[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] xchat vlunerabilities

To: linux-security
Subject: [linux-security] xchat vlunerabilities
From: Martin Siegert <siegert@sfu.ca>
Date: Thu, 17 Jan 2002 18:02:33 -0800
User-Agent: Mutt/1.2.5.1i

Topic
=====
A vulnerability in the XChat IRC client that allows an
attacker to take over the users IRC session.

Problem Description
===================
xchat is a popular IRC client. xchat contains a bug in the CTCP PING
handling code which can be exploited to execute IRC commands on the
IRC server as the vulnerable user.  This can be used for example by
an attacker to /op or /deop, to /kick someone out of a channel, to
force the vulnerable user out of the channel with a /part, to change
channel modes via the /mode command, or to impersonate a user via
private /msg commands.

Affected Systems
================
All previous versions of xchat are vulnerable, however only the 1.4.*
versions are vulnerable by default.  With later versions (1.6.*, 1.8.*),
xchat is not vulnerable unless the user has enabled the client side
"percascii" variable with the command "/set percascii 1".

Workaround
==========
uninstall xchat: rpm -e xchat
(why did you install it in the first place ;-)

Solution
========
RedHat 6.x
----------
rpm -Fvh xchat-1.8.7-1.62.0.i386.rpm

RedHat 7.0
----------
rpm -Fvh xchat-1.8.7-1.71.0.i386.rpm

RedHat 7.1
----------
rpm -Fvh xchat-1.8.7-1.71.0.i386.rpm

RedHat 7.2
----------
rpm -Fvh xchat-1.8.7-1.72.0.i386.rpm

Debian 2.2 (potato)
-------------------
upgrade to: xchat_1.4.3-1_i386.deb
            xchat-gnome_1.4.3-1_i386.deb
            xchat-text_1.4.3-1_i386.deb

Prev by Date: Re: [linux-security] glibc glob bug (Debian)
Next by Date: [linux-security] local root exploit in at
Prev by thread: [linux-security] local root exploit in at
Next by thread: [linux-security] groff vulnerability
Index(es):
- Date
- Thread