Title 23/4/2002 psyBNC Vulnerable to a DoS Attack (Exploit) Summary http://www.psychoid.lam3rz.de/ psyBNC has a problem dealing with oversized passwords, making it possible to tie up all the connection slots and consume a lot of CPU on the server. Details Vulnerable systems: psyBNC versions prior to 2.3 (without the patch) Immune systems: psyBNC version 2.3 and above Exploit: Create a program to do the following: 1. Connect to the psyBNC daemon 2. Send "irc registration" information, e.g.: user a b c d [LF/0x10] nick abcd [LF/0x10] 3. Send an oversized password (about 9000++ bytes): PASS < oversized password > [LF/0x10] 4. Kill the connection This will make psyBNC slowly consume more and more CPU.