发布时间 :2002-06-25 00:00:00
修订时间 :2016-10-17 22:15:28

[原文]XChat 1.8.7 and earlier, including default configurations of 1.4.2 and 1.4.3, allows remote attackers to execute arbitrary IRC commands as other clients via encoded characters in a PRIVMSG command that calls CTCP PING, which expands the characters in the client response when the percascii variable is set.

[CNNVD]X-Chat CTCP Ping任意远程IRC命令执行漏洞(CNNVD-200206-079)

        含1.4.2版本和1.4.3版本默认配置的XChat 1.8.7版本及更早版本存在漏洞。远程攻击者可以像其他客户端借助调用CTCP PING的PRIVMSG命令中的编码字符执行任意IRC命令,该漏洞在设置percascii变量时扩展客户端响应中的字符。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:xchat:xchat:1.4.2XChat XChat 1.4.2
cpe:/a:xchat:xchat:1.4.3XChat XChat 1.4.3

- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  20020109 xchat IRC session hijacking vulnerability (versions 1.4.1, 1.4.2)
(UNKNOWN)  BID  3830
(UNKNOWN)  XF  xchat-ctcp-ping-command(7856)

- 漏洞信息

X-Chat CTCP Ping任意远程IRC命令执行漏洞
高危 输入验证
2002-06-25 00:00:00 2005-05-02 00:00:00
        含1.4.2版本和1.4.3版本默认配置的XChat 1.8.7版本及更早版本存在漏洞。远程攻击者可以像其他客户端借助调用CTCP PING的PRIVMSG命令中的编码字符执行任意IRC命令,该漏洞在设置percascii变量时扩展客户端响应中的字符。

- 公告与补丁

        Updated versions of X-Chat are available.
        X-Chat X-Chat 1.4
        X-Chat X-Chat 1.4.1
        X-Chat X-Chat 1.4.2
        X-Chat X-Chat 1.4.3
        X-Chat X-Chat 1.6.3
        X-Chat X-Chat 1.6.4
        X-Chat X-Chat 1.7.7
        X-Chat X-Chat 1.8
        X-Chat X-Chat 1.8.1
        X-Chat X-Chat 1.8.2
        X-Chat X-Chat 1.8.6

- 漏洞信息 (21210)

X-Chat 1.x CTCP Ping Arbitrary Remote IRC Command Execution Vulnerability (EDBID:21210)
linux remote
2002-01-09 Verified
0 Marcus Meissner
N/A [点击下载]

X-Chat is a graphical client for IRC. It requires the GTK+ toolkit, and is available for many Linux and Unix operating systems.

If a CTCP ping request includes escaped newline characters and additional IRC commands, these commands may be executed by the vulnerable client. It is possible to gain operator status in channels owned by the vulnerable user, or to use their identity to initiate social engineering attacks.

Although this vulnerability exists in recent versions of X-Chat, the option to expand characters has been disabled by default since version 1.4.3. 

cat 21210.exploit - | netcat server 6667		

- 漏洞信息

XChat PRIVMSG Encoded Characters Arbitrary Command Execution
Remote / Network Access Input Manipulation
Loss of Integrity Upgrade
Exploit Public Vendor Verified, Third-party Verified

- 漏洞描述

- 时间线

2002-01-09 Unknow
2002-01-09 Unknow

- 解决方案

Upgrade to version 1.8.6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete