J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1545
    posted: 11/19/09
  • NSM Daily Update #1545
    posted: 11/19/09
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1545
    posted: 11/19/09
  • Deep Inspection 5.1 and 5.2 #1435
    posted: 11/19/09
  • Deep Inspection 5.0, 5.3r4 and below #1132
    posted: 03/28/08 (04/01/08 for 5.0)
  • Antivirus
    posted: 11/19/09

Title: KSirc IRC Client Remote PRIVMSG Denial of Service Vulnerability

Severity: MODERATE

Description:

KSirc is the default IRC client included with the KDE desktop environment.

KSirc is prone to a remote denial-of-service vulnerability.

The issue arises when the client handles excessive string data. Specifically, this issue is triggered when affected clients receive PRIVMSG messages containing excessively long content of approximately 2500 bytes. When the 'stdout_read()' method of the 'KSircIOController' class attempts to process this data, a NULL dereference will occur, ultimately crashing the affected application.

By exploiting this issue, a remote attacker may cause an affected client to crash.

KSirc 1.3.12 is vulnerable to this issue; other versions may also be affected.

The vendor states this issue cannot be exploited to execute arbitrary code. Successful exploits will, however, result in denial-of-service conditions in the client.

Affected Products:

  • Caldera OpenLinux 2.3.0
  • Caldera OpenLinux Server 3.1.0
  • Caldera OpenLinux Server 3.1.1
  • Caldera OpenLinux Workstation 3.1.0
  • Caldera OpenLinux Workstation 3.1.1
  • Conectiva Linux 6.0.0
  • Conectiva Linux 7.0.0
  • Conectiva Linux 8.0.0
  • Conectiva Linux 9.0.0
  • Conectiva Linux Enterprise Edition 1.0.0
  • Debian Linux 2.2.0
  • Debian Linux 2.2.0 68k
  • Debian Linux 2.2.0 IA-32
  • Debian Linux 2.2.0 alpha
  • Debian Linux 2.2.0 arm
  • Debian Linux 2.2.0 powerpc
  • Debian Linux 2.2.0 sparc
  • Debian Linux 3.0.0
  • Debian Linux 3.0.0 alpha
  • Debian Linux 3.0.0 arm
  • Debian Linux 3.0.0 hppa
  • Debian Linux 3.0.0 ia-32
  • Debian Linux 3.0.0 ia-64
  • Debian Linux 3.0.0 m68k
  • Debian Linux 3.0.0 mips
  • Debian Linux 3.0.0 mipsel
  • Debian Linux 3.0.0 ppc
  • Debian Linux 3.0.0 s/390
  • Debian Linux 3.0.0 sparc
  • Debian Linux 3.1.0
  • Debian Linux 3.1.0 alpha
  • Debian Linux 3.1.0 amd64
  • Debian Linux 3.1.0 arm
  • Debian Linux 3.1.0 hppa
  • Debian Linux 3.1.0 ia-32
  • Debian Linux 3.1.0 ia-64
  • Debian Linux 3.1.0 m68k
  • Debian Linux 3.1.0 mips
  • Debian Linux 3.1.0 mipsel
  • Debian Linux 3.1.0 ppc
  • Debian Linux 3.1.0 s/390
  • Debian Linux 3.1.0 sparc
  • FreeBSD FreeBSD 4.7.0 -STABLE
  • Gentoo Linux 1.2.0
  • Gentoo Linux 1.4.0 _rc1
  • Gentoo kde-base/ksirc 3.5.5
  • KDE KDE 1.1.0
  • KDE KDE 1.1.1
  • KDE KDE 1.1.2
  • KDE KDE 1.2.0
  • KDE KDE 2.0.0
  • KDE KDE 2.0.0 BETA
  • KDE KDE 2.0.1
  • KDE KDE 2.1.0
  • KDE KDE 2.1.1
  • KDE KDE 2.1.2
  • KDE KDE 2.2.0
  • KDE KDE 2.2.1
  • KDE KDE 2.2.2
  • KDE KDE 3.0.0
  • KDE KDE 3.0.1
  • KDE KDE 3.0.2
  • KDE KDE 3.0.3
  • KDE KDE 3.0.3 a
  • KDE KDE 3.0.4
  • KDE KDE 3.0.5
  • KDE KDE 3.0.5 a
  • KDE KDE 3.0.5 b
  • KDE KDE 3.1.0
  • KDE KDE 3.1.1
  • KDE KDE 3.1.1 a
  • KDE KDE 3.1.2
  • KDE KDE 3.1.3
  • KDE KDE 3.1.4
  • KDE KDE 3.1.5
  • KDE KDE 3.2.0
  • KDE KDE 3.2.1
  • KDE KDE 3.2.2
  • KDE KDE 3.2.3
  • KDE KDE 3.3.0
  • KDE KDE 3.3.1
  • KDE KDE 3.3.2
  • KDE KDE 3.3.2
  • KDE KDE 3.4.0
  • KDE KDE 3.4.0
  • KDE KDE 3.4.1
  • KDE KDE 3.4.2
  • KDE KDE 3.4.3
  • KDE KDE 3.5.0
  • KDE KDE 3.5.1
  • KDE KDE 3.5.2
  • KDE KDE 3.5.3
  • KDE KDE 3.5.4
  • KDE KDE 3.5.5
  • KDE KSirc 1.3.12
  • MandrakeSoft Corporate Server 3.0.0
  • MandrakeSoft Corporate Server 3.0.0 x86_64
  • MandrakeSoft Linux Mandrake 2007.0
  • MandrakeSoft Linux Mandrake 2007.0 x86_64
  • MandrakeSoft Linux Mandrake 7.0.0
  • MandrakeSoft Linux Mandrake 8.1.0
  • MandrakeSoft Linux Mandrake 8.1.0 ia64
  • MandrakeSoft Linux Mandrake 8.2.0
  • MandrakeSoft Linux Mandrake 8.2.0 ppc
  • MandrakeSoft Linux Mandrake 9.0.0
  • RedHat Advanced Workstation for the Itanium Processor 2.1.0
  • RedHat Desktop 3.0.0
  • RedHat Enterprise Linux AS 2.1
  • RedHat Enterprise Linux AS 2.1 IA64
  • RedHat Enterprise Linux AS 3
  • RedHat Enterprise Linux ES 2.1
  • RedHat Enterprise Linux ES 2.1 IA64
  • RedHat Enterprise Linux ES 3
  • RedHat Enterprise Linux WS 2.1
  • RedHat Enterprise Linux WS 2.1 IA64
  • RedHat Enterprise Linux WS 3
  • RedHat Fedora Core2
  • RedHat Fedora Core3
  • RedHat Fedora Core4
  • RedHat Linux 7.1.0 i386
  • RedHat Linux 7.2.0 i386
  • RedHat Linux 7.2.0 ia64
  • RedHat Linux 7.3.0 i386
  • RedHat Linux 8.0.0 i386
  • RedHat Linux 9.0.0 i386
  • RedHat Linux Advanced Work Station 2.1.0
  • S.u.S.E. Linux 8.1.0
  • S.u.S.E. Linux Personal 8.2.0
  • Sun Linux 5.0.5
  • Sun Linux 5.0.6
  • Sun Linux 5.0.7
  • Turbolinux FUJI
  • Ubuntu Ubuntu Linux 5.10.0 amd64
  • Ubuntu Ubuntu Linux 5.10.0 i386
  • Ubuntu Ubuntu Linux 5.10.0 powerpc
  • Ubuntu Ubuntu Linux 5.10.0 sparc
  • Ubuntu Ubuntu Linux 6.06 LTS amd64
  • Ubuntu Ubuntu Linux 6.06 LTS i386
  • Ubuntu Ubuntu Linux 6.06 LTS powerpc
  • Ubuntu Ubuntu Linux 6.06 LTS sparc
  • Ubuntu Ubuntu Linux 6.10 amd64
  • Ubuntu Ubuntu Linux 6.10 i386
  • Ubuntu Ubuntu Linux 6.10 powerpc
  • Ubuntu Ubuntu Linux 6.10 sparc
  • rPath rPath Linux 1

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.