An error in CTCP handling has been discovered in the Quassel IRC client that allows attackers to send IRC messages as you.
All Quassel users are encouraged to update their client immediately.
This has been fixed in the quassel-0.3.0.3 release and also in Git and the nightly builds. Gentoo and *buntu already ship the new version, with more distributions hopefully following ASAP. If you still use a 0.2-rc1 core, please consider updating to 0.3.x as soon as possible. Note that we provide unstable, but fixed packages for Debian now, thanks to dileX.
Note that this affects (only) the core, so you’ll need to update and restart your core. Clients are not affected. Also, this exploit can not be used to affect anything on your system, including your local account, as it is purely IRC related.
Filed Under: IRC News