253545 – (CVE-2007-4400) CVE-2007-4400 konversation: Command injection in media script via crafted song tag

Bug 253545 (CVE-2007-4400) - CVE-2007-4400 konversation: Command injection in media script via crafted song tag

Summary: CVE-2007-4400 konversation: Command injection in media script via crafted son...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2007-4400
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:	http://lists.grok.org.uk/pipermail/fu...
Whiteboard:
Depends On:	362911 362921 362931
Blocks:
TreeView+	depends on / blocked

Reported:	2007-08-20 15:02 UTC by Lubomir Kundrak
Modified:	2019-09-29 12:20 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-05-07 14:31:40 UTC
Embargoed:

Attachments	(Terms of Use)

Description Lubomir Kundrak 2007-08-20 15:02:02 UTC

Description of problem:

Media script (/usr/share/apps/konversation/scripts/media) that is distributed
with konversation package reportedly does not escape tags from media files
corrctly allowing command injection into IRC channel. See URL for details.

Comment 2 Lubomir Kundrak 2007-11-09 15:45:42 UTC

Dennis: so what about this? Could you please update vulnerable versions? I think
that the best way would be to just remove the script.

Comment 3 Fedora Update System 2008-02-27 13:03:19 UTC

konversation-1.0.1-4.fc8 has been submitted as an update for Fedora 8

Comment 4 Fedora Update System 2008-02-27 13:05:41 UTC

konversation-1.0.1-4.fc7 has been submitted as an update for Fedora 7

Comment 5 Fedora Update System 2008-02-28 21:38:55 UTC

konversation-1.0.1-4.fc8 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update konversation'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F8/FEDORA-2008-2062

Comment 6 Fedora Update System 2008-04-09 05:15:32 UTC

konversation-1.0.1-4.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 7 Fedora Update System 2008-04-09 05:21:27 UTC

konversation-1.0.1-4.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 8 Eren Türkay 2008-04-09 13:36:24 UTC

There is no need to remove media script from konversation. I tried CR LF on
id3tag and it just wrote the text underlined.

I'm not sure this deletion is a true solution. Could anyone provide a
proof-of-concept for it?

Comment 9 Red Hat Product Security 2008-05-07 14:31:40 UTC

This issue was addressed in:

Fedora:
  https://admin.fedoraproject.org/updates/F7/FEDORA-2008-2122
  https://admin.fedoraproject.org/updates/F8/FEDORA-2008-2062

Note You need to log in before you can comment on or make changes to this bug.