Multiple IRC Client Now Playing Scripts Input Validation Vulnerability
BID:25281
Info
Multiple IRC Client Now Playing Scripts Input Validation Vulnerability
| Bugtraq ID: | 25281 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-4396 CVE-2007-4397 CVE-2007-4398 CVE-2007-4399 CVE-2007-4400 CVE-2007-4401 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 13 2007 12:00AM |
| Updated: | Jul 05 2016 10:00PM |
| Credit: | Wouter Coekaerts discovered this issue. |
| Vulnerable: |
Tuomas Jormola XMMSinfo (xmmsinfo.pl) 1.1.1 .1 simon xmms2 (xmms2.pl) 1.1.3 Ricardo Mesquita ogg123 (ogg123.pl) 0.01 Ricardo Mesquita mpg123 (mpg123.pl) 0.01 Red Hat Fedora 7 Mikachu l33t xmms music showing script (l33tmusic.pl) 2.00 Kristof Korwisi iXMMSa (ixmmsa.pl) 0.3 KDE Konversation 1 |
| Not Vulnerable: |
irssi irssi 0.8.11 |
Discussion
Multiple IRC Client Now Playing Scripts Input Validation Vulnerability
Multiple IRC clients are prone to an input-validation vulnerability because they fail to adequately sanitize user-supplied input.
Attackers can exploit this issue to execute arbitrary IRC commands in IRC sessions of a victim user. On some clients, attackers may be able to leverage this issue to execute commands on the client itself.
Successful attacks can elevate attacker privileges, cause denial-of-service conditions, or in some cases (depending on the client) compromise the client. Other attacks are also possible.
The following scripts are vulnerable:
For irssi:
ixmmsa.pl 0.3, l33tmusic.pl 2.00, mpg123.pl 0.01, ogg123.pl 0.01, xmms.pl 2.0, xmms2.pl 1.1.3, and xmmsinfo.pl 1.1.1.1
For Xchat:
xmms-thing 1.0, XMMS Remote Control Script 1.07, Disrok 1.0, a2x 0.0.1, xmms-info script 1.0, and XChat-XMMS0.8.1
For WeeChat:
now-playing.rb, xmms.pl 1.1
For BitchX:
xmms.bx 1.0
Other scripts are also affected.
Multiple IRC clients are prone to an input-validation vulnerability because they fail to adequately sanitize user-supplied input.
Attackers can exploit this issue to execute arbitrary IRC commands in IRC sessions of a victim user. On some clients, attackers may be able to leverage this issue to execute commands on the client itself.
Successful attacks can elevate attacker privileges, cause denial-of-service conditions, or in some cases (depending on the client) compromise the client. Other attacks are also possible.
The following scripts are vulnerable:
For irssi:
ixmmsa.pl 0.3, l33tmusic.pl 2.00, mpg123.pl 0.01, ogg123.pl 0.01, xmms.pl 2.0, xmms2.pl 1.1.3, and xmmsinfo.pl 1.1.1.1
For Xchat:
xmms-thing 1.0, XMMS Remote Control Script 1.07, Disrok 1.0, a2x 0.0.1, xmms-info script 1.0, and XChat-XMMS0.8.1
For WeeChat:
now-playing.rb, xmms.pl 1.1
For BitchX:
xmms.bx 1.0
Other scripts are also affected.
Exploit / POC
Multiple IRC Client Now Playing Scripts Input Validation Vulnerability
To exploit this issue, an attacker must entice an unsuspecting user to play a maliciously crafted song while in an IRC chat session.
To exploit this issue, an attacker must entice an unsuspecting user to play a maliciously crafted song while in an IRC chat session.
Solution / Fix
Multiple IRC Client Now Playing Scripts Input Validation Vulnerability
Solution:
Some vendors released updated scripts to address this issue. Note that irssi 0.8.11 reportedly prevents scripts from being vulnerable to the issue.
Please see the references for details. Contact the vendors for information on how to obtain and implement updates.
Solution:
Some vendors released updated scripts to address this issue. Note that irssi 0.8.11 reportedly prevents scripts from being vulnerable to the issue.
Please see the references for details. Contact the vendors for information on how to obtain and implement updates.
References
Multiple IRC Client Now Playing Scripts Input Validation Vulnerability
References:
References:
- BitchX Home Page (BitchX )
- irssi Home Page (irssi)
- irssi Scripts Page (irssie)
- Vendor Homepage (XChat)
- WeeChat Homepage (FlashTux)
- Vulnerability in multiple "now playing" scripts for various IRC clients (Wouter Coekaerts)