Konversation执行特定IRC命令漏洞

Konversation执行特定IRC命令漏洞

漏洞ID 1108410 漏洞类型
发布时间 2005-01-19 更新时间 2005-10-20
图片[1]-Konversation执行特定IRC命令漏洞-安全小百科CVE编号 CVE-2005-0129
图片[2]-Konversation执行特定IRC命令漏洞-安全小百科CNNVD-ID CNNVD-200504-055
漏洞平台 Linux CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/25054
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200504-055
|漏洞详情
konversation是一款KDE包含的IRC客户端软件。在Konversation0.15中,Quick按钮特性允许远程攻击者通过一个含有”%”变量的频道名来执行特定的IRC命令,当选择了Part按钮时,这种变量会被Server::parseWildcards函数递归展开。
|漏洞EXP
source: http://www.securityfocus.com/bid/12312/info

Konversation is a freely available IRC client for KDE windows environments on Linux platforms.

Multiple remote vulnerabilities affect the Konversation IRC client. These issues are due to input validation failures and design flaws.

The first issue is due to a failure of the application to filter various parameters from the IRC environment prior to including them in commands made to the underlying operating system. The second issue affects the QuickButtons functionality of the vulnerable application. Finally a design error causes the quick connect dialogue to confuse a supplied nickname with a supplied password.

An attacker may leverage these issues to execute arbitrary shell and Konversation commands, potentially leading to denial of service attacks and system compromise. 

When an unsuspecting user joins a channel named #%n/quit%n and the Part Button their client will quit.

When an unsuspecting user enters a channel named #`kwrite` and executes the /uptime command, the kwrite application will be activated.
|参考资料

来源:BUGTRAQ
名称:20050119MultiplevulnerabilitiesinKonversation
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=110626383310742&w;=2
来源:XF
名称:konversation-expansion-execute-code(19025)
链接:http://xforce.iss.net/xforce/xfdb/19025
来源:FULLDISC
名称:20050119MultiplevulnerabilitiesinKonversation
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/031033.html
来源:BID
名称:12312
链接:http://www.securityfocus.com/bid/12312
来源:www.kde.org
链接:http://www.kde.org/info/security/advisory-20050121-1.txt
来源:GENTOO
名称:GLSA-200501-34
链接:http://www.gentoo.org/security/en/glsa/glsa-200501-34.xml
来源:SECTRACK
名称:1012972
链接:http://securitytracker.com/id?1012972
来源:SECUNIA
名称:13989
链接:http://secunia.com/advisories/13989
来源:SECUNIA
名称:13919
链接:http://secunia.com/advisories/13919

相关推荐: BBS E-Market Professional Multiple File Disclosure Vulnerabilities

BBS E-Market Professional Multiple File Disclosure Vulnerabilities 漏洞ID 1098008 漏洞类型 Input Validation Error 发布时间 2004-09-15 更新时间 2…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享