March 28, 2001

Updated licq packages available

Author: JT Smith

From LWN.net: licq is a very popular ICQ graphical client.
Previous versions have two vulnerabilities that could be exploited by
a remote attacker to execute arbitrary commands on the client host.
The first vulnerability is a buffer overflow in a log function.
The second vulnerability consists in the use of the system() function
to invoke an external browser when an URL is received. This function
will expand and interpret shell characters and this could be used to
execute commands on behalf of the user running licq.

Category:

  • Linux
Click Here!