CVE-2002-1486
published 2003-04-02CVE-2002-1486: Multiple buffer overflows in the IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service and possibly execute…
PriorityP334high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
9.36%
94.8th percentile
Multiple buffer overflows in the IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service and possibly execute arbitrary code via (1) a large response from the server, (2) a JOIN with a long channel name, (3) a long "raw 221" message, (4) a PRIVMSG with a long nickname, or (5) a long response from an IDENT server.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cerulean_studios | trillian | — | — |
| cerulean_studios | trillian | — | — |
| cerulean_studios | trillian | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Trillian 0.74 - IRC Oversized Data Block Buffer Overflow
exploitdb·2002-09-22
CVE-2002-1486 Trillian 0.74 - IRC Oversized Data Block Buffer Overflow
Trillian 0.74 - IRC Oversized Data Block Buffer Overflow
---
// source: https://www.securityfocus.com/bid/5777/info
A vulnerability has been reported for Trillian. Reportedly, Trillian is prone to a buffer overflow condition when it receives blocks of data that are larger than 4095 bytes.
A malicious server may exploit this condition to cause a denial of service in the client. This may also potentially be exploited to execute arbitrary code, though this possibility has not been confirmed.
/* Trillian-Dos.c
Author: Lance Fitz-Herbert
Contact: IRC: Phrizer, DALnet - #KORP
ICQ: 23549284
Exploits Multiple Trillian DoS Flaws:
Raws 206, 211, 213, 214, 215, 217, 218, 243, 302, 317, 324, 332, 333,
352, 367
Part Flaw
Data length flaw.
Tested On Version .74
Compiles with Borland 5.5 Commandli
Exploit-DB
Trillian 0.725/0.73/0.74 - IRC User Mode Numeric Remote Buffer Overflow
exploitdb·2002-09-21
CVE-2002-1486 Trillian 0.725/0.73/0.74 - IRC User Mode Numeric Remote Buffer Overflow
Trillian 0.725/0.73/0.74 - IRC User Mode Numeric Remote Buffer Overflow
---
// source: https://www.securityfocus.com/bid/5769/info
Trillian is an instant messaging client that supports a number of protocols (including IRC, ICQ, MSN). It is available for Microsoft Windows systems.
It has been reported that Trillian does not perform adequate bounds checking when receiving IRC raw user mode messages. When a Trillian client receives an instruction from a server for a raw user mode change containing 251 or more bytes of data, a buffer overflow occurs. This could result in denial of service, or the execution of arbitrary attacker supplied instructions.
/* Trillian-221.c
Author: Lance Fitz-Herbert
Contact: IRC: Phrizer, DALnet - #KORP
ICQ: 23549284
Exploits the Trillian "Raw 221" Flaw.
Test
Exploit-DB
Trillian 0.73/0.74 - IRC JOIN Buffer Overflow
exploitdb·2002-09-20
CVE-2002-1486 Trillian 0.73/0.74 - IRC JOIN Buffer Overflow
Trillian 0.73/0.74 - IRC JOIN Buffer Overflow
---
// source: https://www.securityfocus.com/bid/5765/info
The Trillian IRC module does not sufficiently check bounds on JOIN commands. A malicious IRC server may potentially exploit this condition to cause a denial of service or execute arbitrary code with the privileges of the client.
This issue was reported for Trillian versions 0.73 and 0.74. Earlier versions may also be affected.
/* Trillian-Join.c
Author: Lance Fitz-Herbert
Contact: IRC: Phrizer, DALnet - #KORP
ICQ: 23549284
Exploits the Trillian Join Flaw.
Tested On Version .74 and .73
Compiles with Borland 5.5 Commandline Tools.
This Example Will Just DoS The Trillian Client,
not particularly useful, just proves the flaw exists.
*/
#include
#include
#include
#include
SOCKET s;
Exploit-DB
Trillian 0.73/0.74 - IRC PRIVMSG Buffer Overflow
exploitdb·2002-09-19
CVE-2002-1486 Trillian 0.73/0.74 - IRC PRIVMSG Buffer Overflow
Trillian 0.73/0.74 - IRC PRIVMSG Buffer Overflow
---
// source: https://www.securityfocus.com/bid/5755/info
Trillian is an instant messaging client that supports a number of protocols (including IRC, ICQ, MSN). It is available for Microsoft Windows systems.
A buffer overflow has been discovered in Trillian version .73 and .74. When processing a PRIVMSG command with an overly large sender name, a buffer overflow will occur resulting in memory corruption and a denial of service.
Although not yet confirmed, because memory can be overwritten, it may be possible for arbitrary attacker-supplied code to be executed with the privileges of the client.
/* Trillian-Privmsg.c
Author: Lance Fitz-Herbert
Contact: IRC: Phrizer, DALnet - #KORP
ICQ: 23549284
Exploits the Trillian Privmsg Flaw.
Teste
Exploit-DB
Trillian 0.6351/0.7x - Identd Buffer Overflow
exploitdb·2002-09-18
CVE-2002-1486 Trillian 0.6351/0.7x - Identd Buffer Overflow
Trillian 0.6351/0.7x - Identd Buffer Overflow
---
// source: https://www.securityfocus.com/bid/5733/info
Trillian ships with an ident server to facilitate connections to IRC servers that require an ident response before allowing access. A buffer overflow condition exists in the Trillian ident server, which may potentially be exploited to cause a denial of service or execute arbitrary code.
When the ident server receives a malformed request that is 418 bytes or more in length, the client crashes and memory is corrupted. It may be possible for an attacker to exploit the resulting memory corruption to execute arbitrary instructions with the privileges of the ident server.
/* Trillian-Ident.c
Author: Lance Fitz-Herbert
Contact: IRC: Phrizer, DALnet - #KORP
ICQ: 23549284
Exploits the Tril
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2002-09/0258.htmlhttp://archives.neohapsis.com/archives/bugtraq/2002-09/0266.htmlhttp://archives.neohapsis.com/archives/bugtraq/2002-09/0268.htmlhttp://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0139.htmlhttp://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0140.htmlhttp://www.iss.net/security_center/static/10150.phphttp://www.iss.net/security_center/static/10151.phphttp://www.iss.net/security_center/static/10163.phphttp://www.securityfocus.com/bid/5765http://www.securityfocus.com/bid/5769http://www.securityfocus.com/bid/5777http://archives.neohapsis.com/archives/bugtraq/2002-09/0258.htmlhttp://archives.neohapsis.com/archives/bugtraq/2002-09/0266.htmlhttp://archives.neohapsis.com/archives/bugtraq/2002-09/0268.htmlhttp://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0139.htmlhttp://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0140.htmlhttp://www.iss.net/security_center/static/10150.phphttp://www.iss.net/security_center/static/10151.phphttp://www.iss.net/security_center/static/10163.phphttp://www.securityfocus.com/bid/5765http://www.securityfocus.com/bid/5769http://www.securityfocus.com/bid/5777
2003-04-02
Published