Mandrake Linux Security Advisory : xchat (MDKSA-2000:039-1)

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing a security update.

Description :

XChat 1.3.9 and later allow users to right-click on a URL appearing in
an IRC discussion and select the 'Open in Browser' option. To open the
URL in a browser, XChat passes the command to /bin/sh. This allows a
malicious URL the ability to execute arbitrary shell commands as the
user that is running XChat. This update changes the functionality of
XChat to bypass the shell and execute the browser directly. Thanks go
to Red Hat for providing the patch.

Update :

XChat 1.2.1 is vulnerable as well, so an update for 7.0 is now
available.

Solution :

Update the affected xchat package.

Risk factor :

High

Family: Mandriva Local Security Checks

Nessus Plugin ID: 61832 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now