Nom du paquet
xchat
Date
2002-08-14
Advisory ID
MDKSA-2002:051
Affected versions
8.1 i586 , CS1.0 i586 , 8.1 i586 , 8.0 i586 , 8.2 i586 , 8.0 i586 , 8.2 i586 , 7.1 i586 , 7.2 i586

Problem description

In versions of the xchat IRC client prior to version 1.8.9, xchat does not filter the response from an IRC server when a /dns query is executed. xchat resolves hostnames by passing the configured resolver and hostname to a shell, so an IRC server may return a malicious response formatted so that arbitrary commands are executed with the privilege of the user running xchat.

Updated packages

8.1 i586

 3b153d74852081b8c2716795da8221fb  ia64/8.1/RPMS/xchat-1.8.9-1.1mdk.ia64.rpm
8e90f10583d899d8fcec3add917cff9e  ia64/8.1/SRPMS/xchat-1.8.9-1.1mdk.src.rpm

CS1.0 i586

 d6d49335adada894c1aa3fa939d8b9f3  1.0.1/RPMS/xchat-1.8.9-1.2mdk.i586.rpm
6d05bf91dcf5e713c80733c0266707c7  1.0.1/SRPMS/xchat-1.8.9-1.2mdk.src.rpm

8.1 i586

 b15fc620fccbb433f2342a5697878d46  8.1/RPMS/xchat-1.8.9-1.1mdk.i586.rpm
8e90f10583d899d8fcec3add917cff9e  8.1/SRPMS/xchat-1.8.9-1.1mdk.src.rpm

8.0 i586

 9c5820900faa143354b912a3934f4238  8.0/RPMS/xchat-1.8.9-1.1mdk.i586.rpm
8e90f10583d899d8fcec3add917cff9e  8.0/SRPMS/xchat-1.8.9-1.1mdk.src.rpm

8.2 i586

 07acd74eb2ba9e6e993c080f3f62d1db  8.2/RPMS/xchat-1.8.9-1.1mdk.i586.rpm
8e90f10583d899d8fcec3add917cff9e  8.2/SRPMS/xchat-1.8.9-1.1mdk.src.rpm

8.0 i586

 4fbdf3b5273608a2c8f29d76c1f99b22  ppc/8.0/RPMS/xchat-1.8.9-1.1mdk.ppc.rpm
8e90f10583d899d8fcec3add917cff9e  ppc/8.0/SRPMS/xchat-1.8.9-1.1mdk.src.rpm

8.2 i586

 949876f355b3f0330e9d0a15a8da9c22  ppc/8.2/RPMS/xchat-1.8.9-1.1mdk.ppc.rpm
8e90f10583d899d8fcec3add917cff9e  ppc/8.2/SRPMS/xchat-1.8.9-1.1mdk.src.rpm

7.1 i586

 d6d49335adada894c1aa3fa939d8b9f3  7.1/RPMS/xchat-1.8.9-1.2mdk.i586.rpm
6d05bf91dcf5e713c80733c0266707c7  7.1/SRPMS/xchat-1.8.9-1.2mdk.src.rpm

7.2 i586

 c95dd6649268bed1dbc11841edfcbef1  7.2/RPMS/xchat-1.8.9-1.2mdk.i586.rpm
6d05bf91dcf5e713c80733c0266707c7  7.2/SRPMS/xchat-1.8.9-1.2mdk.src.rpm

References