Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

KSirc: Denial of Service vulnerability — GLSA 200701-26

KSirc is vulnerable to a Denial of Service attack.

Affected packages

Package kde-base/ksirc on all architectures
Affected versions < 3.5.5-r1
Unaffected versions >= 3.5.5-r1

Background

KSirc is the default KDE IRC client.

Description

KSirc fails to check the size of an incoming PRIVMSG string sent from an IRC server during the connection process.

Impact

A malicious IRC server could send a long PRIVMSG string to the KSirc client causing an assertion failure and the dereferencing of a null pointer, resulting in a crash.

Workaround

There is no known workaround at this time.

Resolution

All KSirc users should upgrade to the latest version: 

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=kde-base/ksirc-3.5.5-r1"

References

Release date
January 29, 2007

Latest revision
January 30, 2007: 01

Severity
normal

Exploitable
remote

Bugzilla entries