|
|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200404-15] XChat 2.0.x SOCKS5 Vulnerability Vulnerability Scan
Vulnerability Scan Summary
XChat 2.0.x SOCKS5 Vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200404-15
(XChat 2.0.x SOCKS5 Vulnerability)
The SOCKS 5 proxy code in XChat is vulnerable to a remote exploit. Users
would have to be using XChat through a SOCKS 5 server, enable SOCKS 5
traversal which is disabled by default and also connect to a possible hacker's
custom proxy server.
Impact
This vulnerability may allow a possible hacker to run arbitrary code within the
context of the user ID of the XChat client.
Workaround
A workaround is not currently known for this issue. All users are advised
to upgrade to the latest version of the affected package.
References:
http://mail.nl.linux.org/xchat-announce/2004-04/msg00000.html
Solution:
All XChat users should upgrade to the latest stable version:
# emerge sync
# emerge -pv ">=net-irc/xchat-2.0.8-r1"
# emerge ">=net-irc/xchat-2.0.8-r1"
Note that users of the gtk1 version of xchat (1.8.*) should upgrade to
xchat-1.8.11-r1:
# emerge sync
# emerge -pv "=net-irc/xchat-1.8.11-r1"
# emerge "=net-irc/xchat-1.8.11-r1"
Threat Level: Low
Click HERE for more information and discussions on this network vulnerability scan.
|
