CenterICQ: Multiple vulnerabilities
Gentoo Linux Security Advisory
||GLSA 200512-11 / CenterICQ
||December 20, 2005
||December 20, 2005: 01
All supported architectures
CenterICQ is vulnerable to a Denial of Service issue, and also potentially
to the execution of arbitrary code through an included vulnerable ktools
CenterICQ is a text-based instant messaging interface that
supports multiple protocols. It includes the ktools library, which
provides text-mode user interface controls.
Gentoo developer Wernfried Haas discovered that when the "Enable
peer-to-peer communications" option is enabled, CenterICQ opens a port
that insufficiently validates whatever is sent to it. Furthermore,
Zone-H Research reported a buffer overflow in the ktools library.
A remote attacker could cause a crash of CenterICQ by sending
packets to the peer-to-peer communications port, and potentially cause
the execution of arbitrary code by enticing a CenterICQ user to edit
overly long contact details.
There is no known workaround at this time.
All CenterICQ users should upgrade to the latest version:
Code Listing 3.1: Resolution
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-im/centericq-4.21.0-r2"