Date: Wed, 28 Jul 2010 10:52:15 +0200 From: Jan Lieskovsky <jlieskov@...hat.com> To: "Steven M. Christey" <coley@...us.mitre.org> CC: oss-security <oss-security@...ts.openwall.com> Subject: CVE Request -- KVIrc -- Remote CTCP commands execution via specially-crafted CTCP parameter Hi Steve, user with nickname 'unic0rn' reported:  https://svn.kvirc.de/kvirc/ticket/858 a deficiency in the way KVIrc IRC client extracted the "next" CTCP parameter from message pointer. A remote, authenticated attacker, valid KVIrc user, could send a specially-crafted DCC Client-To-Client Protocol (CTCP) message, like: /ctcp nickname DCC GET\rQUIT\r /ctcp nickname DCC GET\rPRIVMSG\40#channel\40:epic\40fail\r which could lead to / allow remote (KVIrc) CTCP commands execution. Different vulnerability than CVE-2010-2451:  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2451 and CVE-2010-2452:  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2452 Upstream patch:  https://svn.kvirc.de/kvirc/changeset/4693 Workaround: (from ) /option boolNotifyFailedDccHandshakes 0 References:  http://bugs.gentoo.org/show_bug.cgi?id=330111 Could you please allocate a CVE id for this? Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.