From IRCNews.com:
Posted Wednesday, September 18 2002 by LMNOP
BROOKFIELD, CONNECTICUT -- The good folks at IRCHelp.org and IRCJunkie have been alerting users of the one-stop chat program Trillian about an exploit affecting version 0.74 of the software.
Trillian's claim to fame is that it allows you to chat via MSN Messenger, AOL Instant Messenger, Yahoo! Instant Messenger, ICQ and IRC all from one program. Produced by Cerulean Studios, the program boasts 5 million downloads world-wide.
"Don't know if you heard yet, bugtraq contains exploit code for a DoS that works against Trillian's identd," said Joseph Lo, webmaster for IRCHelp.org.
IRCJunkie followed up with a posting on their website which explains the problem:
On 3 september, Lance Fitz-Herbert discovered a exploit which can let the cracker make the target machine impossible to have a working network connection. It is also considered, but yet unconfirmed that arbitrary code is executed on the victim's machine.
It also seems that Trillian is leaving port 113 always open. Unlike programs like mIRC, who close their port 113 after the connection sequence have past.
Users of Trillian .74 are advised to turn of the identd option in Trillian, and use a third party identd server if needed.
Trillian currently gives version 0.74 away for free, but there is a cost of $25 to upgrade to version 1.0, which was released earlier this week.
