'Re: [oss-security] CVE Request -- KVIrc -- Remote CTCP commands'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request -- KVIrc -- Remote CTCP commands
From:       Josh Bressers <bressers () redhat ! com>
Date:       2010-07-29 13:28:07
Message-ID: 1470672121.25911280410087303.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]

Please use CVE-2010-2785

Thanks.

-- 
    JB

----- "Jan Lieskovsky" <jlieskov@redhat.com> wrote:

> Hi Steve,
> 
>    user with nickname 'unic0rn' reported:
>      [1] https://svn.kvirc.de/kvirc/ticket/858
> 
> a deficiency in the way KVIrc IRC client extracted the "next" CTCP
> parameter from message
> pointer. A remote, authenticated attacker, valid KVIrc user, could
> send a specially-crafted
> DCC Client-To-Client Protocol (CTCP) message, like:
> 
> /ctcp nickname DCC GET\rQUIT\r
> /ctcp nickname DCC GET\rPRIVMSG\40#channel\40:epic\40fail\r
> 
> which could lead to / allow remote (KVIrc) CTCP commands execution.
> Different vulnerability
> than CVE-2010-2451:
>    [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2451
> and CVE-2010-2452:
>    [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2452
> 
> Upstream patch:
>    [3] https://svn.kvirc.de/kvirc/changeset/4693
> 
> Workaround: (from [1])
>    /option boolNotifyFailedDccHandshakes 0
> 
> References:
>    [4] http://bugs.gentoo.org/show_bug.cgi?id=330111
> 
> Could you please allocate a CVE id for this?
> 
> Thanks && Regards, Jan.
> --
> Jan iankko Lieskovsky / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic