Security Advisory for all clients

Site Announcements
Locked
Toast

Security Advisory for all clients

Post by Toast » 19 May 2010, 10:29

Well guys im back with another grim report on WHY its important to update your client. Some of my other security reports was about older older exploits so i thought it was high time to show off some new stuff thats effecting the net.

Type of attack: Remote
Information:This attack sends a faulty command that results in a crash
How we solved it: Applied the update of Openssl
"Record of death" vulnerability

Type of attack: Local/Remote
Information: This attack can crash DC++ and mods during transfer or when opening local filelist
How we solved it: Well we did it so the client generates a new filelist on the spot everytime someone grabs a filelist that way it cant be repleaced by a malicous filelist.
DC++ 0.75 and older vulnerable to bzip2 filelist bomb

And for the interesting part every operator that uses old clients that arent updated like CrzDC++ Zion++ etc etc. You guys know what im talking about YES YOU ARE EXPLOITABLE..
As for the standard complaint that i dont want a strong based client well consider this Zion++ > 2.03 is strong with minor modifcations on top of it.

CrzDC++ doubt it hasnt gotten StrongDC++ since it uses CMD so i doubt that operators will know the diffrence if they apply thier icon theme to the client if they are heavely into operator feature i recommend RSX++.

And as for all the new stuff that we are doing well if you wanna use em you have to update like Nattrav (Passive-Passive) connections. So make sure your client bases of a fresh core....

Dj_Offset
Member
Posts: 53
Joined: 15 Sep 2008, 21:48
Location: adcs://adcs.uhub.org:1511
Contact:

Re: Security Advisory for all clients

Post by Dj_Offset » 19 May 2010, 17:11

Type of attack: Local/Remote
Information: This attack can crash DC++ and mods during transfer or when opening local filelist
How we solved it: Well we did it so the client generates a new filelist on the spot everytime someone grabs a filelist that way it cant be repleaced by a malicous filelist.
DC++ 0.75 and older vulnerable to bzip2 filelist bomb
If this description is accurate, then this isn't a fix for the problem!

Toast

Re: Security Advisory for all clients

Post by Toast » 19 May 2010, 22:51

kinda forgot in all haste since im working now that it also discards invalid xml and we have size checks for the filelists so a bzip bomb becomes useless so yeah its fixed.

just forgot to add it but thx for noticing my mistake in the article kinda wrote it on the fly

Locked