Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: GLSA: Malformed dcc send requests in xchat-2.0.6 lead to a denial of service

GLSA: Malformed dcc send requests in xchat-2.0.6 lead to a denial of service

From: Kurt Lieber <klieber_at_gentoo.org>
Date: Sun, 14 Dec 2003 15:46:10 -0500

---------------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200312-06
---------------------------------------------------------------------------

GLSA: 200312-06
Package: net-irc/xchat
Summary: Malformed dcc send requests in xchat-2.0.6 lead to a denial of
             service
Severity: medium
Gentoo bug: 35623
Date: 2003-12-14
CVE: none
Exploit: remote
Affected: =2.0.6
Fixed: >=2.0.6-r1

DESCRIPTION:

There is a remotely exploitable bug in xchat 2.0.6 that could lead to a denial
of service attack. This is caused by sending a malformed DCC packet to xchat
2.0.6, causing it to crash. Versions prior to 2.0.6 do not appear to be
affected by this bug.

For more information, please see:

http://mail.nl.linux.org/xchat-announce/2003-12/msg00000.html

SOLUTION:

For Gentoo users, xchat-2.0.6 was marked ~arch (unstable) for most
architectures. Since it was never marked as stable in the portage tree, only
xchat users who have explictly added the unstable keyword to ACCEPT_KEYWORDS
are affected. Users may updated affected machines to the patched version of
xchat using the following commands:

emerge sync
emerge -pv '>=net-irc/xchat-2.0.6-r1'
emerge '>=net-irc/xchat-2.0.6-r1'
emerge clean

  • application/pgp-signature attachment: stored
Received on Dec 15 2003
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]