Citat:
---------------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200312-06
---------------------------------------------------------------------------
GLSA: 200312-06
Package: net-irc/xchat
Summary: Malformed dcc send requests in xchat-2.0.6 lead to a denial of
service
Severity: medium
Gentoo bug: 35623
Date: 2003-12-14
CVE: none
Exploit: remote
Affected: =2.0.6
Fixed: >=2.0.6-r1
DESCRIPTION:
There is a remotely exploitable bug in xchat 2.0.6 that could lead to a denial
of service attack. This is caused by sending a malformed DCC packet to xchat
2.0.6, causing it to crash. Versions prior to 2.0.6 do not appear to be
affected by this bug.
For more information, please see:
http://mail.nl.linux.org/xchat-announce/2003-12/msg00000.html
SOLUTION:
For Gentoo users, xchat-2.0.6 was marked ~arch (unstable) for most
architectures. Since it was never marked as stable in the portage tree, only
xchat users who have explictly added the unstable keyword to ACCEPT_KEYWORDS
are affected. Users may updated affected machines to the patched version of
xchat using the following commands:
emerge sync
emerge -pv '>=net-irc/xchat-2.0.6-r1'
emerge '>=net-irc/xchat-2.0.6-r1'
emerge clean
Citat:
xchat 2.0.6 crashes with mirc 6.0-6.11 DCC exploit
the machine on which xchat crashed
Linux 2.4.23
xchat 2.0.6
the machine who did the exploit
mirc 6.12
Windows XP
---
what happend:
i starded xchat 2.0.6 on my linux machine and, just for
fun, tried to exploit it via mirc.
if you are not familiar with that: mIRC 6.11 and ealier
6.x crashed on a malformated dcc request. 6.12 fixed that.
oh wonder! xchat closed!!!!
* Quits: <xchat_linux_nick>(who@cares) (Client exited)
(msg in my mirc)
downgraded to 2.0.5 and tried again
--- DCC RECV connect attempt to <mynick> failed
(err=Invalid argument).
this was reproduced on a FreeBSD machine with xchat 2.0.6
Internet ne cini ljude glupima. Internet cini ljudsku glupost dostupnijom (TM by me)
Webhost Hosting Services
Webhost Hosting Services