But wait, this requires the user to /exec something, I fail to see any way to maliciously exploit this except via sending mystery executable over dcc and getting the user to try it from within xchat... or have I missed something? [I hope not] nick ----- Original Message ----- From: "oPr" <oprat_private> To: "Korhan GURLER" <korhanat_private> Cc: <SirExar@crazy-horse.net>; <vuln-devat_private> Sent: Sunday, January 06, 2002 18:49 Subject: Re: Possible hole in xchat > On Sun, 6 Jan 2002, Korhan GURLER wrote: > > > On Tue, 1 Jan 2002 SirExar@crazy-horse.net wrote: > > > > // Slackware 8.0 > > // > > // Xchat 1.8.5 > > > > Xchat 1.8.6 does seg faults in Slackware 8.0 too. > > > > But Xchat 1.8.6 does segfault on freebsd 4.4 > > > // > > // When you excute a command using exec -o in xchat, the command is excuted > > // and the output sent to the current window. > > // If you excute a command of a lengthy nature, such as 5000 characters : ) > > // Xchat seg faults, this could lead to possible buffer overflow > > // problems, because the memory address is rewritten. I used perl > > > > -- > > > > Endless Loop: n., see Loop, Endless. > > Loop, Endless: n., see Endless Loop. > > -- Random Shack Data Processing Dictionary > > > > -----BEGIN GEEK CODE BLOCK----- > > Version: 3.12 > > GCS d- s:- a- C+++ UL++++ P+ L+++ E--- W- N o-- K- w > > O- M-- V- PS+ PE+ Y+ PGP t 5 X++++ R* tv+ b+++ DI D++ > > G e+ h! r-- y+ > > ------END GEEK CODE BLOCK------ > > > > > > > > ------------------------------------- > [www.bsdaemon.be - The Daemon awakes] > ------------------------------------- >
This archive was generated by hypermail 2b30 : Sun Jan 06 2002 - 16:37:19 PST