Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Mandrake Local Security Checks >> MDKSA-2002:006: xchat


Vulnerability Assessment Details

MDKSA-2002:006: xchat

Vulnerability Assessment Summary
Check for the version of the xchat package

Detailed Explanation for this Vulnerability Assessment

The remote host is missing the patch for the advisory MDKSA-2002:006 (xchat).


zen-parse discovered a problem in versions 1.4.2 and 1.4.3 of xchat that could
permit a malicious user to send commands to the IRC server they are on which
would take advantage of the CTCP PING reply handler in xchat. This could be used
for denial of service, channel takeovers, and other similar attacks. The problem
exists in 1.6 and 1.8 versions, however it is controlled by the 'percascii'
variable which defaults to 0. It 'percascii' is set to 1, the problem is
exploitable. This vulnerability has been fixed upstream in version 1.8.7.


Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2002:006
Network Security Threat Level: High

Networks Security ID:

Vulnerability Assessment Copyright: This script is Copyright (C) 2004 Tenable Network Security

Cables, Connectors

Lenovo - 330-17IKB 17.3" Laptop w/ MS Office and QuickBooks
$450.0
Lenovo - 330-17IKB 17.3Lenovo T61 C2D T7300 @ 2.0 GHz 1GB NO HDD/NO CHARGER 7661-12U
$39.0
Lenovo T61 C2D T7300 @ 2.0 GHz 1GB NO HDD/NO CHARGER 7661-12U pictureLenovo IdeaPad 710s Plus 13.3" Touch i7-7500U 8GB 256GB SSD FHD IPS BT FPR WTY
$769.99
Lenovo IdeaPad 710s Plus 13.3Lenovo ideacentre AIO 700-27ISH
$750.0
Lenovo ideacentre AIO 700-27ISH picture


Discussions

No Discussions have been posted on this vulnerability.