Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 330111 - <net-irc/kvirc-4.1_pre4693: Remote command execution (CVE-2010-2785)
Summary: <net-irc/kvirc-4.1_pre4693: Remote command execution (CVE-2010-2785)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High major (vote)
Assignee: Gentoo Security
URL: https://svn.kvirc.de/kvirc/ticket/858
Whiteboard: B1 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2010-07-27 21:02 UTC by Arfrever Frehtes Taifersar Arahesis (RETIRED)
Modified: 2014-02-21 15:40 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev 2010-07-27 21:02:02 UTC
<net-irc/kvirc-4.1_pre4693 allows for remote execution of KVirc commands.
Comment 1 Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev 2010-07-27 21:03:15 UTC
Stabilize net-irc/kvirc-4.1_pre4696.
Comment 2 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2010-07-28 03:31:33 UTC
x86 stable
Comment 3 Markos Chandras (RETIRED) gentoo-dev 2010-07-29 14:04:26 UTC
amd64 done
Comment 4 Stefan Behte (RETIRED) gentoo-dev Security 2010-08-01 13:37:24 UTC
glsa request filed.
Comment 5 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-08-10 15:20:45 UTC
CVE-2010-2785 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2785):
  The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not
  properly handle \ (backslash) characters, which allows remote
  authenticated users to execute arbitrary CTCP commands via vectors
  involving \r and \40 sequences, a different vulnerability than
  CVE-2010-2451 and CVE-2010-2452.

Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2014-02-21 15:40:52 UTC
This issue was resolved and addressed in
 GLSA 201402-20 at http://security.gentoo.org/glsa/glsa-201402-20.xml
by GLSA coordinator Chris Reffett (creffett).