绿盟科技NSFOCUS安全漏洞系统

安全研究

安全漏洞

WeeChat IRC消息远程拒绝服务漏洞

发布日期：2009-03-17
更新日期：2009-03-19

受影响系统：

Flashtux WeeChat 0.2.6.0

不受影响系统：

Flashtux WeeChat 0.2.6.1

描述：

BUGTRAQ  ID: 34148
CVE(CAN) ID: CVE-2009-0661

WeeChat（Wee Enhanced Environment for Chat）是一款高效的轻型IRC聊天客户端。

WeeChat IRC客户端没有正确地验证包含有某些颜色代码的IRC消息。如果远程攻击者发送了特制的PRIVMSG命令的话，就会导致越界读取内部的颜色数组，客户端可能会崩溃。

<*来源：Sebastien Helleu （flashcode@flashtux.org）

  链接：http://secunia.com/advisories/34304/
        http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519940
        http://www.debian.org/security/2009/dsa-1744
*>

建议：

厂商补丁：

Debian
------
Debian已经为此发布了一个安全公告（DSA-1744-1）以及相应补丁:
DSA-1744-1：New weechat packages fix denial of service
链接：http://www.debian.org/security/2009/dsa-1744

补丁下载：

Source archives:

http://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6.orig.tar.gz
Size/MD5 checksum:  1615289 96fec32d773e650fed0eb21d51a9a945
http://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1.diff.gz
Size/MD5 checksum:     2987 5a823583d320e0112fbf6f65c8d9d5a9
http://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1.dsc
Size/MD5 checksum:     1288 95517e879e64485b1d8d2f0d93c231dc

Architecture independent packages:

http://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1_all.deb
Size/MD5 checksum:    19814 3dc3c119f404e9c06f01a2433058431e
http://security.debian.org/pool/updates/main/w/weechat/weechat-common_0.2.6-1+lenny1_all.deb
Size/MD5 checksum:   431768 8ba3ac668a829fcb4a5bdeb282249fc8

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_amd64.deb
Size/MD5 checksum:   214810 96cd728e453b0e2c24681fbdd51c376f
http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_amd64.deb
Size/MD5 checksum:   119354 c6f0ac09b5ee2b32d3fabf7515501c4a

arm architecture (ARM)

http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_arm.deb
Size/MD5 checksum:   192764 1ba5ba2f44affa3ea338cd230acde438
http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_arm.deb
Size/MD5 checksum:   106736 f395304b5289245684ec30837bded1c1

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_armel.deb
Size/MD5 checksum:   195740 39cfcdb47694c7883979d2da7ab619aa
http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_armel.deb
Size/MD5 checksum:   108830 ea4f281358563ac7e3cc396f0ee10501

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_hppa.deb
Size/MD5 checksum:   223536 a83b056f959796e74629b5efd3617616
http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_hppa.deb
Size/MD5 checksum:   130270 7451de93d928fbd453eaf3a95dde1b65

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_i386.deb
Size/MD5 checksum:   107776 ec239c51343e0ace3479559d9d7eaa7b
http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_i386.deb
Size/MD5 checksum:   189350 c95243a796896dde0b87f0da1aecfc7d

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_ia64.deb
Size/MD5 checksum:   149346 8f430bd31e411583fdbca07a11f9be27
http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_ia64.deb
Size/MD5 checksum:   315132 4a2f20117d12ccf245c798f7ed77da50

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_mips.deb
Size/MD5 checksum:   214212 bae1939afacb219991d1a96ba79fd61c
http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_mips.deb
Size/MD5 checksum:    95196 6bb1cc04140c54080782765e2449dbe3

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_mipsel.deb
Size/MD5 checksum:   214114 a37aa2884f081d654caceda230c19fab
http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_mipsel.deb
Size/MD5 checksum:    94412 8cdd416097d5c5c7a3372cf74fe0868e

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_powerpc.deb
Size/MD5 checksum:   213552 b6388948dd607888576328cfab3d5ffe
http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_powerpc.deb
Size/MD5 checksum:   130426 5dad2dd2db74cd00cbcd8f408a607a23

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_s390.deb
Size/MD5 checksum:   208666 c5e3a27466af91c297fb11187fe1fb31
http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_s390.deb
Size/MD5 checksum:   112248 921633d25598e4db478f8623a1b509e2

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_sparc.deb
Size/MD5 checksum:   188520 f7354ec16c2629cc2ca8976afe5fd057
http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_sparc.deb
Size/MD5 checksum:   109596 0d6bf31e83729c47b7598aee5d3f87e0

补丁安装方法：

1. 手工安装补丁包：

  首先，使用下面的命令来下载补丁软件：
  # wget url  (url是补丁下载链接地址)

  然后，使用下面的命令来安装补丁：
  # dpkg -i file.deb (file是相应的补丁名)

2. 使用apt-get自动安装补丁包：

   首先，使用下面的命令更新内部数据库：
   # apt-get update

   然后，使用下面的命令安装更新软件包：
   # apt-get upgrade

Flashtux
--------
目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：

http://weechat.flashtux.org/

浏览次数：2967
严重程度：0（网友投票）

本安全漏洞由绿盟科技翻译整理，版权所有，未经许可，不得转载
绿盟科技给您安全的保障

关于我们: 公司介绍; 公司荣誉; 公司新闻

联系我们: 公司总部; 分支机构; 海外机构

快速链接: 绿盟云; 绿盟威胁情报中心NTI; 技术博客