Security
SHARE
Facebook X Pinterest WhatsApp

Helix Code Security Advisory – X-Chat

Written By
thumbnail
Web Webster
Web Webster
Aug 30, 2000

Date: Tue, 29 Aug 2000 18:14:12 -0400
From: “Helix Code, Inc.” security@helixcode.com
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Helix Code Security Advisory – X-Chat

HELIX CODE, INC.                                SECURITY ADVISORY
security@helixcode.com                              Issue Date: 29 Aug 2000

PACKAGES AFFECTED:
X-Chat 1.4.2 and previous for all supported distributions.

SYNOPSIS:
A vulnerability in the X-Chat IRC client allows a malicious URL to
possibly execute arbitrary shell commands as the user running
X-Chat.

DESCRIPTION:
X-Chat has a feature that allows a user to right-click on a URL in
an IRC window and open it in a browser. X-Chat passes the URL to
/bin/sh when executing the browser command. A malicious URL could
be created to run arbitrary commands or scripts on the system if a
user opens the URL.

SOLUTION:
A new version of X-Chat has been released by the maintainers which
eliminates this vulnerability.

AVAILABILITY:
An essential update is available immediately from Helix Code, Inc.
via the Helix GNOME Updater and from the following URLs:

For Caldera OpenLinux eDesktop 2.4 systems:

http://spidermonkey.helixcode.com/distributions/Caldera-2.4/xchat-1.4.3-0_helix_1.i386.rpm

For Debian GNU/Linux potato (2.2) and woody systems:

http://spidermonkey.helixcode.com/distributions/Debian/dists/woody/main/binary-i386/xchat_1.4.3-helix1_i386.deb


http://spidermonkey.helixcode.com/distributions/Debian/dists/woody/main/binary-i386/xchat-common_1.4.3-helix1_all.deb


http://spidermonkey.helixcode.com/distributions/Debian/dists/woody/main/binary-i386/xchat-text_1.4.3-helix1_i386.deb


http://spidermonkey.helixcode.com/distributions/Debian/dists/woody/main/binary-i386/xchat-gnome_1.4.3-helix1_i386.deb

For LinuxPPC systems:

http://spidermonkey.helixcode.com/distributions/LinuxPPC/xchat-1.4.3-0_helix_1.ppc.rpm

For Linux Mandrake systems:

http://spidermonkey.helixcode.com/distributions/Mandrake/xchat-1.4.3-0mdk_helix_1.i586.rpm

For Red Hat Linux systems:

http://spidermonkey.helixcode.com/distributions/RedHat-6/xchat-1.4.3-0_helix_1.i386.rpm

For Solaris running on UltraSparc systems:

http://spidermonkey.helixcode.com/distributions/Solaris/xchat-1.4.3-0_helix_1.sparc64.rpm

For SuSE 6.3 systems:

http://spidermonkey.helixcode.com/distributions/SuSE/xchat-1.4.3-0_helix_1.i386.rpm

For SuSE 6.4 systems:

http://spidermonkey.helixcode.com/distributions/SuSE-6.4/xchat-1.4.3-0_helix_1.i386.rpm

For TurboLinux systems:

http://spidermonkey.helixcode.com/distributions/TurboLinux-6/xchat-1.4.3-0_helix_1.i386.rpm

VERIFICATION:
2261b9fec19b27e6dbabae406bc0fd54 Caldera-2.4/xchat-1.4.3-0_helix_1.i386.rpm
fef17cd9dcf8e92b908be61f8fff4510 Debian/dists/woody/main/binary-i386/xchat_1.4.3-helix1_i386.deb
9763bb303a2c3eb08206b44dc646dea5 Debian/dists/woody/main/binary-i386/xchat-common_1.4.3-helix1_all.deb
fbda48026bea635ca093d931aec50a8d Debian/dists/woody/main/binary-i386/xchat-text_1.4.3-helix1_i386.deb
0fbf8726ba981de77c2dd71fb728a6d4 Debian/dists/woody/main/binary-i386/xchat-gnome_1.4.3-helix1_i386.deb
80eb40b6c7c31eb6381b320fff294527 LinuxPPC/xchat-1.4.3-0_helix_1.ppc.rpm
5eecb8d78c314c7c5124ec61413fdca3 Mandrake-7/xchat-1.4.3-0mdk_helix_1.i586.rpm
ef0294dcc2188682e4936a4d9f73208c RedHat-6/xchat-1.4.3-0_helix_1.i386.rpm
2dcb655a39854da46e0a4281c6112dbe Solaris/xchat-1.4.3-0_helix_1.sparc64.rpm
51273503d8b85a916ed757cc05d5c1c7 SuSE/xchat-1.4.3-0_helix_1.i386.rpm
a1c52390e0bb5b921099edb60ba86f82 SuSE-6.4/xchat-1.4.3-0_helix_1.i386.rpm
0915ca28a9fe0ba09b3636de9e28c74d TurboLinux-6/xchat-1.4.3-0_helix_1.i386.rpm

Copyright (c) 2000 Helix Code, Inc.

thumbnail
Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Recommended for you...

Blog
A Thorough Approach to Improve the Privacy and Security of Your Linux PC
Damien
Oct 24, 2024
Blog
Several Russian Maintainers Removed From Linux Kernel Due To Compliance Concerns
Senthil Kumar
Oct 23, 2024
Blog
OpenSSH Splits Again: New Authentication Binary Unveiled
Bobby Borisov
Oct 16, 2024
Blog
13 Best Free and Open Source Anti-Malware Tools
webmaster
Oct 14, 2024
Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

facebook
linkedin
x

Company

Contact us

Categories

News IT Management Infrastructure Developer Security High Performance Storage Blog

Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information