copied from an email that some of you have seenIf you do not use mIRC 6.x this does not apply to you. Users of mIRC 5.x or older, and users of IRC clients other than mIRC 6.x need not worry about this.
I first quote from a notice just sent by an IRC operator as part of a series of announcements sent out early this morning:
!cavf! $ Starting Oct 12, 2003, an exploit was used to crash many people's mIRC clients. All versions from 6.0 thru the recently released 6.11 are affected. (It does not appear to affect version 5.91 or earlier.) The exploit involves a type of DCC command which can be sent to any person :or channel, no matter what your DCC options are.
Then from an older message from the same IRC op:
!cavf! $ mIRC users, there is a DCC-exploit in your 6.x clients, which may cause your mIRC crashed. Till more information released, we *strongly* recommend you to /ignore -wd * (ignoring all the dccs) -- more information will be released soon. @
www.undernet.org MY CONCERN: Obviously a mIRC crash is annoying, but if this is what they call a "buffer overflow" attack, it is possible that someone might ultimately figure out how to use this mIRC vulnerability to gain control of computers running mIRC 6.x. I have NO proof that this might happen as of yet, but I'm sounding the alarm because usually this kind of report springs from a buffer overflow issue.
I am trying to get to the News page at
http://www.undernet.org but it appears to be so swamped with requests that it can't answer me yet. (As I wrote this message, it went from inaccessible at all to "Can't connect to the database server")
I figure by the time many of you see this, there might be either a remedy or an announcement about it in the message-of-the-day (motd) file that is usually displayed as one connects to an IRC server (unless you turn it off). I also predict an announcement will soon appear at
www.undernet.org, on the main page or the news page.
But I advise, based on what I've seen, that everyone type this on starting mIRC until further notice, unless otherwise directed by an IRC operator or a message in one of the aforementioned places:
/ignore -wd *
NOTE: I am getting this command from the IRC operators that have suggested it; I don't know mIRC and so can't explain the command. :p I believe it will prevent you from receiving DCC's of any kind though, which will protect you from this vulnerability.
Again, don't worry about all this if your mIRC is older than 6, or if you use something other than mIRC. Also check
www.undernet.org and/or the message from your IRC server when you connect to see if all this is obsolete by the time you get it.
Take care all...
--
Doug Lee dgl@dlee.org
http://www.dlee.org Bartimaeus Group doug@bartsite.com
http://www.bartsite.com "Is your cucumber bitter? Throw it away. Are there briars in your path? Turn aside. That is enough. Do not go on to say, `Why were things of this sort ever brought into the world?'"
--Marcus Aurelius
