 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.51536 |
| Category: | Conectiva Local Security Checks |
| Title: | Conectiva Security Advisory CLA-2002:526 |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing updates announced in advisory CLA-2002:526. XChat is a popular graphical IRC client available in most linux distributions. XChat prior to version 1.8.9 has a vulnerability[1] that may allow a remote attacker to execute arbitrary commands in the IRC client context. The vulnerability resides in the way xchat handles the IRC server response for the /dns command. It passes the response directly to a shell without filtering it. An attacker with administration privileges in the IRC server can insert escaped commands in such a response, which will be executed by the client's shell. Please note that in order to have this vulnerability exploited, the xchat user must be connected to an IRC server where the attacker has administration privileges and must also run the /dns command. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://marc.theaimsgroup.com/?l=bugtraq&m=101725430425490&w=2 http://distro.conectiva.com.br/bugzilla/show_bug.cgi?id=6596 http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:526 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002 Risk factor : High |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |