CVE-2005-0129
CVSS7.5
发布时间 :2005-04-14 00:00:00
修订时间 :2016-10-17 23:07:59
NMCOS    

[原文]The Quick Buttons feature in Konversation 0.15 allows remote attackers to execute certain IRC commands via a channel name containing "%" variables, which are recursively expanded by the Server::parseWildcards function when the Part Button is selected.


[CNNVD]Konversation执行特定IRC命令漏洞(CNNVD-200504-055)

        konversation是一款KDE包含的IRC客户端软件。
        在Konversation 0.15中,Quick按钮特性允许远程攻击者通过一个含有"%"变量的频道名来执行特定的IRC命令,当选择了Part按钮时,这种变量会被Server::parseWildcards函数递归展开。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0129
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0129
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200504-055
(官方数据源) CNNVD

- 其它链接及资源

http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/031033.html
(UNKNOWN)  FULLDISC  20050119 Multiple vulnerabilities in Konversation
http://marc.info/?l=bugtraq&m=110626383310742&w=2
(UNKNOWN)  BUGTRAQ  20050119 Multiple vulnerabilities in Konversation
http://securitytracker.com/id?1012972
(UNKNOWN)  SECTRACK  1012972
http://www.gentoo.org/security/en/glsa/glsa-200501-34.xml
(UNKNOWN)  GENTOO  GLSA-200501-34
http://www.kde.org/info/security/advisory-20050121-1.txt
(UNKNOWN)  CONFIRM  http://www.kde.org/info/security/advisory-20050121-1.txt
http://www.securityfocus.com/bid/12312
(UNKNOWN)  BID  12312
http://xforce.iss.net/xforce/xfdb/19025
(VENDOR_ADVISORY)  XF  konversation-expansion-execute-code(19025)

- 漏洞信息

Konversation执行特定IRC命令漏洞
高危 资料不足
2005-04-14 00:00:00 2005-10-20 00:00:00
远程  
        konversation是一款KDE包含的IRC客户端软件。
        在Konversation 0.15中,Quick按钮特性允许远程攻击者通过一个含有"%"变量的频道名来执行特定的IRC命令,当选择了Part按钮时,这种变量会被Server::parseWildcards函数递归展开。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        ftp://ftp.kde.org/pub/kde/security_patches

- 漏洞信息

13115
Konversation Server::parseWildcards Function Channel Name Command Execution

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-01-19 Unknow
2005-01-19 Unknow

- 解决方案

Upgrade to version 0.15.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Konversation IRC Client Multiple Remote Vulnerabilities
Unknown 12312
Yes No
2005-01-19 12:00:00 2009-07-12 10:06:00
wouter@coekaerts.be is credited with the discovery of these issues.

- 受影响的程序版本

S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux 8.1
S.u.S.E. Linux 8.0 i386
S.u.S.E. Linux 8.0
Konversation IRC Client 0.15
+ Gentoo Linux 1.4
+ Gentoo Linux
Konversation IRC Client 0.15.1

- 不受影响的程序版本

Konversation IRC Client 0.15.1

- 漏洞讨论

Konversation is a freely available IRC client for KDE windows environments on Linux platforms.

Multiple remote vulnerabilities affect the Konversation IRC client. These issues are due to input validation failures and design flaws.

The first issue is due to a failure of the application to filter various parameters from the IRC environment prior to including them in commands made to the underlying operating system. The second issue affects the QuickButtons functionality of the vulnerable application. Finally a design error causes the quick connect dialogue to confuse a supplied nickname with a supplied password.

An attacker may leverage these issues to execute arbitrary shell and Konversation commands, potentially leading to denial of service attacks and system compromise.

- 漏洞利用

No exploit is required to leverage these issues. The following proof of concepts have been provided:

When an unsuspecting user joins a channel named #%n/quit%n and the Part Button their client will quit.

When an unsuspecting user enters a channel named #`kwrite` and executes the /uptime command, the kwrite application will be activated.

- 解决方案

The vendor has released an advisory and an upgrade dealing with these issues. Please see the referenced advisory for further information.

Gentoo Linux has released advisory GLSA 200501-34 dealing with this issue. All Konversation users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-irc/konversation-0.15.1"

Please see the referenced Gentoo Linux advisory for more information.

SuSE Linux has released a security summary report (SUSE-SR:2005:004) that contains fixes to address this and other vulnerabilities. Customers are advised to peruse the referenced advisory for further information regarding obtaining and applying appropriate updates.


Konversation IRC Client 0.15

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站