Rapid7 Vulnerability & Exploit Database

RHSA-2002:005: Updated xchat packages are available

Back to Search

RHSA-2002:005: Updated xchat packages are available

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
06/25/2002
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

Versions of xchat prior to version 1.8.7 contain a vulnerability which allows an attacker to cause a vulnerable client to execute arbitrary IRC server commands as if the vulnerable user had typed them. This security erratum updates xchat to version 1.8.7, which is not vulnerable to this attack.

xchat is a popular IRC client. Recently xchat has been found to contain a bug in the CTCP PING handling code which can be exploited to execute IRC commands on the IRC server as the vulnerable user. This can be used for example by an attacker to /op or /deop, to /kick someone out of a channel, to force the vulnerable user out of the channel with a /part, to change channel modes via the /mode command, or to impersonate a user via private /msg commands. This bug does not appear to allow an attacker to execute commands on the vulnerable computer, just to force IRC server commands to be run as if the vulnerable user had typed them. All previous versions of xchat are vulnerable, however only the 1.4.* versions are vulnerable by default. With later versions (1.6.*, 1.8.*), xchat is not vulnerable unless the user has enabled the client side "percascii" variable with the command "/set percascii 1". This security erratum updates xchat to version 1.8.7, for Red Hat Linux 6.2, 7.0, 7.1, 7.2, which is not vulnerable to this attack. All xchat users should update to this release. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0006 to this issue. Thanks to zen-parse for discovering and reporting this problem, and also to Marcus Meissner at Caldera for providing a working sample exploit with which to easily test for affected versions.

Solution(s)

  • redhat-upgrade-xchat

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;