发布时间 :2005-04-14 00:00:00
修订时间 :2016-10-17 23:07:59

[原文]The Quick Buttons feature in Konversation 0.15 allows remote attackers to execute certain IRC commands via a channel name containing "%" variables, which are recursively expanded by the Server::parseWildcards function when the Part Button is selected.


        在Konversation 0.15中,Quick按钮特性允许远程攻击者通过一个含有"%"变量的频道名来执行特定的IRC命令,当选择了Part按钮时,这种变量会被Server::parseWildcards函数递归展开。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  FULLDISC  20050119 Multiple vulnerabilities in Konversation
(UNKNOWN)  BUGTRAQ  20050119 Multiple vulnerabilities in Konversation
(UNKNOWN)  BID  12312
(VENDOR_ADVISORY)  XF  konversation-expansion-execute-code(19025)

- 漏洞信息

高危 资料不足
2005-04-14 00:00:00 2005-10-20 00:00:00
        在Konversation 0.15中,Quick按钮特性允许远程攻击者通过一个含有"%"变量的频道名来执行特定的IRC命令,当选择了Part按钮时,这种变量会被Server::parseWildcards函数递归展开。

- 公告与补丁


- 漏洞信息

Konversation Server::parseWildcards Function Channel Name Command Execution

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-01-19 Unknow
2005-01-19 Unknow

- 解决方案

Upgrade to version 0.15.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Konversation IRC Client Multiple Remote Vulnerabilities
Unknown 12312
Yes No
2005-01-19 12:00:00 2009-07-12 10:06:00 is credited with the discovery of these issues.

- 受影响的程序版本

S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux 8.1
S.u.S.E. Linux 8.0 i386
S.u.S.E. Linux 8.0
Konversation IRC Client 0.15
+ Gentoo Linux 1.4
+ Gentoo Linux
Konversation IRC Client 0.15.1

- 不受影响的程序版本

Konversation IRC Client 0.15.1

- 漏洞讨论

Konversation is a freely available IRC client for KDE windows environments on Linux platforms.

Multiple remote vulnerabilities affect the Konversation IRC client. These issues are due to input validation failures and design flaws.

The first issue is due to a failure of the application to filter various parameters from the IRC environment prior to including them in commands made to the underlying operating system. The second issue affects the QuickButtons functionality of the vulnerable application. Finally a design error causes the quick connect dialogue to confuse a supplied nickname with a supplied password.

An attacker may leverage these issues to execute arbitrary shell and Konversation commands, potentially leading to denial of service attacks and system compromise.

- 漏洞利用

No exploit is required to leverage these issues. The following proof of concepts have been provided:

When an unsuspecting user joins a channel named #%n/quit%n and the Part Button their client will quit.

When an unsuspecting user enters a channel named #`kwrite` and executes the /uptime command, the kwrite application will be activated.

- 解决方案

The vendor has released an advisory and an upgrade dealing with these issues. Please see the referenced advisory for further information.

Gentoo Linux has released advisory GLSA 200501-34 dealing with this issue. All Konversation users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-irc/konversation-0.15.1"

Please see the referenced Gentoo Linux advisory for more information.

SuSE Linux has released a security summary report (SUSE-SR:2005:004) that contains fixes to address this and other vulnerabilities. Customers are advised to peruse the referenced advisory for further information regarding obtaining and applying appropriate updates.

Konversation IRC Client 0.15

- 相关参考