|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> Gentoo Local Security Checks >> [GLSA-200501-34] Konversation: Various vulnerabilities Vulnerability Assessment Details
|
[GLSA-200501-34] Konversation: Various vulnerabilities |
||
Konversation: Various vulnerabilities Detailed Explanation for this Vulnerability Assessment The remote host is affected by the vulnerability described in GLSA-200501-34 (Konversation: Various vulnerabilities) Wouter Coekaerts has discovered three vulnerabilites within Konversation: The Server::parseWildcards function, which is used by the "Quick Buttons", does not properly handle variable expansion (CVE-2005-0129). Perl scripts included with Konversation do not properly escape shell metacharacters (CVE-2005-0130). The 'Nick' and 'Password' fields in the Quick Connect dialog can be easily confused (CVE-2005-0131). Impact A malicious server could create specially-crafted channels, which would exploit certain flaws in Konversation, potentially leading to the execution of shell commands. A user could also unintentionally input their password into the 'Nick' field in the Quick Connect dialog, exposing his password to IRC users, and log files. Workaround There is no known workaround at this time. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0129 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0130 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0131 http://www.kde.org/info/security/advisory-20050121-1.txt Solution: All Konversation users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-irc/konversation-0.15.1" Network Security Threat Level: Medium Networks Security ID: Vulnerability Assessment Copyright: (C) 2005 Michel Arboi |
||
Cables, Connectors |
$319.95
Commodore Amiga A2386SX Bridge board
$900.00
Brand New Amiga 4000T Keyboard
$299.99
Commodore Amiga A2000 Mimetics Frame Buffer card
$200.00
Mini External OLED AMIGA Gotek Floppy Drive Emulator For Amiga 500/500+/600/1200
$40.44
Amiga Hard Disk Controller A2500 DAMAGED PINS
$90.00
Amiga Hard Disk Controller A2500 DAMAGED PINS
$90.00
Amiga Hard Disk Controller A2500 DAMAGED PINS
$90.00
AMIGA 500 COMPUTER COMMODORE Complete in Box Powers/untested Good Condition
$370.00
pi1541 Disk Emulator for Commodore -
$38.95
|
||
No Discussions have been posted on this vulnerability. |