[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

xchat 2.0.x Socks5 Vulnerability

To: xchat-announce@xxxxxxxxxxxx
Subject: xchat 2.0.x Socks5 Vulnerability
From: Peter Zelezny <zed@xxxxxxxxx>
Date: Mon, 5 Apr 2004 17:13:05 +1000
List-archive: <http://mail.nl.linux.org/xchat-announce/>
List-help: <mailto:ecartis@nl.linux.org?Subject=help>
List-id: <xchat-announce.nl.linux.org>
List-owner: <mailto:riel@nl.linux.org>
List-post: <mailto:xchat-announce@nl.linux.org>
List-software: Ecartis version 1.0.0
List-subscribe: <mailto:xchat-announce-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:xchat-announce-request@nl.linux.org?Subject=unsubscribe>
Reply-to: xchat-discuss@xxxxxxxxxxxx
Sender: xchat-announce-bounce@xxxxxxxxxxxx

Hi XChat users,

XChat's Socks-5 proxy code is vulnerable to a remote exploit. To
successfully exploit the code, you would need to enable socks5 
traversal (default off) and connect to the attacker's own custom
proxy server.

If you never intend to use a Socks5 proxy, you are not affected at
all by this issue.

Type of exploit:
~~~~~~~~~~~~~~~~
	Stack overflow caused by inadequate input validation. The
	attacker could take control of the User that ran the xchat
	process.


Versions affected:
~~~~~~~~~~~~~~~~~~
	From 1.8.0 to 2.0.8.


Work around:
~~~~~~~~~~~~
	Don't use socks 5 proxies.


Solution:
~~~~~~~~~
	Source code patch is available at:
		http://xchat.org/files/source/2.0/patches/
	The Fedora RPMs at www.xchat.org have been rebuilt with this
	patch applied.


Original source of code:
~~~~~~~~~~~~~~~~~~~~~~~~
	http://mail.nl.linux.org/xchat-discuss/2001-05/msg00116.html



Credit goes to tsifra for finding this bug.


-- 
Peter.

--
XChat-announce:  Xchat announcement list
Archive:         http://mail.nl.linux.org/xchat-announce/

Index(es):
- Date
- Thread