|
Bugtraq
mailing list archives
Re: DCC HiJacking patch for BitchX 75p1
From: rain () INSANE LOONYBIN NET (Ben Winslow)
Date: Mon, 21 Dec 1998 16:33:30 -0500
On Sun, 18 Oct 1998, Alessio Orlandi wrote:
# Hi all,
# as recently discovered, with a simple port scan you can hijack some
# of the BitchX dcc
# connections. This due to the port assigning on the requesting client.
# Here follows a really short patch that will fix the problem. The problem
# is here:
# BitchX when creates a DCC connection (listening socket) uses the
# functions
# connect_by_number (defined in network.c file). Passing as port 0
# This means that the OS will determine the port. Now.. for mental order..
# the ports will be quiet consecutive. Bad.. Bad... So.. let's add a
# random value to the port returned by the system. All is now fixed.
# Patch follows
# -----------------------------------------------------------------------------------------
#
# Regards
# Alessio
# "NaiL^d0d () ircnet/ircity" Orlandi
# Thanks to: hackers () ircity Litos (you one of my best friend), Nervous,
# awgn (hehe),
# Lordfelix (salam), Raptor,
# BlackJam, kasko, antirez
# and hackers.it () ircnet Soren, NaiF, Bonjo
# ----------------------------------------------------------------------------------------
#
#
#
This patch won't work-- what if a port you decide on is already in use by
something else?
Ben
 By Date 
By Thread
Current thread:
|
Intro
