Re: Possible hole in xchat

["Kajim Haderes" <nick () majik securityfocus com>]

But wait, this requires the user to /exec something, I fail to see any way
to maliciously exploit this except via sending mystery executable over dcc
and getting the user to try it from within xchat...
or have I missed something? [I hope not]
nick
----- Original Message -----
From: "oPr" <opr () bsdaemon be>
To: "Korhan GURLER" <korhan () netkeyfi com>
Cc: <SirExar () crazy-horse net>; <vuln-dev () securityfocus com>
Sent: Sunday, January 06, 2002 18:49
Subject: Re: Possible hole in xchat


> On Sun, 6 Jan 2002, Korhan GURLER wrote:
>
> > On Tue, 1 Jan 2002 SirExar () crazy-horse net wrote:
> >
> > // Slackware 8.0
> > //
> > // Xchat 1.8.5
> >
> > Xchat 1.8.6  does seg faults in Slackware 8.0 too.
>
> But Xchat 1.8.6 does segfault on freebsd 4.4
>
> > //
> > // When you excute a command using exec -o in xchat, the command is
excuted
> > // and the output sent to the current window.
> > // If you excute a command of a lengthy nature, such as 5000 characters
: )
> > //  Xchat seg faults, this could lead to possible buffer overflow
> > // problems, because the memory address is rewritten. I used perl
> >
> > --
> >
> > Endless Loop: n., see Loop, Endless.
> > Loop, Endless: n., see Endless Loop.
> >                 -- Random Shack Data Processing Dictionary
> >
> > -----BEGIN GEEK CODE BLOCK-----
> > Version: 3.12
> > GCS d- s:- a- C+++ UL++++ P+ L+++ E--- W- N o-- K- w
> > O- M-- V- PS+ PE+ Y+ PGP t 5 X++++ R* tv+ b+++ DI D++
> > G e+ h! r-- y+
> > ------END GEEK CODE BLOCK------
>
> -------------------------------------
> [www.bsdaemon.be - The Daemon awakes]
> -------------------------------------