Konversation IRC Client Multiple Remote Vulnerabilities
BID:12312
Info
Konversation IRC Client Multiple Remote Vulnerabilities
| Bugtraq ID: | 12312 |
| Class: | Unknown |
| CVE: |
CVE-2005-0129 CVE-2005-0130 CVE-2005-0131 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 19 2005 12:00AM |
| Updated: | Jul 12 2009 10:06AM |
| Credit: | [email protected] is credited with the discovery of these issues. |
| Vulnerable: |
SuSE Linux 8.1 SuSE Linux 8.0 i386 SuSE Linux 8.0 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 Konversation IRC Client 0.15 |
| Not Vulnerable: |
Konversation IRC Client 0.15.1 |
Discussion
Konversation IRC Client Multiple Remote Vulnerabilities
Konversation is a freely available IRC client for KDE windows environments on Linux platforms.
Multiple remote vulnerabilities affect the Konversation IRC client. These issues are due to input validation failures and design flaws.
The first issue is due to a failure of the application to filter various parameters from the IRC environment prior to including them in commands made to the underlying operating system. The second issue affects the QuickButtons functionality of the vulnerable application. Finally a design error causes the quick connect dialogue to confuse a supplied nickname with a supplied password.
An attacker may leverage these issues to execute arbitrary shell and Konversation commands, potentially leading to denial of service attacks and system compromise.
Konversation is a freely available IRC client for KDE windows environments on Linux platforms.
Multiple remote vulnerabilities affect the Konversation IRC client. These issues are due to input validation failures and design flaws.
The first issue is due to a failure of the application to filter various parameters from the IRC environment prior to including them in commands made to the underlying operating system. The second issue affects the QuickButtons functionality of the vulnerable application. Finally a design error causes the quick connect dialogue to confuse a supplied nickname with a supplied password.
An attacker may leverage these issues to execute arbitrary shell and Konversation commands, potentially leading to denial of service attacks and system compromise.
Exploit / POC
Konversation IRC Client Multiple Remote Vulnerabilities
No exploit is required to leverage these issues. The following proof of concepts have been provided:
When an unsuspecting user joins a channel named #%n/quit%n and the Part Button their client will quit.
When an unsuspecting user enters a channel named #`kwrite` and executes the /uptime command, the kwrite application will be activated.
No exploit is required to leverage these issues. The following proof of concepts have been provided:
When an unsuspecting user joins a channel named #%n/quit%n and the Part Button their client will quit.
When an unsuspecting user enters a channel named #`kwrite` and executes the /uptime command, the kwrite application will be activated.
Solution / Fix
Konversation IRC Client Multiple Remote Vulnerabilities
Solution:
The vendor has released an advisory and an upgrade dealing with these issues. Please see the referenced advisory for further information.
Gentoo Linux has released advisory GLSA 200501-34 dealing with this issue. All Konversation users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-irc/konversation-0.15.1"
Please see the referenced Gentoo Linux advisory for more information.
SuSE Linux has released a security summary report (SUSE-SR:2005:004) that contains fixes to address this and other vulnerabilities. Customers are advised to peruse the referenced advisory for further information regarding obtaining and applying appropriate updates.
Konversation IRC Client 0.15
Solution:
The vendor has released an advisory and an upgrade dealing with these issues. Please see the referenced advisory for further information.
Gentoo Linux has released advisory GLSA 200501-34 dealing with this issue. All Konversation users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-irc/konversation-0.15.1"
Please see the referenced Gentoo Linux advisory for more information.
SuSE Linux has released a security summary report (SUSE-SR:2005:004) that contains fixes to address this and other vulnerabilities. Customers are advised to peruse the referenced advisory for further information regarding obtaining and applying appropriate updates.
Konversation IRC Client 0.15
-
KDE post-0.15-konversation.diff
ftp://ftp.kde.org/pub/kde/security_patches -
Konversation Konversation 1.15.1
http://konversation.berlios.de/
References
Konversation IRC Client Multiple Remote Vulnerabilities
References:
References:
- KDE Security Advisory: Multiple vulnerabilities in Konversation (KDE)
- Konversation Home Page (Konversation)
- Multiple vulnerabilities in Konversation (Wouter Coekaerts