Mandrake Linux Security Advisory : xchat (MDKSA-2002:006)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing a security update.

Description :

zen-parse discovered a problem in versions 1.4.2 and 1.4.3 of xchat
that could allow a malicious user to send commands to the IRC server
they are on which would take advantage of the CTCP PING reply handler
in xchat. This could be used for denial of service, channel takeovers,
and other similar attacks. The problem exists in 1.6 and 1.8 versions,
however it is controlled by the 'percascii' variable which defaults to
0. It 'percascii' is set to 1, the problem is exploitable. This
vulnerability has been fixed upstream in version 1.8.7.

Solution :

Update the affected xchat package.

Risk factor :

High

Family: Mandriva Local Security Checks

Nessus Plugin ID: 13914 (mandrake_MDKSA-2002-006.nasl)

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now