Date: Wed, 10 Jan 2001 15:18:52 +0200 From: Murat - 2 <murat@AGGUVENLIGI.COM> Subject: Vulnerable: Conference Room Professional-Developer Edititon. To: BUGTRAQ@SECURITYFOCUS.COM ------------BC1561513DF998AB Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Vulnerable: Conference Room Professional-Developer Edititon. (www.webmaster.com) Only tested on Windows NT 4.0 sp6a and Windows 2000 pro. Conference Room 1.8.1x or older versions are subject to a DoS attack when following commands are used. Make to connections to the irc server second being the clone of other. On second connection (clone) type "/ns buddy on". on first connection type "/ns buddy add <clone client nickname>". on clone type "/ns auth accept 1" and the services crashes. Since conference room saves databases at 15min intervals, everything done in this period will be deleted. Services cannot connect automatically to the server. Only a "/servstart" issued by an ircop or admin will return the services to normal functionality and connect to server. ------------------------------------------------------------------------------------ If your irc server using Conference Room 1.8.2x "/ns buddy on" can't run, cuz professional edt. can't support "buddy" command. Register it one channel, and type it commands "/ns set authorize chanlists on", "/cs aop <#ChannelName> add <NickName>", "/ns auth accept 1". and the services crashes. Since conference room saves databases at 15min intervals, everything done in this period will be deleted. Services cannot connect automatically to the server. Only a "/servstart" issued by an ircop or admin will return the services to normal functionality and connect to server. This vulnerability does not work on Conference Room Enterprise Edition. www.agguvenligi.com ------------BC1561513DF998AB Content-Type: text/x-vcard; name="ACCOUNT.VCF" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="ACCOUNT.VCF" QkVHSU46VkNBUkQNClZFUlNJT046Mi4xDQpOOktBU0FCT0dMVTtNdXJhdA0KRk46TXVyYXQgS0FT QUJPR0xVDQpFTUFJTDtQUkVGO0lOVEVSTkVUOm11cmF0QGFnZ3V2ZW5saWdpLmNvbQ0KVVJMOmh0 dHA6Ly93d3cuYWdndXZlbmxpZ2kuY29tDQpVUkw7V09SSzpodHRwOi8vd3d3LmFnZ3V2ZW5saWdp LmNvbQ0KWC1HRU5ERVI6TWFsZQ0KUkVWOjE4OTkxMjMwVDAyMDAwMFoNCkVORDpWQ0FSRA0K ------------BC1561513DF998AB--