[12033] in bugtraq
Re: Kvirc bug
daemon@ATHENA.MIT.EDU (Szymon Stefanek)
Tue Sep 28 15:08:59 1999
Message-Id: <19990928002019.7478.qmail@securityfocus.com>
Date: Tue, 28 Sep 1999 00:20:19 -0000
Reply-To: Szymon Stefanek <stefanek@TIN.IT>
From: Szymon Stefanek <stefanek@TIN.IT>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <19990924225947.B3424@hell.darkness.org>
On Fri Sep 24 1999 Rodolfo Garcma Peqas wrote:
//Hi,
//
//The irc client Kvirc has this bug:
//
//<kix> !foo ../../../../../../../etc/passwd
//[...]
Yes...it is a "real" bug of the 0.9.0 version of KVIrc.
Anyway, it is not so easy to download someone's /etc/passwd.
First he must have the "Listen to !nick <soundname>
requests" option enabled (it is disabled by default).
Second , the "offending" user must know where is located
the kvirc "local directory" on the victim's machine to be
able to place the right path to /etc/passwd.
Only version 0.9.0 of KVIrc is vulnerable to this attack.
It will be removed from the KVIrc ftp archive as soon as
possible.
If you are still using KVIrc 0.9.0 you have the following
solutions:
1. Disable the "Listen to !nick <soundname> requests."
option in the "Sound" tab of the Misc options dialog.
(Or better , do not enable it)
2. Get the latest KVIrc sources from http://www.kvirc.org
(The latest public release is beta2) or from the anonymous
cvs (see http://www.kvirc.org/cvs.html).
Szymon Stefanek
Author of KVIrc
