Date: Wed, 28 Jul 2010 10:52:15 +0200 From: Jan Lieskovsky <jlieskov@...hat.com> To: "Steven M. Christey" <coley@...us.mitre.org> CC: oss-security <oss-security@...ts.openwall.com> Subject: CVE Request -- KVIrc -- Remote CTCP commands execution via specially-crafted CTCP parameter Hi Steve, user with nickname 'unic0rn' reported:  https://svn.kvirc.de/kvirc/ticket/858 a deficiency in the way KVIrc IRC client extracted the "next" CTCP parameter from message pointer. A remote, authenticated attacker, valid KVIrc user, could send a specially-crafted DCC Client-To-Client Protocol (CTCP) message, like: /ctcp nickname DCC GET\rQUIT\r /ctcp nickname DCC GET\rPRIVMSG\40#channel\40:epic\40fail\r which could lead to / allow remote (KVIrc) CTCP commands execution. Different vulnerability than CVE-2010-2451:  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2451 and CVE-2010-2452:  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2452 Upstream patch:  https://svn.kvirc.de/kvirc/changeset/4693 Workaround: (from ) /option boolNotifyFailedDccHandshakes 0 References:  http://bugs.gentoo.org/show_bug.cgi?id=330111 Could you please allocate a CVE id for this? Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ