Linux Today: Linux News On Internet Time.

More on LinuxToday

Helix Code Security Advisory - X-Chat

Aug 30, 2000, 19:28 (0 Talkback[s])

Date: Tue, 29 Aug 2000 18:14:12 -0400
From: "Helix Code, Inc."
Subject: Helix Code Security Advisory - X-Chat

HELIX CODE, INC.                                SECURITY ADVISORY                              Issue Date: 29 Aug 2000
X-Chat 1.4.2 and previous for all supported distributions.

A vulnerability in the X-Chat IRC client allows a malicious URL to possibly execute arbitrary shell commands as the user running X-Chat.

X-Chat has a feature that allows a user to right-click on a URL in an IRC window and open it in a browser. X-Chat passes the URL to /bin/sh when executing the browser command. A malicious URL could be created to run arbitrary commands or scripts on the system if a user opens the URL.

A new version of X-Chat has been released by the maintainers which eliminates this vulnerability.

An essential update is available immediately from Helix Code, Inc. via the Helix GNOME Updater and from the following URLs:

For Caldera OpenLinux eDesktop 2.4 systems:

For Debian GNU/Linux potato (2.2) and woody systems:

For LinuxPPC systems:

For Linux Mandrake systems:

For Red Hat Linux systems:

For Solaris running on UltraSparc systems:

For SuSE 6.3 systems:

For SuSE 6.4 systems:

For TurboLinux systems:

2261b9fec19b27e6dbabae406bc0fd54 Caldera-2.4/xchat-1.4.3-0_helix_1.i386.rpm
fef17cd9dcf8e92b908be61f8fff4510 Debian/dists/woody/main/binary-i386/xchat_1.4.3-helix1_i386.deb
9763bb303a2c3eb08206b44dc646dea5 Debian/dists/woody/main/binary-i386/xchat-common_1.4.3-helix1_all.deb
fbda48026bea635ca093d931aec50a8d Debian/dists/woody/main/binary-i386/xchat-text_1.4.3-helix1_i386.deb
0fbf8726ba981de77c2dd71fb728a6d4 Debian/dists/woody/main/binary-i386/xchat-gnome_1.4.3-helix1_i386.deb
80eb40b6c7c31eb6381b320fff294527 LinuxPPC/xchat-1.4.3-0_helix_1.ppc.rpm
5eecb8d78c314c7c5124ec61413fdca3 Mandrake-7/xchat-1.4.3-0mdk_helix_1.i586.rpm
ef0294dcc2188682e4936a4d9f73208c RedHat-6/xchat-1.4.3-0_helix_1.i386.rpm
2dcb655a39854da46e0a4281c6112dbe Solaris/xchat-1.4.3-0_helix_1.sparc64.rpm
51273503d8b85a916ed757cc05d5c1c7 SuSE/xchat-1.4.3-0_helix_1.i386.rpm
a1c52390e0bb5b921099edb60ba86f82 SuSE-6.4/xchat-1.4.3-0_helix_1.i386.rpm
0915ca28a9fe0ba09b3636de9e28c74d TurboLinux-6/xchat-1.4.3-0_helix_1.i386.rpm
Copyright (c) 2000 Helix Code, Inc.