ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

DonationCoder.com Software > Mircryption

Serious Security Bug - All Users Should Update to version 1.15.00 or higher

(1/1)

mouser:
Serious Security Bug - All Users Should Update

Today (1/27/06) we were alerted by the people at RainbowCrack-Online that they had discovered a buffer overflow risk in the mircryption dll, which could be demonstrated by a program called ircfuzz by Ilja van Sprundel. Ircfuzz generates and floods a mirc client with huge amounts of random data, and it turns out that mircryption does not sufficiently protect itself from the possibility of abnormally long channel names or nick names(>255 characters).

While it is not possible for a normal user to trigger such an attack, it is still possible that a malicious server owner could send commands that could crash your irc client while running mircryption, or possibly exploit the buffer overflow in order to execute malicious code.

While we know of no existing exploit of this bug in the wild, this should be considerd a SERIOUS risk, and all mircryption users should update immediately.

Both the mircryption.mrc script and mircryption.dll files as of version 1.15.00 have been redundantly fixed to protect against flaw.

You can update using the online updater, or by installing the new version over your old version, or by manually downloading and replaceing the new mircryption.dll and mircryption.mrc files on the download page.

Thank you to rainbow-crack-online for alerting us to this bug.

This is the first time in 4+ years that we've had reason to release a security update for mircryption :(



News page and update:
https://www.donationcoder.com/Software/Mouser/mircryption/index.php

gottadoit:
Mouser,
  I'm not sure what is wrong but somebody I know just encountered an error when trying to run the exe install
  The error text was something like "error 0 while running command"

  The exe was from sourceforge (  http://mircryption.sourceforge.net/Downloads/MircryptionSuite_Setup_151.exe )

mouser:
thanks for catching this!

i always test the installs, but it's been a while since i built them and because of the way the self unpacker works and the directory i run the test install in, it was working for me but for everyone else the actual setup.exe file was missing, so when it unpacks and tries to run the installer it was failing with that unhelpful error message.

all fixed now.

Navigation

[0] Message Index

Go to full version