their goodz effectively for a given
amount of time.

The !seen service is a useful public service offered by many users of
various IRC networks. When someone in a given channel types !seen
[nickname], all of the people in that channel who have their service
enabled will respond to the request. This response usually looks
something like this:

Sorry, I don't remember seeing [nickname] around.

or...

Yes, I last saw [nickname] 12 hours 3 minutes ago with quit message
(bye).

The !seen service is most popular with mIRC users, and is used by many
in public juarez channels.

-----------------------------------------------------------------------
Vulnerabiliy
-----------------------------------------------------------------------
The majority of !seen service scripts will continuously report until
you stop sending requests. When sending an extra large request multiple
times with multiple IRC clients, it is possible to flood every user off
of the given chat channel who is offering a !seen service.

CRACKED Security feels that this is a very serious issue for the juarez
community. Many warez chimps who play with fserves and such have the
!seen script turned on with their Polaris scriptz. The majority of
!seen scripts have no limit to the number of times you can send a !seen
request. In a large chat channel on IRC that consists mainly of young
kids with customized mIRC scripts (warez channels), launching a
repeating !seen request with multiple clients will cause many users to
Excess Flood from the network. This will also delay the spread of warez
for a couple minutes.

Make sure to check out our released exploit.
CRACKED_seen_DoS.ini

-----------------------------------------------------------------------
Patch
-----------------------------------------------------------------------
How to patch your mIRC client if you are running the !seen service.

1.) Click on Tools.
2.) Move your mouse down and click on Remotes.
3.) Click on Listen.
4.) Make sure Events is unchecked.
5.) All done. kthxbye

-----------------------------------------------------------------------
Misc.
-----------------------------------------------------------------------
Greetz:

khaled mardam-bey, panasync, dianora, msk, and all the rest of the
dedicated irc'ers out there.

Attachment: CRACKED_seen_DoS.ini
Description: