Vulnerabilities > CVE-2009-0661 - Improper Input Validation vulnerability in Flashtux Weechat 0.2.6
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Wee Enhanced Environment for Chat (WeeChat) 0.2.6 allows remote attackers to cause a denial of service (crash) via an IRC PRIVMSG command containing crafted color codes that trigger an out-of-bounds read.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Server Side Include (SSI) Injection An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
- Cross Zone Scripting An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
- Cross Site Scripting through Log Files An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
- Command Line Execution through SQL Injection An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1744.NASL description Sebastien Helleu discovered that an error in the handling of color codes in the weechat IRC client could cause an out-of-bounds read of an internal color array. This can be used by an attacker to crash user clients via a crafted PRIVMSG command. The weechat version in the oldstable distribution (etch) is not affected by this problem. last seen 2020-06-01 modified 2020-06-02 plugin id 35958 published 2009-03-19 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35958 title Debian DSA-1744-1 : weechat - missing input sanitization code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1744. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(35958); script_version("1.13"); script_cvs_date("Date: 2019/08/02 13:32:21"); script_cve_id("CVE-2009-0661"); script_bugtraq_id(34148); script_xref(name:"DSA", value:"1744"); script_name(english:"Debian DSA-1744-1 : weechat - missing input sanitization"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Sebastien Helleu discovered that an error in the handling of color codes in the weechat IRC client could cause an out-of-bounds read of an internal color array. This can be used by an attacker to crash user clients via a crafted PRIVMSG command. The weechat version in the oldstable distribution (etch) is not affected by this problem." ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519940" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2009/dsa-1744" ); script_set_attribute( attribute:"solution", value: "Upgrade the weechat packages. For the stable distribution (lenny), this problem has been fixed in version 0.2.6-1+lenny1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:weechat"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0"); script_set_attribute(attribute:"patch_publication_date", value:"2009/03/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/03/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"5.0", prefix:"weechat", reference:"0.2.6-1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"weechat-common", reference:"0.2.6-1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"weechat-curses", reference:"0.2.6-1+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"weechat-plugins", reference:"0.2.6-1+lenny1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Fedora Local Security Checks NASL id FEDORA_2009-2861.NASL description - Thu Mar 19 2009 Paul P. Komkoff Jr <i at stingr.net> - 0.2.6.1-1 - fix bz#490709 - Wed Feb 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.2.6-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild - Sun Nov 30 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm at gmail.com> - 0.2.6-6 - Rebuild for Python 2.6 - Sun Sep 21 2008 Ville Skytta <ville.skytta at iki.fi> - 0.2.6-5 - Fix Patch0:/%patch mismatch. - Fri Jun 27 2008 Paul P. Komkoff Jr <i at stingr.net> - 0.2.6-4 - rebuild because of ssl/tls deps Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 35981 published 2009-03-22 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35981 title Fedora 9 : weechat-0.2.6.1-1.fc9 (2009-2861) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2009-2861. # include("compat.inc"); if (description) { script_id(35981); script_version ("1.15"); script_cvs_date("Date: 2019/08/02 13:32:29"); script_cve_id("CVE-2009-0661"); script_bugtraq_id(34148); script_xref(name:"FEDORA", value:"2009-2861"); script_name(english:"Fedora 9 : weechat-0.2.6.1-1.fc9 (2009-2861)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Thu Mar 19 2009 Paul P. Komkoff Jr <i at stingr.net> - 0.2.6.1-1 - fix bz#490709 - Wed Feb 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.2.6-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild - Sun Nov 30 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm at gmail.com> - 0.2.6-6 - Rebuild for Python 2.6 - Sun Sep 21 2008 Ville Skytta <ville.skytta at iki.fi> - 0.2.6-5 - Fix Patch0:/%patch mismatch. - Fri Jun 27 2008 Paul P. Komkoff Jr <i at stingr.net> - 0.2.6-4 - rebuild because of ssl/tls deps Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=490709" ); script_set_attribute( attribute:"see_also", value:"https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild" ); # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021543.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4af7801c" ); script_set_attribute( attribute:"solution", value:"Update the affected weechat package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:weechat"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:9"); script_set_attribute(attribute:"patch_publication_date", value:"2009/03/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/03/22"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^9([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 9.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC9", reference:"weechat-0.2.6.1-1.fc9")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "weechat"); }NASL family Fedora Local Security Checks NASL id FEDORA_2009-2859.NASL description - Thu Mar 19 2009 Paul P. Komkoff Jr <i at stingr.net> - 0.2.6.1-1 - fix bz#490709 - Wed Feb 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.2.6-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild - Sun Nov 30 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm at gmail.com> - 0.2.6-6 - Rebuild for Python 2.6 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 36233 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36233 title Fedora 10 : weechat-0.2.6.1-1.fc10 (2009-2859) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2009-2859. # include("compat.inc"); if (description) { script_id(36233); script_version ("1.12"); script_cvs_date("Date: 2019/08/02 13:32:29"); script_cve_id("CVE-2009-0661"); script_xref(name:"FEDORA", value:"2009-2859"); script_name(english:"Fedora 10 : weechat-0.2.6.1-1.fc10 (2009-2859)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Thu Mar 19 2009 Paul P. Komkoff Jr <i at stingr.net> - 0.2.6.1-1 - fix bz#490709 - Wed Feb 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.2.6-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild - Sun Nov 30 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm at gmail.com> - 0.2.6-6 - Rebuild for Python 2.6 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=490709" ); script_set_attribute( attribute:"see_also", value:"https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild" ); # https://lists.fedoraproject.org/pipermail/package-announce/2009-March/021556.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?88d291e3" ); script_set_attribute( attribute:"solution", value:"Update the affected weechat package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_cwe_id(20); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:weechat"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:10"); script_set_attribute(attribute:"patch_publication_date", value:"2009/03/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^10([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 10.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC10", reference:"weechat-0.2.6.1-1.fc10")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "weechat"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200904-04.NASL description The remote host is affected by the vulnerability described in GLSA-200904-04 (WeeChat: Denial of Service) Sebastien Helleu reported an array out-of-bounds error in the colored message handling. Impact : A remote attacker could send a specially crafted PRIVMSG command, possibly leading to a Denial of Service (application crash). Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 36092 published 2009-04-07 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36092 title GLSA-200904-04 : WeeChat: Denial of Service code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200904-04. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(36092); script_version("1.13"); script_cvs_date("Date: 2019/08/02 13:32:45"); script_cve_id("CVE-2009-0661"); script_bugtraq_id(34148); script_xref(name:"GLSA", value:"200904-04"); script_name(english:"GLSA-200904-04 : WeeChat: Denial of Service"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200904-04 (WeeChat: Denial of Service) Sebastien Helleu reported an array out-of-bounds error in the colored message handling. Impact : A remote attacker could send a specially crafted PRIVMSG command, possibly leading to a Denial of Service (application crash). Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200904-04" ); script_set_attribute( attribute:"solution", value: "All WeeChat users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-irc/weechat-0.2.6.1'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:weechat"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2009/04/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-irc/weechat", unaffected:make_list("ge 0.2.6.1"), vulnerable:make_list("lt 0.2.6.1"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "WeeChat"); }
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 34148 CVE(CAN) ID: CVE-2009-0661 WeeChat(Wee Enhanced Environment for Chat)是一款高效的轻型IRC聊天客户端。 WeeChat IRC客户端没有正确地验证包含有某些颜色代码的IRC消息。如果远程攻击者发送了特制的PRIVMSG命令的话,就会导致越界读取内部的颜色数组,客户端可能会崩溃。 Flashtux WeeChat 0.2.6.0 厂商补丁: Debian ------ Debian已经为此发布了一个安全公告(DSA-1744-1)以及相应补丁: DSA-1744-1:New weechat packages fix denial of service 链接:<a href=http://www.debian.org/security/2009/dsa-1744 target=_blank rel=external nofollow>http://www.debian.org/security/2009/dsa-1744</a> 补丁下载: Source archives: <a href=http://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6.orig.tar.gz target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6.orig.tar.gz</a> Size/MD5 checksum: 1615289 96fec32d773e650fed0eb21d51a9a945 <a href=http://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1.diff.gz target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1.diff.gz</a> Size/MD5 checksum: 2987 5a823583d320e0112fbf6f65c8d9d5a9 <a href=http://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1.dsc target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1.dsc</a> Size/MD5 checksum: 1288 95517e879e64485b1d8d2f0d93c231dc Architecture independent packages: <a href=http://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1_all.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1_all.deb</a> Size/MD5 checksum: 19814 3dc3c119f404e9c06f01a2433058431e <a href=http://security.debian.org/pool/updates/main/w/weechat/weechat-common_0.2.6-1+lenny1_all.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/w/weechat/weechat-common_0.2.6-1+lenny1_all.deb</a> Size/MD5 checksum: 431768 8ba3ac668a829fcb4a5bdeb282249fc8 amd64 architecture (AMD x86_64 (AMD64)) <a href=http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_amd64.deb</a> Size/MD5 checksum: 214810 96cd728e453b0e2c24681fbdd51c376f <a href=http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_amd64.deb</a> Size/MD5 checksum: 119354 c6f0ac09b5ee2b32d3fabf7515501c4a arm architecture (ARM) <a href=http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_arm.deb</a> Size/MD5 checksum: 192764 1ba5ba2f44affa3ea338cd230acde438 <a href=http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_arm.deb</a> Size/MD5 checksum: 106736 f395304b5289245684ec30837bded1c1 armel architecture (ARM EABI) <a href=http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_armel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_armel.deb</a> Size/MD5 checksum: 195740 39cfcdb47694c7883979d2da7ab619aa <a href=http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_armel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_armel.deb</a> Size/MD5 checksum: 108830 ea4f281358563ac7e3cc396f0ee10501 hppa architecture (HP PA RISC) <a href=http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_hppa.deb</a> Size/MD5 checksum: 223536 a83b056f959796e74629b5efd3617616 <a href=http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_hppa.deb</a> Size/MD5 checksum: 130270 7451de93d928fbd453eaf3a95dde1b65 i386 architecture (Intel ia32) <a href=http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_i386.deb</a> Size/MD5 checksum: 107776 ec239c51343e0ace3479559d9d7eaa7b <a href=http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_i386.deb</a> Size/MD5 checksum: 189350 c95243a796896dde0b87f0da1aecfc7d ia64 architecture (Intel ia64) <a href=http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_ia64.deb</a> Size/MD5 checksum: 149346 8f430bd31e411583fdbca07a11f9be27 <a href=http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_ia64.deb</a> Size/MD5 checksum: 315132 4a2f20117d12ccf245c798f7ed77da50 mips architecture (MIPS (Big Endian)) <a href=http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_mips.deb</a> Size/MD5 checksum: 214212 bae1939afacb219991d1a96ba79fd61c <a href=http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_mips.deb</a> Size/MD5 checksum: 95196 6bb1cc04140c54080782765e2449dbe3 mipsel architecture (MIPS (Little Endian)) <a href=http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_mipsel.deb</a> Size/MD5 checksum: 214114 a37aa2884f081d654caceda230c19fab <a href=http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_mipsel.deb</a> Size/MD5 checksum: 94412 8cdd416097d5c5c7a3372cf74fe0868e powerpc architecture (PowerPC) <a href=http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_powerpc.deb</a> Size/MD5 checksum: 213552 b6388948dd607888576328cfab3d5ffe <a href=http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_powerpc.deb</a> Size/MD5 checksum: 130426 5dad2dd2db74cd00cbcd8f408a607a23 s390 architecture (IBM S/390) <a href=http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_s390.deb</a> Size/MD5 checksum: 208666 c5e3a27466af91c297fb11187fe1fb31 <a href=http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_s390.deb</a> Size/MD5 checksum: 112248 921633d25598e4db478f8623a1b509e2 sparc architecture (Sun SPARC/UltraSPARC) <a href=http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_sparc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_sparc.deb</a> Size/MD5 checksum: 188520 f7354ec16c2629cc2ca8976afe5fd057 <a href=http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_sparc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_sparc.deb</a> Size/MD5 checksum: 109596 0d6bf31e83729c47b7598aee5d3f87e0 补丁安装方法: 1. 手工安装补丁包: 首先,使用下面的命令来下载补丁软件: # wget url (url是补丁下载链接地址) 然后,使用下面的命令来安装补丁: # dpkg -i file.deb (file是相应的补丁名) 2. 使用apt-get自动安装补丁包: 首先,使用下面的命令更新内部数据库: # apt-get update 然后,使用下面的命令安装更新软件包: # apt-get upgrade Flashtux -------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://weechat.flashtux.org/ target=_blank rel=external nofollow>http://weechat.flashtux.org/</a> |
| id | SSV:4940 |
| last seen | 2017-11-19 |
| modified | 2009-03-23 |
| published | 2009-03-23 |
| reporter | Root |
| title | WeeChat IRC消息远程拒绝服务漏洞 |
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519940
- http://osvdb.org/52763
- http://savannah.nongnu.org/bugs/index.php?25862
- http://secunia.com/advisories/34304
- http://secunia.com/advisories/34328
- http://weechat.flashtux.org/
- http://www.debian.org/security/2009/dsa-1744
- http://www.openwall.com/lists/oss-security/2009/03/17/8
- http://www.securityfocus.com/bid/34148
- http://www.vupen.com/english/advisories/2009/0758
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49295