mIRC Home    About    Download    Register    News    Help

Print Thread
URGENT SECURITY RISK - Peace & Protection Script #93507 10/08/04 11:46 AM
Joined: Dec 2002
Posts: 266
Z
zack Offline OP
Fjord artisan
OP Offline
Fjord artisan
Z
Joined: Dec 2002
Posts: 266
Recently a dangerous exploit was located in popular full script Peace & Protection v4.22 by pai.

The script has been patched and we wish to advise all P&P users to immediately download the latest version available from mircscripts.org.

Sorry, but I will not inform you as to how to perform the exploit for security reasons. Just know that a remote user could execute any arbitrary code to any mIRC client running P&P.


You won't like it when I get angry.
Re: URGENT SECURITY RISK - Peace & Protection Script #93508 10/08/04 12:09 PM
Joined: Dec 2002
Posts: 788
C
Coolkill Offline
Hoopy frood
Offline
Hoopy frood
C
Joined: Dec 2002
Posts: 788
Nice little bug shes got there, doubt anyone with the intelligence to want to exploit it will have the ability to find it though. wink

Eamonn.

Re: URGENT SECURITY RISK - Peace & Protection Scri #93509 10/08/04 12:21 PM
Joined: Jun 2003
Posts: 5,024
M
Mentality Offline
Hoopy frood
Offline
Hoopy frood
M
Joined: Jun 2003
Posts: 5,024
A good example of why it's not always safe to use 3rd party scripts.

Just to reinforce the fact that was clearly made in the first post, this is not an mIRC exploit or any problem with mIRC the program, it is related to the script only.

Regards,


Mentality/Chris
Re: URGENT SECURITY RISK - Peace & Protection Scri #93510 10/08/04 01:18 PM
Joined: Dec 2002
Posts: 266
Z
zack Offline OP
Fjord artisan
OP Offline
Fjord artisan
Z
Joined: Dec 2002
Posts: 266
I'd just like to further point out that this is just a simple mistake that any scripter could have missed or not seen. pai is one of the best scripters (and person) to ever grace the mIRC Scripting scene. Let's hope this doesn't ruin her image at all.

It was merely just a mistake.


You won't like it when I get angry.
Re: URGENT SECURITY RISK - Peace & Protection Scri #93511 11/08/04 11:37 AM
Joined: Sep 2003
Posts: 93
T
Talea Offline
Babel fish
Offline
Babel fish
T
Joined: Sep 2003
Posts: 93
I've used PnP for many years and never had any problems with it... the reason why I don't use it now because it's a tad outdated. This exploit is one of those freaky occurances which I doubt Pai deliberately put in.

Talea

Re: URGENT SECURITY RISK - Peace & Protection Scri #93512 18/08/04 05:10 PM
Joined: Oct 2003
Posts: 16
ytytyt Offline
Pikka bird
Offline
Pikka bird
Joined: Oct 2003
Posts: 16
"I compared the files, and the only file with differences, that I found, is "alias1.mrc". I'm not going to say what the exact differences are, for obvious reasons.. ~_~ So, rather than reinstalling PnP, just replace the alias1.mrc file and it should fix the exploit without overwriting any changes you have made (to other files)."
genius_at_work

Is this good enough? To just overwrite the exsisting said file? shocked


"ytytyt = a lamers' version of asdf"
Re: URGENT SECURITY RISK - Peace & Protection Scri #93513 18/08/04 06:28 PM
Joined: Jun 2003
Posts: 5,024
M
Mentality Offline
Hoopy frood
Offline
Hoopy frood
M
Joined: Jun 2003
Posts: 5,024
I don't know what the 'exploit' is precisely, and nor do I think it's a good idea to start discussing it here, however, your best bet is to download the latest version from the ms.org archive as suggested above.

Regards,


Mentality/Chris