Bugtraq mailing list archives
Re: XChat URL Handler bug affects v1.3.9 up
From: chrome <chrome () ELLTEL NET>
Date: Sun, 20 Aug 2000 19:10:43 -0700
Verfified bug exists on [x]chat 1.5.5. Later, c.t. | chromium tensility ; chrome () elltel net ; another linux guru in training | | kthulhu & co. went to yuggoth, and all i got was this lousy sig ; fn0rd | On Fri, 18 Aug 2000, zenith parsec wrote:
in my previous post i mentioned that all versions of XChat < 1.4.2 were potentially vulnerable to commands embedded in URLs by backticking. after some more research and looking at stuff on the net, (http://www.xchat.org/changelog.txt) it seems that this bug will only affect XChat versions 1.3.9 and above, up to and including 1.4.2 (the devel series may also be vulnerable, as there is no mention on the changelog page of this bug.) (release 1.3.9 was the first to have editable URL handlers, which seem to be the cause.) (version 1.2.1 of xchat does not appear to be vulnerable.)
Current thread:
- XChat URL Handler bug affects v1.3.9 up zenith parsec (Aug 18)
- Re: XChat URL Handler bug affects v1.3.9 up chrome (Aug 21)