mIRC 6.14 Exploit: How true is this?

al5001 · Lurker Joined: 17 Jul 2003 Posts: 181 Location: Canada

If you want to be free of exploits and bugs, open up your PC, remove all storage devices and throw them all away (hard drives, CD-RW drives, ZIP and tape drives, etc).

All operating systems and their programs have bugs. People seem to ignore the fact that XChat has bugs, and therefore complain about mIRC having a few minor problems. On mIRC, users can easily avoid DCC exploits by simply ignoring DCC sends from *!*@* hostname, then add an exception ignore for their friends who wish to send them files.

As of mIRC 6.12, the remote DCC exploit has been FIXED, so stop being so paranoid! On mIRC 6.12 however, if you are being sent a file with a name longer than 224 characters, if you minimize the DCC transfer window, mIRC will crash. This is the only known DCC exploit on mIRC 6.12 and I believe it may have been fixed in mIRC 6.14. Simple solution: Don't accept files from people you don't know.

uchat · Idler Joined: 17 Mar 2004 Posts: 335

Funny you should mention Xchat, since 2.0.6 had the same exploit as mIRC 6.x ... Go figure.

mIRC 6.12 users can add this to their remotes and forget about it:

ctcp *:dcc send:*: if ($len($nopath($filename)) >= 225) { notice $nick Maximum length of file name I accept is 224, thanks. } | halt

Asmo · none Joined: 06 May 2003 Posts: 28

As all the recent posters seems to either drift away from the original topic, or clearly havent read the whole topic, or the (updated) article on IRCJunkie, I'll stop watching this thread now.

Pl4n37 · Guest

I got the same thing as the guy who got disconnected.... anyone know how to stop it from disconnecting irc... I had irc running on 3 computers and all disconnect at the same time:S, I'm thinking this has to be a exploit

uchat · Idler Joined: 17 Mar 2004 Posts: 335

Not all disconnects are exploits. If you have 3 PC's and they all disconnect at the same time .. that would seem more like an issue with your connection to the internet ... not an exploit.

Mentality · none Joined: 12 Apr 2004 Posts: 6

Heh.

To actually post something related to the 'exploit', I had said all along I was sure it wasn't real. Codemastr: You would have found Tjerk posted a link to a thread and said that everything I said is all he has to say about the issue too. Someone quoted what I said somewhere at the start of this thread, although as the whole thing unravelled I said more.

Tjerk spent a couple hours going around the #mIRC channels on various networks (Quakenet's #mIRC being particularly stubborn I noticed) telling people it was not confirmed and there was no proof.

I agree however, notices could have been put on the website. Then again, I think the mIRC team were aiming to not make a big thing of it (as should have the biggest 5 networks in such short a time). Khaled has now, as I'm sure you have noticed, made a sticky post in the bugs report forum:

http://trout.snt.utwente.nl/ubbthreads/showflat.php?Cat=&Board=bugreports&Number=80619

My 2 (late) cents.

Regards,

Mentality/Chris

magpie · Idler Joined: 18 Jan 2004 Posts: 454 Location: Essex, UK

Mentality · none Joined: 12 Apr 2004 Posts: 6

By Quakenet being dug at "again" I assume you mean in general from these Forums rather than from me directly, as I have not posted anything about Quakenet.

I've also heard this argument about how networks quickly reacted to the situation etc, however, I'm sure there are accusations similar to the 6.14 exploit on a monthly basis, and we don't see the same mad reaction. Probably was impossible for the original IRC network who reported the matter (don't know which one it was), to thoroughly investigate (in hine sight), but I think following networks were just that - following.
In fact, to the best of my knowledge, until the mIRC site officially announced the exploit, or at least until it was properly confirmed, the real 6.x exploit was not made a big thing of. When it was still in testing stages it didn't get so much attention. I didn't see or hear about Global network announcements about the real exploit either, nor see website announcements until the actual release of the fixed mIRC version.

I'm sure networks were being precautious and that is perfectly understandable, but someone always gets blamed for something heh - if it's not the wonderful, thoughful IRC networks, it's the mIRC team for not dealing with the problem correctly, and vice versa.

It was a big mix up blown out of proportion too quickly.

*Big shrug*

Regards,

Mentality/Chris

Extreemuk · Guest

Actually, this exploit was real! Smile

codemastr · Idler Joined: 05 Feb 2004 Posts: 353

Actually, it wasn't!

The problem was a bug in a script, NOT mIRC. This is why people say don't run scripts written by other people.