lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20031214204654.GW6559@mail.lieber.org>
From: klieber at gentoo.org (Kurt Lieber)
Subject: GLSA: Malformed dcc send requests in xchat-2.0.6 lead to a denial of service

---------------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200312-06
---------------------------------------------------------------------------

GLSA:        200312-06
Package:     net-irc/xchat 
Summary:     Malformed dcc send requests in xchat-2.0.6 lead to a denial of
             service
Severity:    medium 
Gentoo bug:  35623
Date:        2003-12-14
CVE:         none 
Exploit:     remote 
Affected:    =2.0.6
Fixed:       >=2.0.6-r1


DESCRIPTION:

There is a remotely exploitable bug in xchat 2.0.6 that could lead to a denial
of service attack.  This is caused by sending a malformed DCC packet to xchat
2.0.6, causing it to crash.  Versions prior to 2.0.6 do not appear to be
affected by this bug.

For more information, please see:

http://mail.nl.linux.org/xchat-announce/2003-12/msg00000.html


SOLUTION:

For Gentoo users, xchat-2.0.6 was marked ~arch (unstable) for most
architectures. Since it was never marked as stable in the portage tree, only
xchat users who have explictly added the unstable keyword to ACCEPT_KEYWORDS
are affected. Users may updated affected machines to the patched version of
xchat using the following commands:

emerge sync
emerge -pv '>=net-irc/xchat-2.0.6-r1'
emerge '>=net-irc/xchat-2.0.6-r1'
emerge clean
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031214/99d94156/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ