Slackware 8.0
Xchat 1.8.5
When you excute a command using exec -o in xchat, the command is excuted
and the output sent to the current window.
If you excute a command of a lengthy nature, such as 5000 characters : )
Xchat seg faults, this could lead to possible buffer overflow problems,
because the memory address is rewritten.
I used perl -e 'print "A" x 5000' to cause the fault (/exec -o perl -e
'print "A" x 5000') which should produced an EIP of 0x41414141.
(Hex A)
GNU gdb 5.0
Copyright 2000 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-slackware-linux"...
(gdb) r
Starting program: /usr/bin/xchat
[New Thread 1024 (LWP 14486)]
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1024 (LWP 14486)]
0x80993b0 in handle_command (
cmd=0x41414141 <Address 0x41414141 out of bounds>, sess=0x41414141,
history=1094795585, nocommand=1094795585) at outbound.c:3390
3390 outbound.c: No such file or directory.
(gdb)
Im not sure if its exploitable or even a problem but i thought it was
worth a try.
-exar
This archive was generated by hypermail 2b30 : Tue Jan 01 2002 - 19:35:53 PST