IRC-Junkie.org – IRC News

All current versions of the KVIrc IRC client contain a remotely exploitable command execution vulnerability, including builds of KVIrc 4 from subversion up to revision 4692 as well as the older 3.x versions.

The bug, triggered by inserting carriage returns (r) into DCC GET commands, can be used to execute every command the IRCd understands in the context of the user running the vulnerable client instance.

To check if your version is exploitable you can either take a look at the “About KVIrc” tab under “Help” and check the revision or execute the following command on IRC:

The KVIrc project just announced the final version in the new stable branch of their IRC client, KVIrc 4.0.0 “Insomnia”.

2 months after the latest release candidate and more than 500 bugfixes from the bugtracker alone this new version now depends on Qt4 of which the developers say is “a great framework to base KVIrc on, far better than Qt3″.

Noteable changes from the last stable, KVIrc 3.4.2, are added support for server extensions such as CAPs, SASL, STARTTLS and services packages. DCC support has been enhanced with UPnP which automatically opens ports in routers so you don’t need to worry about proper port-forwarding anymore.

HelLViS69 of the KVIrc project just announced that release candidate 3 of their IRC client in the 4.0 branch is available for testing.

The changelog sounds pretty interesting and the client seems to have gotten lots of new features and more than 200 bugs have been fixed since RC1.

In the announcement, developer HelLViS69 lists the new features in this build, such as an “automagical wizard to create theme packages, the new class editor (no more classes in aliases!), the smart nick coloring which permits to select your favourite fore/background color”.

But how about something revolutionary? Developer CtrlAltCa has something in store for us:

The KVIrc team has issued an update of their IRC client although it’s technically still at RC2.

The update is recommended for all users of the freenode IRC network that experience problems with “Excess Flood” disconnects from the network, mostly due to autojoining a large number of channels where the client automatically issues a series of commands (/WHO, gets channelmodes and lists of bans as well as ban and invite exemptions) – neither of those events have been rate-limited in the past.

Just a few minutes ago, HelLViS69 has released RC2 of the IRC-client KVIrc.

He writes that they “are proud to release the next release candidate. This release contains a huge amount of bugfixes, a cleaner and readable code, some new features including the new ISO standards for file sizes and datetimes format and a new automagical wizard to create addons.”

For now, there is only the possibility to checkout your copy from their SVN repository but he writes that “snapshots for the different OSes/arches will follow in the next days.”