Re: mirc32 6.0x crash when resolving dns.
From: Davide Del Vecchio (dante_at_alighieri.org)
Date: 05/27/03
- Previous message: aT4r InsaN3: "mirc32 6.0x crash when resolving dns."
- In reply to: aT4r InsaN3: "mirc32 6.0x crash when resolving dns."
- Next in thread: Christopher Canova: "RE: mirc32 6.0x crash when resolving dns."
- Reply: Christopher Canova: "RE: mirc32 6.0x crash when resolving dns."
- Reply: 3APA3A: "Re[2]: mirc32 6.0x crash when resolving dns."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: at4r@3wdesign.es Date: Tue, 27 May 2003 23:57:45 +0200
Hi Andres,
here Windows 98 B, mIRC v6.03 nothin happens when tryin to resolve that ip.
[23:57] * Looking up 210.193.16.22
-
[23:57] * Looking up 210.193.16.23
-
[23:57] * Looking up 210.193.16.24
-
[23:57] * Looking up 210.193.16.25
-
[23:57] * Unable to resolve 210.193.16.22
-
[23:57] * Looking up 210.193.16.26
-
[23:57] * Unable to resolve 210.193.16.23
-
[23:57] * Unable to resolve 210.193.16.24
-
[23:57] * Unable to resolve 210.193.16.25
-
[23:57] * Unable to resolve 210.193.16.26
-
Davide Del Vecchio, Dante Alighieri dante@alighieri.org ~ www.alighieri.org
aT4r InsaN3 Scrive:
> While checking yesterday my snort database i found some attacks from the
> host 210.193.16.22 so i began to resolve the dns from the hosts with
> mirc32 and i executed the following commands in the status window:
>
> /dns 210.193.16.22
> /dns 210.193.16.23
> /dns 210.193.16.24
> * Looking up 210.193.16.22
> * Looking up 210.193.16.23
> * Looking up 210.193.16.24
> * Unable to resolve 210.193.16.22
> /dns 210.193.16.25
> * Looking up 210.193.16.25
> * Unable to resolve 210.193.16.23
> (** MIRC CRASH**)
>
> every time i tried to resolve a few ips mirc32 dies. the problem seems to
> be in the WSAAsyncGetHostByName() call.
> i have tested this feature in both mirc 6.01 and 6.03 in diferent
> computers. SO: winxp
> I cant give too many information about how to reproduce it, just try to
> resolve some dns like the example.
> there are some mirc scripts that resolve dns after some events like ctcps
> , so maybe this bug can be used remotely as a Denial of Service.
>
> Windbg:
> 0:004> g
> ModLoad: 76ee0000 76f05000 C:\WINDOWS\System32\DNSAPI.dll
> ModLoad: 76f70000 76f77000 C:\WINDOWS\System32\winrnr.dll
> ModLoad: 76f20000 76f4d000 C:\WINDOWS\system32\WLDAP32.dll
> ModLoad: 76f80000 76f85000 C:\WINDOWS\System32\rasadhlp.dll
> (794.788): Access violation - code c0000005 (first chance)
> First chance exceptions are reported before any exception handling.
> This exception may be expected and handled.
> eax=00000000 ebx=005ea830 ecx=00000001 edx=71a42268 esi=005ea830
> edi=71a42268
> eip=71a38d72 esp=01a8ff34 ebp=01a8ff5c iopl=0 nv up ei pl nz na pe
> nc
> cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
> efl=00010202
> *** ERROR: Symbol file could not be found. Defaulted to export symbols
> for C:\WINDOWS\System32\WS2_32.dll -
> WS2_32!WSAAsyncGetHostByName+407:
> 71a38d72 8a10 mov dl,[eax]
> ds:0023:00000000=??
>
> regards
>
> Andres Tarascó Acuña
> 3W Design Security - 2003
>
> _________________________________________________________________
> MSN Compras: Veinte tiendas personales abiertas todo el día.
> http://www.msn.es/compras/
>
- Previous message: aT4r InsaN3: "mirc32 6.0x crash when resolving dns."
- In reply to: aT4r InsaN3: "mirc32 6.0x crash when resolving dns."
- Next in thread: Christopher Canova: "RE: mirc32 6.0x crash when resolving dns."
- Reply: Christopher Canova: "RE: mirc32 6.0x crash when resolving dns."
- Reply: 3APA3A: "Re[2]: mirc32 6.0x crash when resolving dns."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
