Home page logo
/

bugtraq logo Bugtraq mailing list archives

Vulnerable: Conference Room Professional-Developer Edititon.
From: Murat - 2 <murat () agguvenligi com>
Date: Wed, 10 Jan 2001 15:18:52 +0200

Vulnerable: Conference Room Professional-Developer Edititon. (www.webmaster.com)
Only tested on Windows NT 4.0 sp6a and Windows 2000 pro.

Conference Room 1.8.1x or older versions are subject to a DoS attack when
following commands are used.

Make to connections to the irc server second being the clone of other. On
second connection (clone)
type "/ns buddy on".
on first connection type "/ns buddy add <clone client nickname>".
on clone type "/ns auth accept 1"
and the services crashes.
Since conference room saves databases at 15min intervals, everything done in
this period will be deleted.
Services cannot connect automatically to the server.
Only a "/servstart" issued by an ircop or admin will return the services to
normal functionality and connect to server.
------------------------------------------------------------------------------------
If your irc server using Conference Room 1.8.2x
"/ns buddy on" can't run, cuz professional edt. can't support "buddy" command.
Register it one channel, and type it commands "/ns set authorize chanlists on",
"/cs aop <#ChannelName> add <NickName>", "/ns auth accept 1".
and the services crashes.
Since conference room saves databases at 15min intervals, everything done in
this period will be deleted.
Services cannot connect automatically to the server.
Only a "/servstart" issued by an ircop or admin will return the services to
normal functionality and connect to server.

This vulnerability does not work on Conference Room Enterprise Edition.


www.agguvenligi.com

Attachment: ACCOUNT.VCF
Description:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]