www.IRC-Junkie.org – IRC News

All about Internet Relay Chat

Monthly Archives: April 2009

Nettalk fixes crash bug and releases 6.6.4

Nettalk, an opensource IRC client available for Windows, was updated to version 6.6.4.

The main reason behind this update was a bug that has been found in version 6.5.6 of the client: a crash that can be triggered from remote using CTCP messages.

Whenever the first character of a message is an ASCII 1 the client crashes. According to Ntalk author Mirici the bug can not be exploited to cause more harm than the client crashing but he has released a fixed version of it.

Other reasons why users of Nettalk might want to upgrade is the “improved DCC function that is much faster compared to other clients” and the “improved and fixed handling of Chinese character handling using both UTF-8 and ASCII”.

Thanks go to Elmaron for the tip and Mirici for quickly fixing the bug!

UnrealIRCd updates their IRCd to 3.2.8.1

The UnrealIRCd project released a bugfix release of version 3.2.8 and the current release is now 3.2.8.1.

The bugfix became necessary as a crash has been found in the option allow::options::noident.

In a short interview developer nate explains how the crash is being triggered and how to avoid it:

There was an issue in allow::options::noident, where if it was enabled in an allow block that a user could potentially crash a server due to a buffer overflow. As far as we’ve been able to see, there’s no risk of remote code execution as much as it just causing a segfault.  The main ways of resolving it are updating to 3.2.8.1 or simply making sure no allow blocks specifically have noident (which most by default won’t thankfully).

It is vulnerable in past versions as well before 3.2.8 as well.

Being asked how far back exactly nate says the exploit exists “at least back towards 3.2.3 (before that we wouldn’t support anyways due to exploits way back then)”.

Thanks for the tip goes to Reed Loden and to nate for taking the time to answer my questions!