8.09.99 : KVIrc vulnerable
Today a frend of mine forwarded me a mail from the bugtraq
mailing list.
Seems that KVIrc 0.9.0 has a security hole:
a "malicious user" can cause KVIrc to dcc send him the
/etc/passwd file.
Obviously he can't do it without being seen/logged.
Anyway , if you are still using 0.9.0 you have three
solutions:
1. Disable the "Listen to !nick requests" in the "Sound" tab
of the Misc options dialog.
2. Upgrade to 1.0.0 beta1 or beta2.
3. Get the latest KVIrc sources by CVS.
25.10.99 : 0.9.0 -> 0.9.1
I have released a patched 0.9.0 version of kvirc for those
that still use qt1.44.
It is patched against the infamous sound related security hole
:)
The package version is 0.9.1.
Jump to the download page http://www.kvirc.org/download.html
to get it.
Sergio Korlowsky
