Mandrake Linux Security Advisory : xchat (MDKSA-2002:051)
High Nessus Plugin ID 13954
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionIn versions of the xchat IRC client prior to version 1.8.9, xchat does not filter the response from an IRC server when a /dns query is executed. xchat resolves hostnames by passing the configured resolver and hostname to a shell, so an IRC server may return a malicious response formatted so that arbitrary commands are executed with the privilege of the user running xchat.
SolutionUpdate the affected xchat package.