mailing list archives
Re: Security hole in kicq
From: Graham Roff <graham () LICQ ORG>
Date: Mon, 26 Feb 2001 16:41:33 -0500
I tried with version 1.0.0, it is vulnerable for sure.
Other versions (such as 2.0.0b1) seem to be vulerable as well,
though i did not compile them to try.
one little try shows that licq (http://licq.org) is vulerable too however the
complete url will be visible to the user.
I would argue that this is not a vulnerability at all, as the user must
look at the url and then click on "View Url". Just like email
attachments, it is up to the user to "not be an idiot". As a user of Licq
(or whatever client) I find it useful to be able to click on a button
instead of cutting/opening netscape/pasting. I always look at the url to
make sure it's sane.
In any event, as the author of Licq, I do not plan on removing this
functionality. However, urls are no longer viewed using system() but a
somewhat more secure call to execvp, passing the url as the first
Licq 1.0.3 will be out shortly with this and other bug fixes.
Graham Roff groff () engmail uwaterloo ca
University of Waterloo ICQ #2127503
Computer Engineering Canada
Nolites tes bastardes carborundorum