Vulnerability Development mailing list archives
RE: mirc32 6.0x crash when resolving dns.
From: "Christopher Canova" <tekassist () earthlink net>
Date: Tue, 27 May 2003 17:07:57 -0700
Same here, WinXP, mIRC v6.03, no mIRC crashing..> That's not a typical mIRC response. Are you sure you haven't a invalid hex'd mIRC such as ircN or anything? If so, mIRC cannot guarantee the robustness of your executable. If you have any strange errors, try going to a help channel like #mIRCHelp on Efnet or a channel like #dmsetup if you believe you have a virus (I moderate in both channels). If you have an invalid mIRC executable, try reinstalling mIRC and not ircN (or whatever). cc casnova on EFNet IRC network -----Original Message----- From: Davide Del Vecchio [mailto:dante () alighieri org] Sent: Tuesday, May 27, 2003 2:58 PM To: at4r () 3wdesign es Cc: vuln-dev () securityfocus com Subject: Re: mirc32 6.0x crash when resolving dns. Hi Andres, here Windows 98 B, mIRC v6.03 nothin happens when tryin to resolve that ip. [23:57] * Looking up 210.193.16.22 - [23:57] * Looking up 210.193.16.23 - [23:57] * Looking up 210.193.16.24 - [23:57] * Looking up 210.193.16.25 - [23:57] * Unable to resolve 210.193.16.22 - [23:57] * Looking up 210.193.16.26 - [23:57] * Unable to resolve 210.193.16.23 - [23:57] * Unable to resolve 210.193.16.24 - [23:57] * Unable to resolve 210.193.16.25 - [23:57] * Unable to resolve 210.193.16.26 - Davide Del Vecchio, Dante Alighieri dante () alighieri org ~ www.alighieri.org aT4r InsaN3 Scrive:
While checking yesterday my snort database i found some attacks from the host 210.193.16.22 so i began to resolve the dns from the hosts with mirc32 and i executed the following commands in the status window: /dns 210.193.16.22 /dns 210.193.16.23 /dns 210.193.16.24 * Looking up 210.193.16.22 * Looking up 210.193.16.23 * Looking up 210.193.16.24 * Unable to resolve 210.193.16.22 /dns 210.193.16.25 * Looking up 210.193.16.25 * Unable to resolve 210.193.16.23 (** MIRC CRASH**) every time i tried to resolve a few ips mirc32 dies. the problem seems to be in the WSAAsyncGetHostByName() call. i have tested this feature in both mirc 6.01 and 6.03 in diferent computers. SO: winxp I cant give too many information about how to reproduce it, just try to resolve some dns like the example. there are some mirc scripts that resolve dns after some events like ctcps , so maybe this bug can be used remotely as a Denial of Service. Windbg: 0:004> g ModLoad: 76ee0000 76f05000 C:\WINDOWS\System32\DNSAPI.dll ModLoad: 76f70000 76f77000 C:\WINDOWS\System32\winrnr.dll ModLoad: 76f20000 76f4d000 C:\WINDOWS\system32\WLDAP32.dll ModLoad: 76f80000 76f85000 C:\WINDOWS\System32\rasadhlp.dll (794.788): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=00000000 ebx=005ea830 ecx=00000001 edx=71a42268 esi=005ea830 edi=71a42268 eip=71a38d72 esp=01a8ff34 ebp=01a8ff5c iopl=0 nv up ei pl nz na pe
nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00010202 *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\System32\WS2_32.dll - WS2_32!WSAAsyncGetHostByName+407: 71a38d72 8a10 mov dl,[eax] ds:0023:00000000=?? regards Andres Tarascó Acuña 3W Design Security - 2003 _________________________________________________________________ MSN Compras: Veinte tiendas personales abiertas todo el día. http://www.msn.es/compras/
Current thread:
- mirc32 6.0x crash when resolving dns. aT4r InsaN3 (May 27)
- Re: mirc32 6.0x crash when resolving dns. Davide Del Vecchio (May 27)
- RE: mirc32 6.0x crash when resolving dns. Christopher Canova (May 28)
- Re[2]: mirc32 6.0x crash when resolving dns. 3APA3A (May 28)
- Re: mirc32 6.0x crash when resolving dns. Peter Pentchev (May 30)
- Re[2]: mirc32 6.0x crash when resolving dns. 3APA3A (May 30)
- Re: mirc32 6.0x crash when resolving dns. Davide Del Vecchio (May 27)
- Re: mirc32 6.0x crash when resolving dns. Bram Matthys (Syzop) (May 27)
- Re: mirc32 6.0x crash when resolving dns. at4r ins4n3 (May 28)
- Re: mirc32 6.0x crash when resolving dns. Roland Postle (May 28)