RE: mirc32 6.0x crash when resolving dns.

From: Christopher Canova (tekassist_at_earthlink.net)
Date: 05/28/03

  • Next message: at4r ins4n3: "Re: mirc32 6.0x crash when resolving dns." 
    To: <at4r@3wdesign.es>
Date: Tue, 27 May 2003 17:07:57 -0700

    Same here, WinXP, mIRC v6.03, no mIRC crashing..> That's not a typical mIRC
    response. Are you sure you haven't a invalid hex'd mIRC such as ircN or
    anything? If so, mIRC cannot guarantee the robustness of your executable. If
    you have any strange errors, try going to a help channel like #mIRCHelp on
    Efnet or a channel like #dmsetup if you believe you have a virus (I moderate
    in both channels). If you have an invalid mIRC executable, try reinstalling
    mIRC and not ircN (or whatever).

    cc
    casnova on EFNet IRC network

    -----Original Message-----
    From: Davide Del Vecchio [mailto:dante@alighieri.org]
    Sent: Tuesday, May 27, 2003 2:58 PM
    To: at4r@3wdesign.es
    Cc: vuln-dev@securityfocus.com
    Subject: Re: mirc32 6.0x crash when resolving dns.

    Hi Andres,

    here Windows 98 B, mIRC v6.03 nothin happens when tryin to resolve that ip.

    [23:57] * Looking up 210.193.16.22
     -
    [23:57] * Looking up 210.193.16.23
     -
    [23:57] * Looking up 210.193.16.24
     -
    [23:57] * Looking up 210.193.16.25
     -
    [23:57] * Unable to resolve 210.193.16.22
     -
    [23:57] * Looking up 210.193.16.26
     -
    [23:57] * Unable to resolve 210.193.16.23
     -
    [23:57] * Unable to resolve 210.193.16.24
     -
    [23:57] * Unable to resolve 210.193.16.25
     -
    [23:57] * Unable to resolve 210.193.16.26
     -

    Davide Del Vecchio, Dante Alighieri dante@alighieri.org ~ www.alighieri.org

    aT4r InsaN3 Scrive:

    > While checking yesterday my snort database i found some attacks from
    > the
    > host 210.193.16.22 so i began to resolve the dns from the hosts with
    > mirc32 and i executed the following commands in the status window:
    >
    > /dns 210.193.16.22
    > /dns 210.193.16.23
    > /dns 210.193.16.24
    > * Looking up 210.193.16.22
    > * Looking up 210.193.16.23
    > * Looking up 210.193.16.24
    > * Unable to resolve 210.193.16.22
    > /dns 210.193.16.25
    > * Looking up 210.193.16.25
    > * Unable to resolve 210.193.16.23
    > (** MIRC CRASH**)
    >
    > every time i tried to resolve a few ips mirc32 dies. the problem seems
    > to
    > be in the WSAAsyncGetHostByName() call.
    > i have tested this feature in both mirc 6.01 and 6.03 in diferent
    > computers. SO: winxp
    > I cant give too many information about how to reproduce it, just try to
    > resolve some dns like the example.
    > there are some mirc scripts that resolve dns after some events like ctcps
    > , so maybe this bug can be used remotely as a Denial of Service.
    >
    > Windbg:
    > 0:004> g
    > ModLoad: 76ee0000 76f05000 C:\WINDOWS\System32\DNSAPI.dll
    > ModLoad: 76f70000 76f77000 C:\WINDOWS\System32\winrnr.dll
    > ModLoad: 76f20000 76f4d000 C:\WINDOWS\system32\WLDAP32.dll
    > ModLoad: 76f80000 76f85000 C:\WINDOWS\System32\rasadhlp.dll
    > (794.788): Access violation - code c0000005 (first chance) First
    > chance exceptions are reported before any exception handling. This
    > exception may be expected and handled. eax=00000000 ebx=005ea830
    > ecx=00000001 edx=71a42268 esi=005ea830 edi=71a42268
    > eip=71a38d72 esp=01a8ff34 ebp=01a8ff5c iopl=0 nv up ei pl nz na pe

    > nc
    > cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
    > efl=00010202
    > *** ERROR: Symbol file could not be found. Defaulted to export symbols
    > for C:\WINDOWS\System32\WS2_32.dll -
    > WS2_32!WSAAsyncGetHostByName+407:
    > 71a38d72 8a10 mov dl,[eax]
    > ds:0023:00000000=??
    >
    > regards
    >
    > Andres Tarascó Acuña
    > 3W Design Security - 2003
    >
    > _________________________________________________________________
    > MSN Compras: Veinte tiendas personales abiertas todo el día.
    > http://www.msn.es/compras/
    >
     

  • Next message: at4r ins4n3: "Re: mirc32 6.0x crash when resolving dns."