Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0006

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0006
Last Modified 05 Sep 2008 04:26:56
Published 25 Jun 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0006

Summary

XChat 1.8.7 and earlier, including default configurations of 1.4.2 and 1.4.3, allows remote attackers to execute arbitrary IRC commands as other clients via encoded characters in a PRIVMSG command that calls CTCP PING, which expands the characters in the client response when the percascii variable is set.

Vulnerable Systems

Application

  • Xchat 1.4.2

  • Xchat 1.4.3


References

DEBIAN - DSA-099

BUGTRAQ - 20020109 xchat IRC session hijacking vulnerability (versions 1.4.1, 1.4.2)

XF - xchat-ctcp-ping-command(7856)

BID - 3830

REDHAT - RHSA-2002:005

HP - HPSBTL0201-016

CONECTIVA - CLA-2002:453


Last Updated: 27 May 2016 10:36:44