Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Quassel IRC: connection hijacking
From: Wouter Coekaerts <wouter () coekaerts be>
Date: Wed, 29 Oct 2008 00:26:57 +0100
Quassel IRC (http://quassel-irc.org/) is "a modern, cross-platform, 
distributed IRC client".
A vulnerability in the CTCP handling allows an attacker to trick Quassel IRC 
into sending arbitrary commands to the IRC server.
This can be used by an attacker for example to gain operator privileges on a 
channel.

Details
=======
A CTCP ping where the value contains a CTCP quoted newline ('\020' + 'n') will 
let the Quassel core reply with a message containing an unquoted newline 
('\n'). The IRC server interprets this as a command separator.

Solution
========
This has been fixed in version 0.3.0.2, released Oct 27 2008.

Online version: http://wouter.coekaerts.be/site/security/quassel-ctcp

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]