[NT] Windows Version of Pirch and RusPirch NICK AUX Attack (DoS)

From: support@securiteam.com
Date: 10/17/02 

From: support@securiteam.com
To: list@securiteam.com
Date: 17 Oct 2002 01:07:49 +0200

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  Windows Version of Pirch and RusPirch NICK AUX Attack (DoS)
------------------------------------------------------------------------

SUMMARY

Pirch is an IRC client for Microsoft Windows. RusPirch is its Russian
clone. If auto-log function for queries is on, an attacker can change his
nick to "aux" and send a query to victim. This will cause a DoS to the
client, due to the fact that all queries are saved to files of the
structure of <nick>.txt (Where AUX is a name that cannot be used under the
Windows operating system).

DETAILS

Exploit:
/nick aux
/query victim Hi! What a nice client have you got?!

Solution:
Disable the auto-log feature.

ADDITIONAL INFORMATION

The information has been provided by <mailto:j0k3r@mail.ru> j0k3r.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.