LWN.net Logo

Advertisement

TrustCommerce

E-Commerce & credit card processing - the Open Source way!

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for December 4, 2008

KSM runs into patent trouble

Tux3: the other next-generation filesystem

LWN.net Weekly Edition for November 27, 2008

LWN.net Weekly Edition for November 20, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

KDE Security Advisory: Multiple vulnerabilities in Konversation

[Posted January 24, 2005 by ris] 


KDE Security Advisory:  Multiple vulnerabilities in Konversation
Original Release Date: 20050121
URL: http://www.kde.org/info/security/advisory-20050121-1.txt

0. References
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2005-...
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2005-...
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2005-...
  http://lists.netsys.com/pipermail/full-disclosure/2005-Ja...

1. Systems affected:

        All Konversation versions up to and including 0.15

2. Overview:

        Multiple vulnerabilities have been discovered in Konversation,
        an IRC client  for KDE.

        A flaw in the expansion of %-escaped variables makes that %-escaped
        variables in certain input strings will be inadvertently expanded
        too. The Common Vulnerabilities and Exposures project (cve.mitre.or=
g)
        has assigned the name CAN-2005-0129 to this issue.

        Several perl scripts included with Konversation fail to properly
        handle command line arguments causing a command line injection
        vulnerability. The Common Vulnerabilities and Exposures project
        (cve.mitre.org) has assigned the name CAN-2005-0130 to this issue.
     =20
        Nick and password are confused in the quick connection dialog,=20
        so connecting with that dialog and filling in a password, would
        use that password as nick, and may inadvertently expose the
        password to others. The Common Vulnerabilities and Exposures project
        (cve.mitre.org) has assigned the name CAN-2005-0131 to this issue.
     =20
3. Impact:

        A user might be tricked to join a channel with a specially crafted
        channel name containing shell commands. If user runs a script in
        that channel it will result in an arbitrary command execution.

        If quick connect is used with a password, the password is used as
        nickname instead. As a result the password may be exposed to others.

4. Solution:

        Upgrade to Konversation 0.15.1 available from
        http://download.berlios.de/konversation/konversation-0.15...

5. Patch:

        A patch for Konversation 0.15 is available from
        ftp://ftp.kde.org/pub/kde/security_patches

        36f8b6beac18a9d173339388d13e2335  post-0.15-konversation.diff

6. Time line and credits:

        18/01/2005 Konversation developers informed by Wouter Coekaerts
        19/01/2005 Patches applied to KDE CVS.
        19/01/2005 Konversation 0.15.1 released.
        21/01/2005 KDE Security Advisory released.


--nextPart1250527.7RWV6VbYdm
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQBB8SAUN4pvrENfboIRAt8uAJ9tKoj1qjNKVZULzrEIU+ihJN/hIwCdFLGS
P7zOW3gdxJcFzSSNKOMtUmo=
=ct4C
-----END PGP SIGNATURE-----

--nextPart1250527.7RWV6VbYdm--


--===============1286635213==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
kde-announce mailing list
kde-announce@kde.org
https://mail.kde.org/mailman/listinfo/kde-announce

--===============1286635213==--
(Log in to post comments)

Copyright © 2005, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds