vendor:
Dana IRC
by:
t0pP8uZz
7.5
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: Dana IRC
Affected Version From: 1.3
Affected Version To: 1.3
Patch Exists: NO
Related CWE: N/A
CPE: a:dana_irc:dana_irc
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2008
Dana IRC <= 1.3 Remote Buffer Overflow POC/Crash
Dana Irc client suffers from a remote buffer overflow, sending a buffer of around 2k overwrites the EIP therefor crashes the client. The reason why there isnt any shellcode here is because the client is coverting the junk/buffer data to unicode so its corrupting the shellcode. There are also other registers you can overwrite using diffrent junk data to overflow them.
Mitigation:
Ensure that the application is not vulnerable to buffer overflow attacks by validating user input and using secure coding practices.