|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: XChat URL Handler bug affects v1.3.9 up
From: chrome (chrome
ELLTEL.NET)Date: Sun Aug 20 2000 - 21:10:43 CDT
- Next message: Guido Bakker: "Darxite daemon remote exploit/DoS problem"
- Previous message: Alan DeKok: "Re: swc / ActivCard"
- In reply to: zenith parsec: "XChat URL Handler bug affects v1.3.9 up"
- Reply: chrome: "Re: XChat URL Handler bug affects v1.3.9 up"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Verfified bug exists on [x]chat 1.5.5.
Later,
c.t.
| chromium tensility ; chromeelltel.net ; another linux guru in training |
| kthulhu & co. went to yuggoth, and all i got was this lousy sig ; fn0rd |
On Fri, 18 Aug 2000, zenith parsec wrote:
>in my previous post i mentioned that all versions of XChat < 1.4.2 were
>potentially vulnerable to commands embedded in URLs by backticking.
>after some more research and looking at stuff on the net,
>(http://www.xchat.org/changelog.txt)
>it seems that this bug will only affect XChat versions
>1.3.9 and above, up to and including 1.4.2 (the devel
>series may also be vulnerable, as there is no mention on the changelog page
>of this bug.) (release 1.3.9 was the first to have editable URL handlers,
>which seem to be the cause.)
>
>(version 1.2.1 of xchat does not appear to be vulnerable.)
- Next message: Guido Bakker: "Darxite daemon remote exploit/DoS problem"
- Previous message: Alan DeKok: "Re: swc / ActivCard"
- In reply to: zenith parsec: "XChat URL Handler bug affects v1.3.9 up"
- Reply: chrome: "Re: XChat URL Handler bug affects v1.3.9 up"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]