[KDE Security Advisory] ksirc Denial of Service vulnerability
- From: Dirk Mueller <mueller@xxxxxxx>
- Date: Tue, 9 Jan 2007 16:32:41 +0100
KDE Security Advisory: ksirc denial of service vulnerability
Original Release Date: 2007-01-09
1. Systems affected:
ksirc as shipped with KDE 3.5.5 or older. KDE 3.5.6 and
newer is not affected.
On 2006-12-27, a proof of concept for arbitrary code execution
in ksirc was published by Federico L. Bossi Bonin. The published
exploit triggers an assertion in ksirc and results in a
a NULL pointer dereference (crash) for non-debug builds.
A malicious IRC server can crash the ksirc client. No arbitrary
code execution is possible by this vulnerability.
Source code patches have been made available which fix these
vulnerabilities. Contact your OS vendor / binary package provider
for information about how to obtain updated binary packages.
A patch for KDE 3.5.5 is available from
- Prev by Date: [ MDKSA-2007:004 ] - Updated geoip packages fix geoipupdate vulnerability
- Next by Date: Re: OpenPinboard <= Remote File Include
- Previous by thread: [ MDKSA-2007:004 ] - Updated geoip packages fix geoipupdate vulnerability
- Next by thread: ppc engine Multiple file inclusion