URL handling vulnerability; DMDirc 0.5.6 released

Posted by Chris Smith's avatar Chris Smith on May 22, 2008

A security vulnerability has been discovered in DMDirc. The implementation of URL handlers allow specially crafted URLs to execute arbitrary programs on the host system. Only custom URL handlers (those listed as “custom commands” in the ‘URL Handlers’ section of the preferences panel) are vulnerable, and the user has to click on a malicious URL in order for the vulnerability to be exploited. The DMDirc developers have only been successful in using the vulnerability to launch argument-less programs on Linux, but we cannot guarantee that other platforms are not affected.

We have backported the fix for the exploit to the DMDirc 0.5 tree, and DMDirc 0.5.6 has now been released. We highly recommend that anyone using DMDirc 0.5.5 upgrade to DMDirc 0.5.6. Nightly builds of DMDirc up to and including the build released on the 22nd of May (designated revision 4055) are also vulnerable. A nightly build containing the vulnerability fix will be available for download tonight, and we highly recommend that anyone using DMDirc nightly builds upgrade as soon as it is available.

DMDirc 0.5.6 may be downloaded directly using the following links: Windows installer, Linux installer, Jar file.

If you have any questions, please feel free to join us in #DMDirc on Quakenet (irc.quakenet.org), or leave a comment here.