-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 099-1                     security@debian.org 
Debian -- Security Information                              Martin Schulze
January 12th, 2002  
- --------------------------------------------------------------------------

Package        : XChat
Vulnerability  : IRC session hijacking
Problem-Type   : remote vulnerability
Debian-specific: no

zen-parse found a vulnerability in the XChat IRC client that allows an
attacker to take over the users IRC session.

It is possible to trick XChat IRC clients into sending arbitrary
commands to the IRC server they are on, potentially allowing social
engineering attacks, channel takeovers, and denial of service.  This
problem exists in versions 1.4.2 and 1.4.3.  Later versions of XChat
are vulnerable as well, but this behaviour is controlled by the
configuration variable »percascii«, which defaults to 0.  If it is set
to 1 then the problem becomes apparent in 1.6/1.8 a swell.

This problem has been fixed in upstream version 1.8.7 and in version
1.4.3-1 for the current stable Debian release (2.2) with a patch
provided from the upstream author Peter Zelezny.  We recommend that
you upgrade your XChat packages immediately, since this problem is
already actively being exploited.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 2.2 alias potato
- ------------------------------------

  Source archives:

      
      MD5 checksum: 2c7c49888490bb3725b693c804ee28a1
      
      MD5 checksum: 903b5af62d1eed07c49792fcc418504e
      
      MD5 checksum: 4ed068ca2c0b85a46d9f81bcea84c562

  Architecture independent components:

     
 
      MD5 checksum: c51aa0e90c1c22f5b7c61bb32eb5d321

  Alpha architecture:

     
 
      MD5 checksum: 8a2f53441f99204f9569a78aa026c898
     
 
      MD5 checksum: 9b2e6bc648364e6567ed69778969c4f3
      
      MD5 checksum: e64f8c53b2e54b561df23c4926f75077

  ARM architecture:

      
      MD5 checksum: 8da559c3d75c5ea877a74683c760f90e
      
      MD5 checksum: 858a1f72d2f139f3bc851e408a5b9333
      
      MD5 checksum: d974a4ba26e8002a2e75d53d14c58eea

  Intel ia32 architecture:

     
 
      MD5 checksum: 2eb90d6a77af6c2475a976d282d76377
     
 
      MD5 checksum: 9701ca60219d4ac8981293763474f14c
      
      MD5 checksum: 1a45ebe67bd4b495cbbd9b9e1517239e

  Motorola 680x0 architecture:

      
      MD5 checksum: a9e8384085d77b48c69ff723abdc6a29
     
 
      MD5 checksum: a456d58e8525bd5448da59889c965a97
     
 
      MD5 checksum: cc1c74b5652fa87cb5d38ac7eadde8f4

  PowerPC architecture:

     
 
      MD5 checksum: 4171d6a1318e439d206e9417828147a8
     
 
      MD5 checksum: 31038ff5e73cfc63fbdde833e558a76f
     
 
      MD5 checksum: 82d55e1f358f3f12aef5b9d6e60cff87

  Sun Sparc architecture:

     
 
      MD5 checksum: 21abbe3265af73e9e9cedc4128346d83
     
 
      MD5 checksum: bac9c9c55443febdf27627294648fc46
      
      MD5 checksum: 8d8abf1ac399c400920725d2f0651450


  These files will probably be moved into the stable distribution on
  its next revision.

- ---------------------------------------------------------------------------------
For apt-get: deb  debian stable/updates main
For dpkg-ftp:    dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and  http://packages.debian.org/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see  The GNU Privacy Guard

iD8DBQE8QCISW5ql+IAeqTIRAolsAJ9aC0/AGffm08yRDd/BLZJqyo3d4QCggZ5p
W+BYOJJGoMAVXqb+hFiIABM=W7XN
-----END PGP SIGNATURE-----

Debian: 'XChat' Remote session hijacking vulnerability

January 13, 2002
It is possible to trick XChat IRC clients into sending arbitrarycommands to the IRC server they are on, potentially allowing socialengineering attacks, channel takeovers, and denia...

Summary

Debian Security Advisory DSA 099-1 security@debian.org
Debian -- Security Information Martin Schulze
January 12th, 2002

Package : XChat
Vulnerability : IRC session hijacking
Problem-Type : remote vulnerability
Debian-specific: no

zen-parse found a vulnerability in the XChat IRC client that allows an
attacker to take over the users IRC session.

It is possible to trick XChat IRC clients into sending arbitrary
commands to the IRC server they are on, potentially allowing social
engineering attacks, channel takeovers, and denial of service. This
problem exists in versions 1.4.2 and 1.4.3. Later versions of XChat
are vulnerable as well, but this behaviour is controlled by the
configuration variable »percascii«, which defaults to 0. If it is set
to 1 then the problem becomes apparent in 1.6/1.8 a swell.

This problem has been fixed in upstream version 1.8.7 and in version
1.4.3-1 for the current stable Debian release (2.2) with a patch
provided from the upstream author Peter Zelezny. We recommend that
you upgrade your XChat packages immediately, since this problem is
already actively being exploited.

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 2.2 alias potato

Source archives:


MD5 checksum: 2c7c49888490bb3725b693c804ee28a1

MD5 checksum: 903b5af62d1eed07c49792fcc418504e

MD5 checksum: 4ed068ca2c0b85a46d9f81bcea84c562

Architecture independent components:



MD5 checksum: c51aa0e90c1c22f5b7c61bb32eb5d321

Alpha architecture:



MD5 checksum: 8a2f53441f99204f9569a78aa026c898


MD5 checksum: 9b2e6bc648364e6567ed69778969c4f3

MD5 checksum: e64f8c53b2e54b561df23c4926f75077

ARM architecture:


MD5 checksum: 8da559c3d75c5ea877a74683c760f90e

MD5 checksum: 858a1f72d2f139f3bc851e408a5b9333

MD5 checksum: d974a4ba26e8002a2e75d53d14c58eea

Intel ia32 architecture:



MD5 checksum: 2eb90d6a77af6c2475a976d282d76377


MD5 checksum: 9701ca60219d4ac8981293763474f14c

MD5 checksum: 1a45ebe67bd4b495cbbd9b9e1517239e

Motorola 680x0 architecture:


MD5 checksum: a9e8384085d77b48c69ff723abdc6a29


MD5 checksum: a456d58e8525bd5448da59889c965a97


MD5 checksum: cc1c74b5652fa87cb5d38ac7eadde8f4

PowerPC architecture:



MD5 checksum: 4171d6a1318e439d206e9417828147a8


MD5 checksum: 31038ff5e73cfc63fbdde833e558a76f


MD5 checksum: 82d55e1f358f3f12aef5b9d6e60cff87

Sun Sparc architecture:



MD5 checksum: 21abbe3265af73e9e9cedc4128346d83


MD5 checksum: bac9c9c55443febdf27627294648fc46

MD5 checksum: 8d8abf1ac399c400920725d2f0651450


These files will probably be moved into the stable distribution on
its next revision.

For apt-get: deb debian stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see The GNU Privacy Guard

iD8DBQE8QCISW5ql+IAeqTIRAolsAJ9aC0/AGffm08yRDd/BLZJqyo3d4QCggZ5p
W+BYOJJGoMAVXqb+hFiIABM=W7XN
-----END PGP SIGNATURE-----






Severity
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved