The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string.

It was discovered that Konversation, an IRC client for KDE, could by crashed when receiving malformed messages using FiSH encryption.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

KDE and QT were updated to fix security issues and bugs.

The following vulerabilities were fixed :

  - CVE-2014-0190: Malformed GIF files could have crashed QT     based applications

  - CVE-2015-0295: Malformed BMP files could have crashed QT     based applications

  - CVE-2014-8600: Multiple cross-site scripting (XSS)     vulnerabilities in the KDE runtime could have allowed     remote attackers to insert arbitrary web script or HTML     via crafted URIs using one of several supported URL     schemes

  - CVE-2014-8483: A missing size check in the Blowfish ECB     could have lead to a crash of Konversation or 11 byte     information leak

  - CVE-2014-3494: The KMail POP3 kioslave accepted invalid     certifiates and allowed a man-in-the-middle (MITM)     attack

Additionally, Konversation was updated to 1.5.1 to fix bugs.

Konversation 1.5.1 is a maintenance release containing only bug fixes.
The included changes address several minor behavioral defects and a low-risk DoS security defect in the Blowfish ECB support.

See also: https://konversation.kde.org/

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

konversation was updated to version 1.5.1, fixing bugs and one security issue.

Changes :

  - Konversation 1.5.1 is a maintenance release containing     only bug fixes. The included changes address several     minor behavioral defects and a low-risk DoS security     defect in the Blowfish ECB support. The KDE Platform     version dependency has increased to v4.9.0 to gain     access to newer Qt socket transport security flags.

  - Fixed a bug causing wildcards in command alias     replacement patterns not to be expanded.

  - Fixed a bug causing auto-joining of channels not     starting in # or & to sometimes fail because the     auto-join command was generated before we got the     CHANTYPES pronouncement by the server.

  - Added a size sanity check for incoming Blowfish ECB     blocks. The blind assumption of incoming blocks being     the expected 12 bytes could lead to a crash or up to 11     byte information leak due to an out-of-bounds read.
    CVE-2014-8483.

  - Enabling SSL/TLS support for connections will now     advertise the protocols Qt considers secure by default,     instead of being hardcoded to TLSv1.

  - Fixed the bundled 'sysinfo' script not coping with empty     lines in /etc/os-release.

  - Made disk space info in the bundled 'sysinfo' script     more robust by forcing the C locale for 'df'.

  - Added an audio player type hint for Cantata to the     bundled 'media' script.

  - Fixed some minor comparison logic errors turned up by     static analysis.

  - Konversation now depends on KDE Platform v4.9.0 or     higher.

Manuel Nickschas discovered that Konversation did not properly perform input sanitization when using Blowfish ECB encryption. A remote attacker could exploit this to cause a denial of service.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

quassel was updated to fix an out-of-bound read (CVE-2014-8483).

It was discovered that Konversation, an IRC client for KDE, could be crashed when receiving malformed messages using FiSH encryption.

Konversation developers report :

Konversation's Blowfish ECB encryption support assumes incoming blocks to be the expected 12 bytes. The lack of a sanity-check for the actual size can cause a denial of service and an information leak to the local user.

An out-of-bounds read vulnerability was discovered in Quassel-core, one of the components of the distributed IRC client Quassel. An attacker can send a crafted message that crash to component causing a denial of services or disclosure of information from process memory.

ID	Name	Product	Family	Severity
82152	Debian DLA-168-1 : konversation security update	Nessus	Debian Local Security Checks	medium
82014	openSUSE Security Update : kdebase4-runtime / kdelibs4 / konversation / etc (openSUSE-2015-251)	Nessus	SuSE Local Security Checks	medium
79257	Fedora 20 : konversation-1.5.1-1.fc20 (2014-13791)	Nessus	Fedora Local Security Checks	medium
79256	Fedora 19 : konversation-1.5.1-1.fc19 (2014-13702)	Nessus	Fedora Local Security Checks	medium
79226	openSUSE Security Update : konversation (openSUSE-SU-2014:1406-1)	Nessus	SuSE Local Security Checks	medium
79193	Fedora 21 : konversation-1.5.1-1.fc21 (2014-13837)	Nessus	Fedora Local Security Checks	medium
79121	Ubuntu 12.04 LTS : konversation vulnerability (USN-2401-1)	Nessus	Ubuntu Local Security Checks	medium
79104	openSUSE Security Update : quassel (openSUSE-SU-2014:1382-1)	Nessus	SuSE Local Security Checks	medium
79064	Debian DSA-3068-1 : konversation - security update	Nessus	Debian Local Security Checks	medium
78878	FreeBSD : Konversation -- out-of-bounds read on a heap-allocated array (0167f5ad-64ea-11e4-98c1-00269ee29e57)	Nessus	FreeBSD Local Security Checks	medium
78834	Debian DSA-3063-1 : quassel - security update	Nessus	Debian Local Security Checks	medium

Detections

Analytics

CVE-2014-8483

high

Tenable Plugins

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium