News/Announcements
Old News Archive
Posted by Syzop on February 28, 2010, 1:28 pm EST
Just wanted to drop a note that if anyone is experiencing problems like this (also called Firefox XPS IRC Attack). Then this is what I suggest you do:
1. If not done so already, then compile UnrealIRCd with NOSPOOF (spoof protection) enabled, on *NIX this is the first question asked during ./Config, on Windows it is always enabled.
2. I've released a nopost module which will kill/zline/etc such connections. http://www.vulnscan.org/UnrealIRCd/modu ... ost.tar.gz
You can do #2 without #1, and #1 without #2, but if you're really under attack then combining them is most effective.
1. If not done so already, then compile UnrealIRCd with NOSPOOF (spoof protection) enabled, on *NIX this is the first question asked during ./Config, on Windows it is always enabled.
2. I've released a nopost module which will kill/zline/etc such connections. http://www.vulnscan.org/UnrealIRCd/modu ... ost.tar.gz
You can do #2 without #1, and #1 without #2, but if you're really under attack then combining them is most effective.
Post Reply :: 11 Replies & 343 Views
Posted by Syzop on February 22, 2010, 1:33 pm EST
The UnrealIRCd team- and support-channels on IRC have moved to their own network (rather than using IRCSystems). The URI is still irc://irc.unrealircd.org/
The support channel is still #unreal-support too, however the development channel has been split: #unreal3-devel for 3.2* development and #unreal4-devel for 4.* development.
The support channel is still #unreal-support too, however the development channel has been split: #unreal3-devel for 3.2* development and #unreal4-devel for 4.* development.
Post Reply :: 0 Replies & 206 Views
Posted by Stealth on January 6, 2010, 2:36 pm EST
Unreal 4 is coming along slowly but surely. There is a lot of work that still needs to be done, and we only have 1 coder working on it.
Currently we have a somewhat functional core that compiles, allows connections, provides basic commands and the ability to join channels. However, even though we have a mostly functioning core, we are still a long way off from having a core that provides all the basic IRC functions.
If you're a C++ coder and would like to help out, stop by #Unreal-Devel on irc.unrealircd.com and we'll help you get up to date on what is done and what still needs doing. If you would like to download the code we have so far, you can access our mecurial repository at http://ohnopub.net/hg/unrealircd-cpp/
Currently we have a somewhat functional core that compiles, allows connections, provides basic commands and the ability to join channels. However, even though we have a mostly functioning core, we are still a long way off from having a core that provides all the basic IRC functions.
If you're a C++ coder and would like to help out, stop by #Unreal-Devel on irc.unrealircd.com and we'll help you get up to date on what is done and what still needs doing. If you would like to download the code we have so far, you can access our mecurial repository at http://ohnopub.net/hg/unrealircd-cpp/
Post Reply :: 12 Replies & 1190 Views
Posted by Stealth on July 23, 2009, 11:39 pm EDT
I am asking for everyone's help in cleaning out the bug tracker. Currently our bugtracker has plenty issues still open (301) for the current version of Unreal. Unfortunately most of the open issues are old and no longer apply to the current workings of Unreal 3.2. Some of the issues are features or tweaks wanted by the community. If you see an issue that is no longer relevant to the current version, is a problem that has been solved in the past, duplicate issues, or something that just shouldn't be there, add a note to it so we can close or resolve the issue.
If you're a C coder, you can help by making patches for the current problems in the bug tracker. Patches should be made from 3.2.8.1, or preferably from the nightly CVS snapshots downloadable from Syzop's site.
We are also looking for C++ coders to help get the next major version of Unreal off the ground and into active development. We will be doing a recode from the ground-up starting with a core that has no more than the basics of IRC (i.e. the stuff in RFC-1459). If you want to give us a hand in getting the next version going, swing by #Unreal-Devel on irc.unrealircd.com to find out more info!
... (Read More)
If you're a C coder, you can help by making patches for the current problems in the bug tracker. Patches should be made from 3.2.8.1, or preferably from the nightly CVS snapshots downloadable from Syzop's site.
We are also looking for C++ coders to help get the next major version of Unreal off the ground and into active development. We will be doing a recode from the ground-up starting with a core that has no more than the basics of IRC (i.e. the stuff in RFC-1459). If you want to give us a hand in getting the next version going, swing by #Unreal-Devel on irc.unrealircd.com to find out more info!
... (Read More)
Post Reply :: 10 Replies & 2326 Views
Posted by nate on May 5, 2009, 1:54 am EDT
For reasons I won't get into, I'm pulling myself out of UnrealIRCd actively as the 3.3 developer and a developer of the software at all.
Until a time alternatively set by one of the others I'll still be managing the site, so any issues with bugs on the site at all everyone is still free to toss me an IM on here or post it in the website forums to let me know.
Until a time alternatively set by one of the others I'll still be managing the site, so any issues with bugs on the site at all everyone is still free to toss me an IM on here or post it in the website forums to let me know.
Post Reply :: 6 Replies & 2967 Views
Posted by Syzop on April 28, 2009, 11:51 am EDT
A security issue was found, which is exploitable (crash) when allow::options::noident is in use.
The security advisory is below. (this news item is a re-post, not an update)
SECURITY ADVISORY
==================
A serious buffer overflow issue has been discovered in UnrealIRCd. This issue can cause the IRC server to crash. It is not clear if this issue can lead to remote code execution.
==[ AFFECTED VERSIONS ]==
This bug can ONLY be triggered if allow::options::noident is in use. By default, this is not the case, and it's not a very common option to use.
To check for this, you can search for "noident" (without quotes) in your config files (such as unrealircd.conf). If you don't use this option, you are safe, and there's no need to upgrade. If you use the noident option, and you're using Unreal3.2.8 or earlier (this issue goes back to 3.2beta11), then you are affected.
==[ PROBLEM ]==
A buffer in the code which handles user authorization is copied without sufficient length checks, causing a buffer overflow.
This bug happens BEFORE the user is online. In other words: even if you have a password protected server, or only allow certain ip/h ... (Read More)
The security advisory is below. (this news item is a re-post, not an update)
SECURITY ADVISORY
==================
A serious buffer overflow issue has been discovered in UnrealIRCd. This issue can cause the IRC server to crash. It is not clear if this issue can lead to remote code execution.
==[ AFFECTED VERSIONS ]==
This bug can ONLY be triggered if allow::options::noident is in use. By default, this is not the case, and it's not a very common option to use.
To check for this, you can search for "noident" (without quotes) in your config files (such as unrealircd.conf). If you don't use this option, you are safe, and there's no need to upgrade. If you use the noident option, and you're using Unreal3.2.8 or earlier (this issue goes back to 3.2beta11), then you are affected.
==[ PROBLEM ]==
A buffer in the code which handles user authorization is copied without sufficient length checks, causing a buffer overflow.
This bug happens BEFORE the user is online. In other words: even if you have a password protected server, or only allow certain ip/h ... (Read More)
Post Reply :: 0 Replies & 4046 Views
