Bugtraq mailing list archives

Re: MDKSA-2000:039 - xchat update

From: Joey Hess <joey () KITENET NET>
Date: Fri, 25 Aug 2000 20:22:05 -0700

Package: xchat
Version: 1.4.2-1.1
Severity: important

Signal 11 wrote:

Just to chime in here, for distributions who haven't released an
update the source for 1.4.2 is available on the author's website here
for the impatient: http://xchat.linuxpower.org/index.html

I checked, and the latest stable release of debian is not vulnerable
(See http://www.debian.org/Packages/stable/net/ )


Actually it is. The "netscape (existing)" and "netscape (new window)"
menu entries are safe, but other menu entries (I tried the one for lynx)
do expose the url to the shell.

By the way, a way to exploit this that that's not too blatent, if you
don't mind just DOS-ing the victim, is something like
http://drugs.org/just/say/`yes` (warning, following said url in xchat
will eat all memory you are allowed to eat on your system, and thus
tends to crash poorly-configured linux systems).

--
see shy jo

Current thread:

MDKSA-2000:039 - xchat update Linux Mandrake Security Team (Aug 24)
- Re: MDKSA-2000:039 - xchat update Signal 11 (Aug 25)
  - Re: MDKSA-2000:039 - xchat update Joey Hess (Aug 25)
    - Re: MDKSA-2000:039 - xchat update Decklin Foster (Aug 28)
    - Re: MDKSA-2000:039 - xchat update (xchat-1.4.2-nourltoshell.patch) Anthony Fok (Aug 28)
- Re: MDKSA-2000:039 - xchat update Andreas Hasenack (Aug 25)