Author: JT Smith
From LWN.net: licq is a very popular ICQ graphical client.
Previous versions have two vulnerabilities that could be exploited by
a remote attacker to execute arbitrary commands on the client host.
The first vulnerability is a buffer overflow in a log function.
The second vulnerability consists in the use of the system() function
to invoke an external browser when an URL is received. This function
will expand and interpret shell characters and this could be used to
execute commands on behalf of the user running licq.
Previous versions have two vulnerabilities that could be exploited by
a remote attacker to execute arbitrary commands on the client host.
The first vulnerability is a buffer overflow in a log function.
The second vulnerability consists in the use of the system() function
to invoke an external browser when an URL is received. This function
will expand and interpret shell characters and this could be used to
execute commands on behalf of the user running licq.
Category:
- Linux
