A vulnerability in the CTCP handling allows an attacker to trick Quassel IRC into sending arbitrary commands to the IRC server. Versions before 0.3.0.2 are affected.
9b09430bab211f1afa35ab4d949fc42f6cf12feeb69eb382a6f8cd73a189cb41Quassel IRC (http://quassel-irc.org/) is "a modern, cross-platform,
distributed IRC client".
A vulnerability in the CTCP handling allows an attacker to trick Quassel IRC
into sending arbitrary commands to the IRC server.
This can be used by an attacker for example to gain operator privileges on a
channel.
Details
=======
A CTCP ping where the value contains a CTCP quoted newline ('\020' + 'n') will
let the Quassel core reply with a message containing an unquoted newline
('\n'). The IRC server interprets this as a command separator.
Solution
========
This has been fixed in version 0.3.0.2, released Oct 27 2008.
Online version: http://wouter.coekaerts.be/site/security/quassel-ctcp
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed