XChat Socks-5 Proxy Buffer Overflow Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID: 1009865|
SecurityTracker URL: http://securitytracker.com/id/1009865
(Links to External Site)
Updated: Apr 21 2004|
Original Entry Date: Apr 19 2004
Execution of arbitrary code via network, User access via network|
Fix Available: Yes Vendor Confirmed: Yes |
Version(s): 1.8.0 to 2.0.8|
A stack overflow vulnerability was reported in XChat in the Socks-5 proxy code. A remote user can execute arbitrary code on the target system in certain cases.|
The vendor reported that if socks5 traversal is enabled (not the default configuration), then a remote user with a malicious proxy server can trigger the overflow when the target user connects to the malicious proxy server. Arbitrary code can be executed on the target user's system with the privileges of the user running the xchat process.
The vendor credits tsifra with discovering this bug.
A remote user can cause arbitrary code to be executed on a target user's system when the target user connects to a malicious proxy server.|
The vendor has released a source code patch, available at:|
The vendor also reports that the Fedora RPMs at http://www.xchat.org have been rebuilt with this patch applied.
Vendor URL: xchat.org/ (Links to External Site)
Linux (Any), UNIX (Any)|
This archive entry has one or more follow-up message(s) listed below.|
Source Message Contents
Date: Mon, 5 Apr 2004 17:13:05 +1000|
Subject: xchat 2.0.x Socks5 Vulnerability
Hi XChat users,
XChat's Socks-5 proxy code is vulnerable to a remote exploit. To
successfully exploit the code, you would need to enable socks5
traversal (default off) and connect to the attacker's own custom
If you never intend to use a Socks5 proxy, you are not affected at
all by this issue.
Type of exploit:
Stack overflow caused by inadequate input validation. The
attacker could take control of the User that ran the xchat
From 1.8.0 to 2.0.8.
Don't use socks 5 proxies.
Source code patch is available at:
The Fedora RPMs at www.xchat.org have been rebuilt with this
Original source of code:
Credit goes to tsifra for finding this bug.
XChat-announce: Xchat announcement list