perl-POE-Component-IRC: arbitrary IRC command execution
| Package(s): | perl-POE-Component-IRC |
CVE #(s): | |
| Created: | May 31, 2010 |
Updated: | June 2, 2010 |
| Description: |
From the Red
Hat bugzilla:
A vulnerability was reported to Debian for POE::Component::IRC, where it
did not remove carriage returns and line feeds. This affects tools or IRC bots
using the perl module, and can be used to execute arbitrary IRC commands by
passing an argument such as "some text\rQUIT" to the 'privmsg' handler, which
would cause the client to disconnect from the server. |
| Alerts: |
|
