header-logo
Suggest Exploit
vendor:
ConferenceRoom
by:
SecurityFocus
5
CVSS
MEDIUM
Denial of Service
N/A
CWE
Product Name: ConferenceRoom
Affected Version From: 1.8.2001
Affected Version To: 1.8.2002
Patch Exists: No
Related CWE: N/A
CPE: a:webmaster_software:conferenceroom
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Denial of Service in ConferenceRoom

ConferenceRoom is a chat package which enables a large community of users to chat together. It is possible to cause a denial of service in ConferenceRoom by making duplicate connections and executing special server commands in both sessions. For ConferenceRoom 1.8.1, the commands are "/ns buddy on" on the second connection and "/ns buddy add <clone client nickname>" on the first connection, followed by "/ns auth accept 1" on the second connection. For ConferenceRoom 1.8.2, the commands are "/ns set authorize chanlists on", "/cs aop <#ChannelName> add <NickName>", and "/ns auth accept 1". Executing these commands will cause the service to crash and refuse any new connections.

Mitigation:

Restart the service to gain normal functionality.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/2178/info

WebMaster ConferenceRoom Developer Edition is a chat package which enables a large community of users to chat together. ConferenceRoom has a wide range of capabilities and a user friendly channel moderation feature.

It is possible to cause a denial of service in ConferenceRoom. By making duplicate connections and executing special server commands in both sessions, ConferenceRoom will crash and refuse any new connections. A restart of the service is required in order to gain normal functionality. 

ConferenceRoom 1.8.1:

Make to connections to the irc server second being the clone of other. On second connection (clone) type "/ns buddy on". on first connection type "/ns buddy add <clone client nickname>". on clone type "/ns auth accept 1" and the services crashes.

ConferenceRoom 1.8.2:

"/ns buddy on" can't run, cuz professional edt. can't support "buddy" command. Register it one channel, and type it commands "/ns set authorize chanlists on", "/cs aop <#ChannelName> add <NickName>", "/ns auth accept 1". and the services crashes.

Navigation

Suggest Exploit

Services By CQR