CVE-2007-4400

Publication date 18 August 2007

Last updated 24 July 2024

CRLF injection vulnerability in the included media script in Konversation allows user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
konversation	9.04 jaunty	Fixed 1.0.1-4ubuntu1
	8.10 intrepid	Fixed 1.0.1-4ubuntu1
	8.04 LTS hardy	Fixed 1.0.1-4ubuntu1
	7.10 gutsy	Fixed 1.0.1-4ubuntu1
	7.04 feisty	Ignored end of life, was needed
	6.10 edgy	Ignored end of life, was needed
	6.06 LTS dapper	Ignored end of life

Notes

kees

requires a malicious MP3 get played while id3 display plugin is running

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
konversation	Vendor: http://svn.debian.org/wsvn/pkg-kde/kde-extras/konversation/trunk/debian/patches/15_CVE-2007-4400.diff?op=file&rev=0&sc=0

CVE-2007-4400

Status

Notes

kees

Patch details

References

Other references