LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Interview: Kristen Carlson Accardi

LWN.net Weekly Edition for July 24, 2008

Tracing: no shortage of options

Interview: Wind River's John Bruggeman

LWN.net Weekly Edition for July 17, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

konversation: arbitrary code execution

Package(s):konversation CVE #(s):CVE-2007-4400
Created:April 9, 2008 Updated:April 9, 2008
Description:

From the Red Hat bugzilla:

Media script (/usr/share/apps/konversation/scripts/media) that is distributed with konversation package reportedly does not escape tags from media files corr[e]ctly allowing command injection into IRC channel.

Alerts:
Fedora FEDORA-2008-2122 2008-04-08
Fedora FEDORA-2008-2062 2008-04-08
(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.