Date: Tue, 25 Mar 2008 16:26:50 +0100
From: Nico Golde <oss-security+ml@...lde.de>
To: oss-security@...ts.openwall.com
Subject: Re: was: SA29489 CenterIM URL handling flaw

Hi,
* Nico Golde <oss-security+ml@...lde.de> [2008-03-25 16:25]:
> * Lubomir Kundrak <lkundrak@...hat.com> [2008-03-24 15:08]:
> > Ad SA29489 [1] "CenterIM URL Parsing Command Execution Vulnerability"
> > 
> > CenterIM does completely nothing with received URLs. Maybe the
> > unfortuate "exploit writer" was using XFCE Terminal [2], or a terminal
> > emulator with a similar problem.
> 
> That's partly true. While centerim has no special URL 
> handler to handle incoming urls it does provide the ability 
> to list urls in a message by pressing F2. If you press enter 
> on one of these urls it tries to open it in an external 
> browser and executes the other commands as well.
> 
> You see the commands in the URL however so I think the 
> impact of this is like sending someone a message with 
> "please type rm -rf ~ in your shell" so the secunia rating 
> is a bit beyond the actual impact.

upstream patch:
http://repo.or.cz/w/centerim.git?a=blobdiff_plain;f=src/icqconf.cc;fp=src/icqconf.cc;hb=b28c6deaef58eb685a2d747b28b6a572122730d4;hpb=ad6ad53ebf791f97cb7337dc79ab2ce8ccb1246f

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - nion@...ber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.