[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list]
Date: Tue, 25 Mar 2008 16:26:50 +0100
From: Nico Golde <oss-security+ml@...lde.de>
To: oss-security@...ts.openwall.com
Subject: Re: was: SA29489 CenterIM URL handling flaw
Hi,
* Nico Golde <oss-security+ml@...lde.de> [2008-03-25 16:25]:
> * Lubomir Kundrak <lkundrak@...hat.com> [2008-03-24 15:08]:
> > Ad SA29489 [1] "CenterIM URL Parsing Command Execution Vulnerability"
> >
> > CenterIM does completely nothing with received URLs. Maybe the
> > unfortuate "exploit writer" was using XFCE Terminal [2], or a terminal
> > emulator with a similar problem.
>
> That's partly true. While centerim has no special URL
> handler to handle incoming urls it does provide the ability
> to list urls in a message by pressing F2. If you press enter
> on one of these urls it tries to open it in an external
> browser and executes the other commands as well.
>
> You see the commands in the URL however so I think the
> impact of this is like sending someone a message with
> "please type rm -rf ~ in your shell" so the secunia rating
> is a bit beyond the actual impact.
upstream patch:
http://repo.or.cz/w/centerim.git?a=blobdiff_plain;f=src/icqconf.cc;fp=src/icqconf.cc;hb=b28c6deaef58eb685a2d747b28b6a572122730d4;hpb=ad6ad53ebf791f97cb7337dc79ab2ce8ccb1246f
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - nion@...ber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Hosted by DataForce ISP -
Powered by Openwall GNU/*/Linux