linuxdcpp-team team mailing list archive

[Fredrik Ullner <ullner@xxxxxxxxx>]

*** This bug is a security vulnerability ***

Private security bug reported:

Any client may send a CMD (only B-type tested) to the hub, distributing
it to any user. If done in a bot, you can effectively send tens or
hundreds of these, and a receiving client will be forced to manage them,
thus potentially causing a DoS scenario.

Generate the following user command in DC++ to test yourself;
Command type: Raw
Context: Hub menu
Name: RogueCommand
Command: BCMD %[mySID] Security\stest,\sbe\safraid TTHINF\sNIfoobar\n CT2
Hub address: adc://

(Above command should obviously be followed by a new line.)

The hub should ignore any CMD originating from a user. Potentially allow
CMDs from trusted users.

** Affects: adchpp
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of
Dcplusplus-team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1030613

Title:
  Normal users can issue CMDs

Status in ADCH++:
  New

Bug description:
  Any client may send a CMD (only B-type tested) to the hub,
  distributing it to any user. If done in a bot, you can effectively
  send tens or hundreds of these, and a receiving client will be forced
  to manage them, thus potentially causing a DoS scenario.

  Generate the following user command in DC++ to test yourself;
  Command type: Raw
  Context: Hub menu
  Name: RogueCommand
  Command: BCMD %[mySID] Security\stest,\sbe\safraid TTHINF\sNIfoobar\n CT2
  Hub address: adc://

  (Above command should obviously be followed by a new line.)

  The hub should ignore any CMD originating from a user. Potentially
  allow CMDs from trusted users.

To manage notifications about this bug go to:
https://bugs.launchpad.net/adchpp/+bug/1030613/+subscriptions