Konversation expansion execute code
| konversation-expansion-execute-code (19025) |  High Risk |
Description:
Konversation could allow a remote attacker to execute arbitrary code. The Server::parseWildcards function, used for Quick Buttons to expand '%' variables, could be used to embed variables within '%' variables. Quick Buttons are disabled by default. A remote attacker in control of a malicious server could exploit this vulnerability using the '%' expansion mechanism to execute simple commands.
Consequences:
Gain Access
Remedy:
Upgrade to the latest version of Konversation (0.15.1 or later), available from the Konversation Web site. See References.
For Gentoo Linux:
Refer to Gentoo Linux Security Announcement GLSA 2005-01-34 for patch, upgrade, or suggested workaround information. See References.
References:
- BugTraq Mailing List, Wed Jan 19 2005 - 10:39:46 CST : Multiple vulnerabilities in Konversation.
- Konversation Web site: Konversation.
- Securiteam Exploits 1.23.2005: Multiple Vulnerabilities in Konversation (Exploit).
- BID-12312: Konversation IRC Client Multiple Remote Vulnerabilities
- CVE-2005-0129: The Quick Buttons feature in Konversation 0.15 allows remote attackers to execute certain IRC commands via a channel name containing % variables, which are recursively expanded by the Server::parseWildcards function when the Part Button is selected.
- GLSA-200501-34: Konversation: Various vulnerabilities
- SA13919: Konversation Shell Command Injection Vulnerabilities
- SECTRACK ID: 1012972: KDE Konversation Bugs May Allow a Remote User to Cause Command Execution on a Target User`s System
Platforms Affected:
- Gentoo Linux
- KDE KDE
- Konversation Konversation 0.15 and prior
Reported:
Jan 21, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net