LICQ Hostile URL Command Execution Vulnerability

Solution:
From Stan Bubrouski <stan@ccs.neu.edu>:

diff -ur licq.1/src/log.cpp licq/src/log.cpp
--- licq.1/src/log.cpp Mon Jun 5 20:50:03 2000
+++ licq/src/log.cpp Sun Feb 25 15:14:16 2001
@@ -202,7 +202,8 @@
if (m_xLogWindow == NULL) return;

unsigned n = sprintf(szMsgMax, "%s", _szPrefix);
- vsprintf(&szMsgMax[n], _szFormat, argp);
+ vsnprintf(&szMsgMax[n], (MAX_MSG_SIZE - n - 1), _szFormat, argp);
+ szMsgMax[MAX_MSG_SIZE - 1] = '\0';
m_xLogWindow->AddLog(strdup(szMsgMax), _nLogType);
}

I'd like to recommend anyone using Licq as well as any Linux/Unix vendors distributing Licq to upgrade to version 1.0.3 when it becomes available or apply the above patch immediately.


LICQ LICQ 0.85

LICQ LICQ 1.0.1

LICQ LICQ 1.0.2


 

Privacy Statement
Copyright 2010, SecurityFocus