[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[linux-security] xchat vlunerabilities
- To: linux-security
- Subject: [linux-security] xchat vlunerabilities
- From: Martin Siegert <siegert@sfu.ca>
- Date: Thu, 17 Jan 2002 18:02:33 -0800
- User-Agent: Mutt/1.2.5.1i
Topic
=====
A vulnerability in the XChat IRC client that allows an
attacker to take over the users IRC session.
Problem Description
===================
xchat is a popular IRC client. xchat contains a bug in the CTCP PING
handling code which can be exploited to execute IRC commands on the
IRC server as the vulnerable user. This can be used for example by
an attacker to /op or /deop, to /kick someone out of a channel, to
force the vulnerable user out of the channel with a /part, to change
channel modes via the /mode command, or to impersonate a user via
private /msg commands.
Affected Systems
================
All previous versions of xchat are vulnerable, however only the 1.4.*
versions are vulnerable by default. With later versions (1.6.*, 1.8.*),
xchat is not vulnerable unless the user has enabled the client side
"percascii" variable with the command "/set percascii 1".
Workaround
==========
uninstall xchat: rpm -e xchat
(why did you install it in the first place ;-)
Solution
========
RedHat 6.x
----------
rpm -Fvh xchat-1.8.7-1.62.0.i386.rpm
RedHat 7.0
----------
rpm -Fvh xchat-1.8.7-1.71.0.i386.rpm
RedHat 7.1
----------
rpm -Fvh xchat-1.8.7-1.71.0.i386.rpm
RedHat 7.2
----------
rpm -Fvh xchat-1.8.7-1.72.0.i386.rpm
Debian 2.2 (potato)
-------------------
upgrade to: xchat_1.4.3-1_i386.deb
xchat-gnome_1.4.3-1_i386.deb
xchat-text_1.4.3-1_i386.deb