安全研究
安全漏洞
KVIrc DCC请求目录遍历和格式串漏洞
发布日期:2010-05-14
更新日期:2010-06-29
受影响系统:
KVIrc KVIrc 3.4.2描述:
KVIrc KVIrc 3.4.0
KVIrc KVIrc 3.2.5
KVIrc KVIrc 3.2
BUGTRAQ ID: 40746
CVE ID: CVE-2010-2451,CVE-2010-2452
KVIrc是基于Qt GUI工具包的免费可移植IRC客户端。
KVIrc在处理DCC请求时存在输入验证错误,远程攻击者可以通过目录遍历攻击覆盖本地文件,或通过格式串攻击执行任意代码。
<*来源:fabio (ctrlaltca@libero.it)
链接:http://secunia.com/advisories/32410/
http://lists.omnikron.net/pipermail/kvirc/2010-May/000867.html
http://www.debian.org/security/2010/dsa-2065
*>
建议:
厂商补丁:
Debian
------
Debian已经为此发布了一个安全公告(DSA-2065-1)以及相应补丁:
DSA-2065-1:kvirc: Multiple vulnerabilities
链接:http://www.debian.org/security/2010/dsa-2065
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-5.dsc
Size/MD5 checksum: 1312 642fb2f743d0b4114dc4dcdfe544e860
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0.orig.tar.gz
Size/MD5 checksum: 7174211 0f1b85f3b6de354dfd44891923e48ef2
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-5.diff.gz
Size/MD5 checksum: 101743 d17428927906877fe773043410a4bb5d
Architecture independent packages:
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-data_3.4.0-5_all.deb
Size/MD5 checksum: 3485708 39744719be3446d37a48e57ed297edfd
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-5_alpha.deb
Size/MD5 checksum: 3982826 3272f368231cbb6c13275125a68f89be
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-5_alpha.deb
Size/MD5 checksum: 382428 71dcf62980972fe41f52e842139672a8
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-5_amd64.deb
Size/MD5 checksum: 3714154 29a1fe15e270cb716826f24d8035af27
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-5_amd64.deb
Size/MD5 checksum: 384484 f08c49266559130841fc833e54bcbcba
arm architecture (ARM)
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-5_arm.deb
Size/MD5 checksum: 382616 899a31f7400fb1f74535452a592aa173
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-5_arm.deb
Size/MD5 checksum: 3762824 69c122869ebad6b1972e61c6dfd80b13
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-5_armel.deb
Size/MD5 checksum: 3226626 8b80597f1c3a8f7d9fe49bc611dad251
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-5_armel.deb
Size/MD5 checksum: 381044 73288bff85c515bba0330138d928ec36
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-5_hppa.deb
Size/MD5 checksum: 4038548 3e5bf52af84b2130cf46844afeaadfc9
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-5_hppa.deb
Size/MD5 checksum: 386440 0681f6793f4a26de447ad002b06bfe17
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-5_i386.deb
Size/MD5 checksum: 362590 f3e95dc9feda4e41cc437da223870284
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-5_i386.deb
Size/MD5 checksum: 3581898 8ae5b2b063047595b7f1dd18f51aba59
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-5_ia64.deb
Size/MD5 checksum: 4663430 f45f61754e652f97390b869c8344d660
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-5_ia64.deb
Size/MD5 checksum: 362898 463ea4de1b7d1af32d91021a2ddd5a79
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-5_mips.deb
Size/MD5 checksum: 3364482 ca1b2ae7e7b995165d656de6f4a2ab30
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-5_mips.deb
Size/MD5 checksum: 386108 081e05d2b3f4071f44bc65846278c9f6
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-5_mipsel.deb
Size/MD5 checksum: 3316120 4b6bca4c4bbcacb15fcfc4f1f34b5214
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-5_mipsel.deb
Size/MD5 checksum: 362786 b5f4ce347b82eee021105f9d88ee64ac
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-5_powerpc.deb
Size/MD5 checksum: 3915092 baed14374f84466548ee8f158f7fa2a5
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-5_powerpc.deb
Size/MD5 checksum: 380006 f7afc26c44037138edaa859a6e74658e
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-5_s390.deb
Size/MD5 checksum: 3637078 40be0d58d1e4851747cf714cddaa9d8d
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-5_s390.deb
Size/MD5 checksum: 380118 a2b4ede584e0168c616a8617031f6103
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-5_sparc.deb
Size/MD5 checksum: 386258 631d11f8148f985e4ece7d769b2c41ac
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-5_sparc.deb
Size/MD5 checksum: 3532956 b10c59a393ff583bea1514a75baa628b
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
KVIrc
-----
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
https://svn.kvirc.de/kvirc/changeset/4317
https://svn.kvirc.de/kvirc/changeset/4335
浏览次数:2534
严重程度:0(网友投票)
绿盟科技给您安全的保障