Security Advisory for all clients

Site Announcements
Locked
Toast

Security Advisory for all clients

Post by Toast » 19 May 2010, 10:29

Well guys im back with another grim report on WHY its important to update your client. Some of my other security reports was about older older exploits so i thought it was high time to show off some new stuff thats effecting the net.

Type of attack: Remote
Information:This attack sends a faulty command that results in a crash
How we solved it: Applied the update of Openssl
"Record of death" vulnerability

Type of attack: Local/Remote
Information: This attack can crash DC++ and mods during transfer or when opening local filelist
How we solved it: Well we did it so the client generates a new filelist on the spot everytime someone grabs a filelist that way it cant be repleaced by a malicous filelist.
DC++ 0.75 and older vulnerable to bzip2 filelist bomb

And for the interesting part every operator that uses old clients that arent updated like CrzDC++ Zion++ etc etc. You guys know what im talking about YES YOU ARE EXPLOITABLE..
As for the standard complaint that i dont want a strong based client well consider this Zion++ > 2.03 is strong with minor modifcations on top of it.

CrzDC++ doubt it hasnt gotten StrongDC++ since it uses CMD so i doubt that operators will know the diffrence if they apply thier icon theme to the client if they are heavely into operator feature i recommend RSX++.

And as for all the new stuff that we are doing well if you wanna use em you have to update like Nattrav (Passive-Passive) connections. So make sure your client bases of a fresh core....

Dj_Offset
Member
Posts: 53
Joined: 15 Sep 2008, 21:48
Location: adcs://adcs.uhub.org:1511
Contact:

Re: Security Advisory for all clients

Post by Dj_Offset » 19 May 2010, 17:11

Type of attack: Local/Remote
Information: This attack can crash DC++ and mods during transfer or when opening local filelist
How we solved it: Well we did it so the client generates a new filelist on the spot everytime someone grabs a filelist that way it cant be repleaced by a malicous filelist.
DC++ 0.75 and older vulnerable to bzip2 filelist bomb
If this description is accurate, then this isn't a fix for the problem!

Toast

Re: Security Advisory for all clients

Post by Toast » 19 May 2010, 22:51

kinda forgot in all haste since im working now that it also discards invalid xml and we have size checks for the filelists so a bzip bomb becomes useless so yeah its fixed.

just forgot to add it but thx for noticing my mistake in the article kinda wrote it on the fly

Locked

Who is online

Users browsing this forum: No registered users and 1 guest