Yet another remote crash disclosal

As one of the most easily exploitable remote crash in the history of DC++ is explained earlier today, let me reveal an older one that has been kept away from the public so far.

The problem in question is a bug in handling queue items for partial file list requests. Though the bug can be used for a remote crash, it is far not as critical as the one with magnet link formatting. The scenario is pretty well described in the filed bug report which is now also made avaliable to the public.

To summarize: the crash can happen only if the attacker is able to convince the victim to browse his/her filelist. As the attacker’s nick should be changed in the right time for a successful exploit, a malicious partial list item will remain in the queue. The victim should manually delete this unfinished queue item from the download queue for a chance to be crashed. Moreover, as nick changes are allowed only on ADC hubs, this bug is not exploitable on NMDC.

The problem was fixed in DC++ 0.790 and should hit any older versions what is already capable to connect to ADC hubs.

About emtee
I started to use DC using DC++ in 2003 when its version number was around 0.261. Since then I've been amazed by the DC network: a professional but still easy-to-use way of P2P file sharing. I was invited to the DC++ development team in 2006 where - in the beginning - I had been doing user support and testing only. A few years later I started to add small contributions to the DC++ code as well so these days I do mostly bug fixes, testing and improvements as well as I take part of the improvement of the documentation for both DC++ and ADCH++. I translated the whole DC++ help file to my native language (Hungarian) and currently maintaining the whole HU locale stuff for DC++. My ultimate goal is to help making the DC network as more user friendly as possible.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: