[Bug 123037] Re: KVIrc irc:// URI Handler Command Execution Vulnerability
Richard Johnson
nixternal at ubuntu.com
Wed Jul 4 16:20:05 UTC 2007
kvirc (2:3.2.4-5ubuntu2) gutsy; urgency=low
* SECURITY UPDATE: parseIrcUrl() do not properly sanitize parts of the URI
when building the command for KVIrc's internet script system. This can
be exploited to inject and execute commands for the KVIrc script system
(including the "run" command, which can be leveraged to execute shell
commands) by e.g. tricking a user into opening a specially crafted
"irc://" or similar URI.
* Add debian/patches/10_parseIrcUrl_security_fix.patch: properly sanitizes
URI strings, as done in upstream SVN. (Fixes LP: #123037)
* References:
- http://www.kvirc.net/?id=news&story=2007.06.29.22.00.1.story&dir=latest
- http://secunia.com/secunia_research/2007-56/advisory/
- http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2951
- https://svn.kvirc.de/kvirc/changeset/630/#file3 (fix to kvi_ircurl.cpp)
* Add debian/control: Debian Maintainer Field
-- nixternal at ubuntu.com (Richard A. Johnson) Mon, 02 Jul 2007
13:16:11 -0500
--
KVIrc irc:// URI Handler Command Execution Vulnerability
https://bugs.launchpad.net/bugs/123037
You received this bug notification because you are a member of MOTU,
which is a subscriber of a duplicate bug.
More information about the universe-bugs
mailing list