GLSA-200701-26 : KSirc: Denial of Service vulnerability
Medium Nessus Plugin ID 24311
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200701-26 (KSirc: Denial of Service vulnerability)
KSirc fails to check the size of an incoming PRIVMSG string sent from an IRC server during the connection process.
A malicious IRC server could send a long PRIVMSG string to the KSirc client causing an assertion failure and the dereferencing of a null pointer, resulting in a crash.
There is no known workaround at this time.
SolutionAll KSirc users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=kde-base/ksirc-3.5.5-r1'