Vulnerability Development mailing list archives
Re: Possible hole in xchat
From: "Kajim Haderes" <nick () majik securityfocus com>
Date: Sun, 6 Jan 2002 15:22:45 -0600
But wait, this requires the user to /exec something, I fail to see any way to maliciously exploit this except via sending mystery executable over dcc and getting the user to try it from within xchat... or have I missed something? [I hope not] nick ----- Original Message ----- From: "oPr" <opr () bsdaemon be> To: "Korhan GURLER" <korhan () netkeyfi com> Cc: <SirExar () crazy-horse net>; <vuln-dev () securityfocus com> Sent: Sunday, January 06, 2002 18:49 Subject: Re: Possible hole in xchat
On Sun, 6 Jan 2002, Korhan GURLER wrote:On Tue, 1 Jan 2002 SirExar () crazy-horse net wrote: // Slackware 8.0 // // Xchat 1.8.5 Xchat 1.8.6 does seg faults in Slackware 8.0 too.But Xchat 1.8.6 does segfault on freebsd 4.4// // When you excute a command using exec -o in xchat, the command is
excuted
// and the output sent to the current window. // If you excute a command of a lengthy nature, such as 5000 characters
: )
// Xchat seg faults, this could lead to possible buffer overflow // problems, because the memory address is rewritten. I used perl -- Endless Loop: n., see Loop, Endless. Loop, Endless: n., see Endless Loop. -- Random Shack Data Processing Dictionary -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GCS d- s:- a- C+++ UL++++ P+ L+++ E--- W- N o-- K- w O- M-- V- PS+ PE+ Y+ PGP t 5 X++++ R* tv+ b+++ DI D++ G e+ h! r-- y+ ------END GEEK CODE BLOCK------------------------------------------- [www.bsdaemon.be - The Daemon awakes] -------------------------------------
Current thread:
- Possible hole in xchat SirExar (Jan 01)
- Re: Possible hole in xchat Ron DuFresne (Jan 02)
- Re: Possible hole in xchat Korhan GURLER (Jan 06)
- Re: Possible hole in xchat oPr (Jan 06)
- Re: Possible hole in xchat oPr (Jan 06)
- Re: Possible hole in xchat Kajim Haderes (Jan 06)