lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <200501211631.25025.bastian@kde.org>
Date: Fri, 21 Jan 2005 16:31:20 +0100
From: Waldo Bastian <bastian@....org>
To: bugtraq@...urityfocus.com
Subject: KDE Security Advisory:  Multiple vulnerabilities in Konversation

KDE Security Advisory:  Multiple vulnerabilities in Konversation
Original Release Date: 20050121
URL: http://www.kde.org/info/security/advisory-20050121-1.txt

0. References
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0129
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0130
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0131
  http://lists.netsys.com/pipermail/full-disclosure/2005-January/031033.html

1. Systems affected:

        All Konversation versions up to and including 0.15

2. Overview:

        Multiple vulnerabilities have been discovered in Konversation,
        an IRC client  for KDE.

        A flaw in the expansion of %-escaped variables makes that %-escaped
        variables in certain input strings will be inadvertently expanded
        too. The Common Vulnerabilities and Exposures project (cve.mitre.org)
        has assigned the name CAN-2005-0129 to this issue.

        Several perl scripts included with Konversation fail to properly
        handle command line arguments causing a command line injection
        vulnerability. The Common Vulnerabilities and Exposures project
        (cve.mitre.org) has assigned the name CAN-2005-0130 to this issue.
      
        Nick and password are confused in the quick connection dialog, 
        so connecting with that dialog and filling in a password, would
        use that password as nick, and may inadvertently expose the
        password to others. The Common Vulnerabilities and Exposures project
        (cve.mitre.org) has assigned the name CAN-2005-0131 to this issue.
      
3. Impact:

        A user might be tricked to join a channel with a specially crafted
        channel name containing shell commands. If user runs a script in
        that channel it will result in an arbitrary command execution.

        If quick connect is used with a password, the password is used as
        nickname instead. As a result the password may be exposed to others.

4. Solution:

        Upgrade to Konversation 0.15.1 available from
        http://download.berlios.de/konversation/konversation-0.15.1.tar.bz2

5. Patch:

        A patch for Konversation 0.15 is available from
        ftp://ftp.kde.org/pub/kde/security_patches

        36f8b6beac18a9d173339388d13e2335  post-0.15-konversation.diff

6. Time line and credits:

        18/01/2005 Konversation developers informed by Wouter Coekaerts
        19/01/2005 Patches applied to KDE CVS.
        19/01/2005 Konversation 0.15.1 released.
        21/01/2005 KDE Security Advisory released.


Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ