Back to list
[KDE Security Advisory] ksirc Denial of Service vulnerability
Jan 09 2007 03:32PM
Dirk Mueller (mueller kde org)
KDE Security Advisory: ksirc denial of service vulnerability
Original Release Date: 2007-01-09
1. Systems affected:
ksirc as shipped with KDE 3.5.5 or older. KDE 3.5.6 and
newer is not affected.
On 2006-12-27, a proof of concept for arbitrary code execution
in ksirc was published by Federico L. Bossi Bonin. The published
exploit triggers an assertion in ksirc and results in a
a NULL pointer dereference (crash) for non-debug builds.
A malicious IRC server can crash the ksirc client. No arbitrary
code execution is possible by this vulnerability.
Source code patches have been made available which fix these
vulnerabilities. Contact your OS vendor / binary package provider
for information about how to obtain updated binary packages.
A patch for KDE 3.5.5 is available from
[ reply ]
Copyright 2010, SecurityFocus