Vulnerability Development mailing list archives
Re: Possible hole in xchat
From: Ron DuFresne <dufresne () winternet com>
Date: Tue, 1 Jan 2002 21:45:24 -0600 (CST)
As per the bitchx discussion, probably not, unless the /exec -o function can be interjected remotely by outsiders, else it would be at best a self exploit situation. now, if this /exec -o function can be amassed via tty's or pty's by another user on the system, or some other remote vector, then there is an issue. Thanks, Ron DuFresne On Tue, 1 Jan 2002 SirExar () crazy-horse net wrote:
Slackware 8.0 Xchat 1.8.5 When you excute a command using exec -o in xchat, the command is excuted and the output sent to the current window. If you excute a command of a lengthy nature, such as 5000 characters : ) Xchat seg faults, this could lead to possible buffer overflow problems, because the memory address is rewritten. I used perl -e 'print "A" x 5000' to cause the fault (/exec -o perl -e 'print "A" x 5000') which should produced an EIP of 0x41414141. (Hex A) GNU gdb 5.0 Copyright 2000 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-slackware-linux"... (gdb) r Starting program: /usr/bin/xchat [New Thread 1024 (LWP 14486)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 1024 (LWP 14486)] 0x80993b0 in handle_command ( cmd=0x41414141 <Address 0x41414141 out of bounds>, sess=0x41414141, history=1094795585, nocommand=1094795585) at outbound.c:3390 3390 outbound.c: No such file or directory. (gdb) Im not sure if its exploitable or even a problem but i thought it was worth a try. -exar
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything.
Current thread:
- Possible hole in xchat SirExar (Jan 01)
- Re: Possible hole in xchat Ron DuFresne (Jan 02)
- Re: Possible hole in xchat Korhan GURLER (Jan 06)
- Re: Possible hole in xchat oPr (Jan 06)
- Re: Possible hole in xchat oPr (Jan 06)
- Re: Possible hole in xchat Kajim Haderes (Jan 06)