Launchpad.net

CVE 2013-6404

Quassel core (server daemon) in Quassel IRC before 0.9.2 does not properly verify the user ID when accessing user backlogs, which allows remote authenticated users to read other users' backlogs via the bufferid in (1) 16/select_buffer_by_id.sql, (2) 16/select_buffer_by_id.sql, and (3) 16/select_buffer_by_id.sql in core/SQL/PostgreSQL/.

Related bugs and status

CVE-2013-6404 (Candidate) is related to these bugs:

Bug #1255362: Clients may be able to access buffers belonging to other users

		In	Importance	Status
1255362	Clients may be able to access buffers belonging to other users	quassel (Ubuntu)	High	Fix Released
1255362	Clients may be able to access buffers belonging to other users	quassel (Ubuntu Lucid)	High	Won't Fix
1255362	Clients may be able to access buffers belonging to other users	quassel (Ubuntu Precise)	High	Fix Released
1255362	Clients may be able to access buffers belonging to other users	quassel (Ubuntu Raring)	High	Won't Fix
1255362	Clients may be able to access buffers belonging to other users	quassel (Ubuntu Saucy)	High	Fix Released
1255362	Clients may be able to access buffers belonging to other users	quassel (Ubuntu Trusty)	High	Fix Released
1255362	Clients may be able to access buffers belonging to other users	quassel (Ubuntu Quantal)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-6404

Related bugs and status

Related bugs

References