Binary Package Hint: KVIrc
Versions involved: >= 3.2.0
Information via KVIrc Website:
http://www.kvirc.net/?id=news&story=2007.06.29.22.00.1.story&dir=latest
Information via Secunia:
http://secunia.com/secunia_research/2007-56/advisory/
Information via CVE:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2951
Launchpad Bugs that have been filed:
https://bugs.launchpad.net/ubuntu/+source/kvirc/+bug/123037 (original)
https://bugs.launchpad.net/ubuntu/+source/kvirc/+bug/123595
Ubuntu Debdiffs:
Dapper:
http://launchpadlibrarian.net/8283483/kvirc_dapper_security_fix.debdiff
Edgy:
http://launchpadlibrarian.net/8283487/kvirc_edgy_security_fix.debdiff
Feisty:
http://launchpadlibrarian.net/8283492/kvirc_feisty_security_fix.debdiff
Gutsy:
http://launchpadlibrarian.net/8283495/kvirc_gutsy_security_fix.debdiff
Description taken from Secunia:
---------------------------------------
Secunia Research has discovered a vulnerability in KVIrc, which can be
exploited by malicious people to compromise a user's system.
The vulnerability is caused due to the "parseIrcUrl()" function in
src/kvirc/kernel/kvi_ircurl.cpp not properly sanitising parts of the
URI when building the command for KVIrc's internal script system. This
can be exploited to inject and execute commands for the KVIrc script
system (including the "run" command, which can be leveraged to execute
shell commands) by e.g. tricking a user into opening a specially
crafted "irc://" or similar URI (e.g. "irc6://").
Successful exploitation requires that KVIrc is the default handler for
"irc://" and similar URIs.
--
Richard A. Johnson
[EMAIL PROTECTED]
GPG Key: 0x2E2C0124
signature.asc
Description: This is a digitally signed message part.
-- Ubuntu-motu mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-motu
