https://bugzilla.novell.com/show_bug.cgi?id=716902 https://bugzilla.novell.com/show_bug.cgi?id=716902#c0 Summary: Quassel: < 0.7.3 CTCP request core DoS Classification: openSUSE Product: openSUSE 12.1 Version: Factory Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: kde-maintainers@suse.de ReportedBy: lnussel@suse.com QAContact: qa@suse.de CC: security-team@suse.de Found By: Other Blocker: --- Your friendly security team received the following report via oss-security. Please respond ASAP. The issue is public. ------------------------------------------------------------------------------ Date: Thu, 08 Sep 2011 22:14:25 +0200 From: Alex Legler <a3li@gentoo.org> Subject: [oss-security] CVE request: Quassel < 0.7.3 CTCP request core DoS Hi, please assign a CVE for the following issue: CtcpParser::packedReply in src/core/ctcpparser.cpp in Quassel does not process certain CTCP requests correctly, allowing a remote attacker connected to the same IRC network as the victim to cause a Denial of Service condition by sending specially crafted CTCP requests. This was demonstrated in various exploits on freenode today. Gentoo tracks the issue in [1], upstream fix is [2]. Thanks, Alex [1] https://bugs.gentoo.org/show_bug.cgi?id=382313 [2] http://git.quassel- irc.org/?p=quassel.git;a=commit;h=da215fcb9cd3096a3e223c87577d5d4ab8f8518b -- Alex Legler <a3li@gentoo.org> Gentoo Security / Ruby -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.