Page 1 of 1

Security Advisory for all clients

Posted: 19 May 2010, 10:29
by Toast
Well guys im back with another grim report on WHY its important to update your client. Some of my other security reports was about older older exploits so i thought it was high time to show off some new stuff thats effecting the net.

Type of attack: Remote
Information:This attack sends a faulty command that results in a crash
How we solved it: Applied the update of Openssl
"Record of death" vulnerability

Type of attack: Local/Remote
Information: This attack can crash DC++ and mods during transfer or when opening local filelist
How we solved it: Well we did it so the client generates a new filelist on the spot everytime someone grabs a filelist that way it cant be repleaced by a malicous filelist.
DC++ 0.75 and older vulnerable to bzip2 filelist bomb

And for the interesting part every operator that uses old clients that arent updated like CrzDC++ Zion++ etc etc. You guys know what im talking about YES YOU ARE EXPLOITABLE..
As for the standard complaint that i dont want a strong based client well consider this Zion++ > 2.03 is strong with minor modifcations on top of it.

CrzDC++ doubt it hasnt gotten StrongDC++ since it uses CMD so i doubt that operators will know the diffrence if they apply thier icon theme to the client if they are heavely into operator feature i recommend RSX++.

And as for all the new stuff that we are doing well if you wanna use em you have to update like Nattrav (Passive-Passive) connections. So make sure your client bases of a fresh core....

Re: Security Advisory for all clients

Posted: 19 May 2010, 17:11
by Dj_Offset
Type of attack: Local/Remote
Information: This attack can crash DC++ and mods during transfer or when opening local filelist
How we solved it: Well we did it so the client generates a new filelist on the spot everytime someone grabs a filelist that way it cant be repleaced by a malicous filelist.
DC++ 0.75 and older vulnerable to bzip2 filelist bomb
If this description is accurate, then this isn't a fix for the problem!

Re: Security Advisory for all clients

Posted: 19 May 2010, 22:51
by Toast
kinda forgot in all haste since im working now that it also discards invalid xml and we have size checks for the filelists so a bzip bomb becomes useless so yeah its fixed.

just forgot to add it but thx for noticing my mistake in the article kinda wrote it on the fly