New exploit on mIRC 6.12
摘要:最近mIRC的溢出漏洞频频,我们泡IRC玩的也开始心惊胆战起来.此次的溢出漏洞出现在DCC上,当一个用户以最小化形式接收文件并且文件名的长度过大时,系统就会被挂起.不过这个漏洞也比较有趣,如果你设置"拒绝接收文件"或者"总是自动接收文件",那么"Nothing happens".
以下是原版的解决方案:
If and only if you think the above affects you, then here is a temporary fix which should be pasted in your "remotes" section (alt-r to access). It basically rejects any excessively long filename.
ctcp *:dcc send:*: if ($len($nopath($filename)) >= 225) { echo 4 -s $nick tried to crash you with an illegal dcc send of $nopath($filename) | halt }
or this shorter version without the warning message:
ctcp *:dcc send:*: if ($len($nopath($filename)) >= 225) halt
If you are not comfortable with modifying your remotes, you can just ignore all incoming DCC sends with the following, which is the same temporary fix as for the other bug described in the next section:
/ignore -wd *
If and only if you think the above affects you, then here is a temporary fix which should be pasted in your "remotes" section (alt-r to access). It basically rejects any excessively long filename.
ctcp *:dcc send:*: if ($len($nopath($filename)) >= 225) { echo 4 -s $nick tried to crash you with an illegal dcc send of $nopath($filename) | halt }
or this shorter version without the warning message:
ctcp *:dcc send:*: if ($len($nopath($filename)) >= 225) halt
If you are not comfortable with modifying your remotes, you can just ignore all incoming DCC sends with the following, which is the same temporary fix as for the other bug described in the next section:
/ignore -wd *
热门评论
>>共有0条评论,显示0条