[Bug 123595] KVIrc security issue with releases >= 3.2.0 (Dapper - Gutsy)
Richard Johnson
nixternal at ubuntu.com
Mon Jul 2 18:26:44 UTC 2007
Private bug reported:
Binary package hint: kvirc
KVIrc Website News Announcement:
http://www.kvirc.net/?id=news&story=2007.06.29.22.00.1.story&dir=latest
Secunia Advisory:
http://secunia.com/secunia_research/2007-56/advisory/
CVE List:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2951
This issue effects all of the releases in the 3.2.x branch (from Dapper
to Gutsy).
Description taken from Secunia:
---------------------------------------
Secunia Research has discovered a vulnerability in KVIrc, which can be
exploited by malicious people to compromise a user's system.
The vulnerability is caused due to the "parseIrcUrl()" function in
src/kvirc/kernel/kvi_ircurl.cpp not properly sanitising parts of the
URI when building the command for KVIrc's internal script system. This
can be exploited to inject and execute commands for the KVIrc script
system (including the "run" command, which can be leveraged to execute
shell commands) by e.g. tricking a user into opening a specially
crafted "irc://" or similar URI (e.g. "irc6://").
Successful exploitation requires that KVIrc is the default handler for
"irc://" and similar URIs.
** Affects: kvirc (Ubuntu)
Importance: Undecided
Status: New
--
KVIrc security issue with releases >= 3.2.0 (Dapper - Gutsy)
https://bugs.launchpad.net/bugs/123595
You received this bug notification because you are a member of MOTU,
which is a direct subscriber.
More information about the universe-bugs
mailing list