This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.
The remote Mandrake Linux host is missing a security update.
XChat 1.3.9 and later allow users to right-click on a URL appearing in
an IRC discussion and select the 'Open in Browser' option. To open the
URL in a browser, XChat passes the command to /bin/sh. This allows a
malicious URL the ability to execute arbitrary shell commands as the
user that is running XChat. This update changes the functionality of
XChat to bypass the shell and execute the browser directly. Thanks go
to Red Hat for providing the patch.
XChat 1.2.1 is vulnerable as well, so an update for 7.0 is now
Update the affected xchat package.
Risk factor :
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now