LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Eridani alert ERISA-2002:021 (xchat)

From:	 Eridani Star System <linux@eridani.co.uk>
To:	 eridani-announce@eridani.co.uk
Subject: [Eridani-Announce] ERISA-2002:021 - xchat
Date:	 Wed, 5 Jun 2002 23:48:23 +0100 (BST)

=========================================================================
		ERIDANI LINUX - SECURITY ANNOUNCEMENT
=========================================================================

Package:	xchat
Summary:	/dns does not check the response returned from the server
Date:		2002-06-05
ID:		ERISA-2002:021

=========================================================================

Problem description:

  Versions of the XChat IRC client prior to 1.8.9 do not check the
  response returned by the server to a /dns request.  Since XChat hands
  off the lookup request to a shell, a malicious IRC server can return
  a response that executes arbitrary commands on the local machine
  with the privileges of the XChat user.

-------------------------------------------------------------------------
Updated packages:

  656c082879c4993bf96570767bfc0083  xchat-1.8.9-1.src.rpm
  2d24bfcec11e7508cce044647b2fc01b  xchat-1.8.9-1.i386.rpm

-------------------------------------------------------------------------
References:

  http://online.securityfocus.com/bid/4376/info/

=========================================================================

Packages available from ftp://ftp.eridani.co.uk/pub/Aeryn/
or by HTTP from http://ftp.eridani.co.uk/

Packages are signed with our GNU GPG key, also on our FTP site.

Users of releases of Eridani Linux prior to 6.3 are advised to download   
the source RPM and rebuild for their system.

Copyright (C)2002 Eridani Star System

-- Michael "Soruk" McConnell                       http://www.eridani.co.uk
Eridani Linux  --  The Most Up-to-Date Red Hat-based Linux CDROMs Available
Email: linux@eridani.co.uk -- Also Debian, Slackware, Mandrake and more...

_______________________________________________
Eridani-Announce mailing list
To be removed from this list email linux@eridani.co.uk requesting removal.
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds