DC++ 0.797 and 0.799 can be remotely crashed by posting multiple magnet links in one message
DC++  is a chat and file sharing application for the Direct Connect  network.
DC++ registers the URI scheme 'magnet'  in Microsoft Windows. A user may post a magnet link in the chat at it will appear for other users. This message is like any other chat message.
Security issue description
DC++ 0.797 and 0.799 change the way a magnet link appear, which cause a problem in the parsing engine when multiple messages were shown.
A magnet link is sent in the form of;
DC++ changes the appearance and display to the user;
Using multiple magnet links can cause DC++ 0.797 and 0.799 to be crashed remotely, without any other user interaction.
A test message can be in the form of;
Test: magnet:?xt=urn:treeH5K2DYQC7U2H6DVGRPLCSNC3MH2UXBDWIKAMFEY&xl=413253784&dn=foobar.iso magnet:?xt=urn:treeGNPE66SMDITMA6JXLWCTCRDSY7ALZXLJJWYKLAA&xl=3540652293&dn=foobar2.iso
This will appear as;
Test: foobar.iso (magnet) foobar2.iso (magnet)
A fix was deploy to the DC++ source code, to the Bazaar revision 3019. This fix is in DC++ 0.800.
Like the initial bug report  mentions, this has been found out in the open. However, any malicious intent is unknown.
DC++ 0.797 and 0.799. Any modifcations to the software may also have this issue.
Found by: Skip de Groot (https://launchpad.net/~skipdegroot)
Fixed by: poy (https://launchpad.net/~poy)
 http://en.wikipedia.org/wiki/Direct_Con ... e_sharing)
 http://dcpp.wordpress.com/2012/10/06/ma ... 785-0-799/
1 post • Page 1 of 1
- Site Admin
- Posts: 213
- Joined: 21 Jul 2009, 10:21
The following was submitted to http://www.securityfocus.com/archive/1