Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Xchat Vulnerability
  • From: adam <adamd@xxxxxxxxxxxxxxxxxxx>
  • Date: Thu, 10 Jan 2002 15:28:40 +1100 (EST)
  • Message-id: <Pine.LNX.4.30.0201101520480.17258-100000@xxxxxxxxxxxxxxxxxxxxxxxx>

Just so everyone knows, the version of xchat provided with SuSE 7.1 has
been tested and is vulnerable to this attack.

======= xchat 1.4.2 and 1.4.3 IRC session hijacking vulnerability ========
It is possible to trick xchat IRC clients (1.4.2, 1.4.3) into sending
commands to the IRC server they are on, potentially allowing for social
engineering attacks, channel takeovers, and denial of service.
Vendor updates for affected versions soon.


Adam Daniel

Technical Consultant
The information contained in this e-mail is confidential and is
intended solely for the addressee. If you received this e-mail by
mistake please notify us immediately and delete all copies of this
message. You must not disclose or use in any way the information in the
e-mail. It is the responsibility of the recipient to virus scan this
e-mail and any attachments included.

< Previous Next >
This Thread
  • No further messages