Secunia: Brian Fonfara has discovered a vulnerability in CenterIM, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the improper handling of URLs received via a chat message. This can be exploited to execute arbitrary commands on a vulnerable system by tricking the user into opening a specially crafted URL containing shell escape characters. http://milw0rm.com/exploits/5283
This is not a bug. URLs are handled correctly and most likely the "exploit writer" is using either xfce terminal, or internet explorer on solaris :)
thanks for the tip, closing as invalid.
Sorry; I was wrong. It is triggered by pressing F2. I was not aware of the functionality. Please reopen.
Patch here: http://repo.or.cz/w/centerim.git?a=blobdiff_plain;f=src/icqconf.cc;fp=src/icqconf.cc;hb=b28c6deaef58eb685a2d747b28b6a572122730d4;hpb=ad6ad53ebf791f97cb7337dc79ab2ce8ccb1246f
Sven, please see this for a discussion of the patch and Lubomir's correct patch: http://thread.gmane.org/gmane.comp.security.oss.general/151/focus=169
(In reply to comment #5) > Lubomir's correct patch: That was oddly worded, I meant "other" patch. No offense, Lubomir :-) And in addition: <lkundrak> btw, if you're using my centerim patch, you might want not to remove the browser setting like I did, but leave it in place, and spawn the user-configured browser instead of xdg-open
OK, there's now centerim-4.22.3-r1 in the tree. Mostly the patch from Lubomir, but we use the configured browser instead of xdg-open.
Arches, please test and mark stable: =net-im/centerim-4.22.3-r1 Target keywords : "amd64 release x86"
amd64/x86 stable (last arches)
Fixed in release snapshot.
GLSA vote. Since the victim will usually see the url with the attacker's command, I tend to vote no.
See comment #11 and closing.