View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0004238unrealircdpublic2013-09-25 05:172022-08-07 18:35
ReporterKindOne Assigned Tosyzop  
PrioritynormalSeveritymajorReproducibilityhave not tried
Status resolvedResolutionfixed 
Product Version3.2.10.1 
Fixed in Version3.2.10.2 
Summary0004238: /license some.remote.server - not rate limited - makes server split
Description[18:58:13] <@kaniini> another day
[18:58:18] <@kaniini> more unreal 0day
[18:58:20] <@kaniini> woooooo
[18:58:23] <@kaniini> did you know
[18:58:25] <@kaniini> unreal has a command
[18:58:46] <@kaniini> which makes it send you the entire "This is GPLv1" message?
[18:58:51] <@kaniini> well
[18:59:05] <@kaniini> lets take a look at that
[18:59:05] <@kaniini> hmm!
[18:59:05] <@kaniini> hunt_server()!
01[18:59:33] <+KindOne> what?
[18:59:37] <@kaniini> command which supports remote forwarding that sends a lot of crap (100x what was requested)
[18:59:43] <+aji> ...... >.<
[18:59:46] <@kaniini> check!
[18:59:58] <@kaniini> no throttling on this command
[18:59:58] <@kaniini> check!
[18:59:58] <+aji> >.< >.<
[19:00:07] <@kaniini> unrealircd default server class only allows 1MB of sendq!
[19:00:08] <@kaniini> check!
[19:00:20] <+aji> max luls ensue
[19:00:32] <+aji> solution is to rate limit it like /list then?
[19:00:36] <@kaniini> solution is
[19:00:48] <@kaniini> to not allow it to be remotely forwarded
[19:00:48] <@kaniini> as it's pointless
[19:00:50] <+aji> good point.
[19:00:50] <@kaniini> or, better yet
[19:00:52] <@kaniini> just remove it
[19:00:53] <+KindOne> what is the command?
[19:00:55] <@kaniini> because it's stupid
[19:00:57] <+aji> /license, i believe
[19:01:00] <@kaniini> KindOne: /license $remoteserver
[19:01:05] <@kaniini> KindOne: just load up some bots and go to town
[19:01:11] <@Rylee> roflroflrofl
[19:01:16] <@kaniini> KindOne: split servers due to sendq exhaustion!
[19:01:46] <@kaniini> and the best part is
[19:01:46] <@kaniini> HTM will not protect you
[19:01:46] <@kaniini> because
[19:01:52] <@kaniini> 'lifesux' is not checked by hunt_server()
Steps To Reproduce1, Get some botnet
2, Have botnet "/license some.remote.server"
3, Remote server should netsplit due to sendq?
TagsNo tags attached.
3rd party modules

Activities

syzop

2013-09-26 21:05

administrator   ~0017773

Thanks for the report, will definitely look into it!

On first sight it looks like it requires a few hundred bots.

syzop

2013-11-24 11:43

administrator   ~0017849

This has been fixed in 3.2.10.2 by refusing such remote requests. Thanks again for the report.

Issue History

Date Modified Username Field Change
2013-09-25 05:17 KindOne New Issue
2013-09-26 21:05 syzop Note Added: 0017773
2013-11-24 11:43 syzop Note Added: 0017849
2013-11-24 11:43 syzop Status new => resolved
2013-11-24 11:43 syzop Fixed in Version => 3.2.10.2
2013-11-24 11:43 syzop Resolution open => fixed
2013-11-24 11:43 syzop Assigned To => syzop
2022-08-07 18:35 syzop View Status private => public