Versions of xchat prior to version 1.8.7 contain a vulnerability
which allows an attacker to cause a vulnerable client to execute
arbitrary IRC server commands as if the vulnerable user had typed
them.
This security erratum updates xchat to version 1.8.7, which is
not vulnerable to this attack.
xchat is a popular IRC client. Recently xchat has been
found to contain a bug in the CTCP PING handling code which can
be exploited to execute IRC commands on the IRC server as the
vulnerable user. This can be used for example by an attacker
to /op or /deop, to /kick someone out of a channel, to force the
vulnerable user out of the channel with a /part, to change
channel modes via the /mode command, or to impersonate a user
via private /msg commands.
This bug does not appear to allow an attacker to execute commands
on the vulnerable computer, just to force IRC server commands to
be run as if the vulnerable user had typed them.
All previous versions of xchat are vulnerable, however only the 1.4.*
versions are vulnerable by default. With later versions (1.6.*, 1.8.*),
xchat is not vulnerable unless the user has enabled the client side
"percascii" variable with the command "/set percascii 1".
This security erratum updates xchat to version 1.8.7, for Red Hat Linux
6.2, 7.0, 7.1, 7.2, which is not vulnerable to this attack. All xchat
users should update to this release.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2002-0006 to this issue.
Thanks to zen-parse for discovering and reporting this problem, and
also to Marcus Meissner at Caldera for providing a working sample
exploit with which to easily test for affected versions.
| Red Hat Linux 6.2 |
|
| SRPMS: |
xchat-1.8.7-1.62.0.src.rpm
File outdated by: RHSA-2002:097 |
ac50d03c3107cb7c57823330abb7bcf3 |
| |
| Alpha: |
xchat-1.8.7-1.62.0.alpha.rpm
File outdated by: RHSA-2002:097 |
33c2a42aac216fe2d5cc1703d62916c3 |
| |
| IA-32: |
xchat-1.8.7-1.62.0.i386.rpm
File outdated by: RHSA-2002:097 |
e2730124e349c81d884b9f6b9f10a844 |
| |
| Sparc: |
xchat-1.8.7-1.62.0.sparc.rpm
File outdated by: RHSA-2002:097 |
dee6de9b586d5d480e3fb79095071c81 |
| |
| Red Hat Linux 7.0 |
|
| SRPMS: |
xchat-1.8.7-1.70.0.src.rpm
File outdated by: RHSA-2002:097 |
8abf9f7305c6ef0bb2fd271cd5a658c7 |
| |
| Alpha: |
xchat-1.8.7-1.70.0.alpha.rpm
File outdated by: RHSA-2002:097 |
e6f6e39866ea16e685e40d0aefea8d3a |
| |
| IA-32: |
xchat-1.8.7-1.70.0.i386.rpm
File outdated by: RHSA-2002:097 |
f86ff922b3983fcc466c809026d2e46f |
| |
| Red Hat Linux 7.1 |
|
| SRPMS: |
xchat-1.8.7-1.71.0.src.rpm
File outdated by: RHSA-2002:097 |
097d9021c9a71802e6500e8b517afab4 |
| |
| Alpha: |
xchat-1.8.7-1.71.0.alpha.rpm
File outdated by: RHSA-2002:097 |
561f00afdd626a0bff8adc0f0eae62a6 |
| |
| IA-32: |
xchat-1.8.7-1.71.0.i386.rpm
File outdated by: RHSA-2002:097 |
a7623f3a3962701985ffdaca0398edc5 |
| |
| IA-64: |
xchat-1.8.7-1.71.0.ia64.rpm
File outdated by: RHSA-2002:097 |
6e6c9835b80644a8e720a7947dcc4af2 |
| |
| Red Hat Linux 7.2 |
|
| SRPMS: |
xchat-1.8.7-1.72.0.src.rpm
File outdated by: RHSA-2002:097 |
742b12acb62b256309223076098b8169 |
| |
| IA-32: |
xchat-1.8.7-1.72.0.i386.rpm
File outdated by: RHSA-2002:097 |
749cc3d90b7e7a8446b444446855b672 |
| |
| IA-64: |
xchat-1.8.7-1.72.0.ia64.rpm
File outdated by: RHSA-2002:097 |
1beaae5afb495e11aa532bb7f76faa47 |
| |
Updated xchat packages are available