Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2002:051: xchat Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the xchat package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2002:051 (xchat).
In versions of the xchat IRC client prior to version 1.8.9, xchat does not
filter the response from an IRC server when a /dns query is executed. xchat
resolves hostnames by passing the configured resolver and hostname to a shell,
so an IRC server may return a malicious response formatted so that arbitrary
commands are executed with the privilege of the user running xchat.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2002:051
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.