XChat SOCKS5 远程缓冲区溢出漏洞

漏洞信息详情

XChat SOCKS5 远程缓冲区溢出漏洞

• CNNVD编号：CNNVD-200406-024
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2004-0409
  
• 漏洞类型：
  
  
  边界条件错误
  
• 发布时间：
  
  2004-04-05
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  xchat
• 漏洞来源：
  XChat

X-chat是一款免费开放源代码的IRC客户端，可运行在Unix、Linux和Microsoft Windows平台下。
X-chat中SOCKS 5代理实现存在问题，远程攻击者可以利用这个漏洞利用恶意代理服务器，诱使X-chat用户穿梭，而触发缓冲区溢出。
目前没有详细漏洞细节提供。

厂商补丁：
Debian
——

http://www.debian.org/security/2004/dsa-493
MandrakeSoft
————
MandrakeSoft已经为此发布了一个安全公告(MDKSA-2004:036)以及相应补丁:

MDKSA-2004:036：Updated xchat packages fix remote vulnerability

链接：http://www.linux-mandrake.com/en/security/2004/2004-036.php” target=”_blank”>
http://www.linux-mandrake.com/en/security/2004/2004-036.php

补丁下载：

Updated Packages:

Mandrakelinux 10.0:

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/xchat-2.0.7-6.1.100mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/xchat-perl-2.0.7-6.1.100mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/xchat-python-2.0.7-6.1.100mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/xchat-tcl-2.0.7-6.1.100mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/SRPMS/xchat-2.0.7-6.1.100mdk.src.rpm

Mandrakelinux 9.2:

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/xchat-2.0.4-7.1.92mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/xchat-perl-2.0.4-7.1.92mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/xchat-python-2.0.4-7.1.92mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/xchat-tcl-2.0.4-7.1.92mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/SRPMS/xchat-2.0.4-7.1.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/xchat-2.0.4-7.1.92mdk.amd64.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/xchat-perl-2.0.4-7.1.92mdk.amd64.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/xchat-python-2.0.4-7.1.92mdk.amd64.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/xchat-tcl-2.0.4-7.1.92mdk.amd64.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/SRPMS/xchat-2.0.4-7.1.92mdk.src.rpm

_______________________________________________________________________

上述升级软件还可以在下列地址中的任意一个镜像ftp服务器上下载：

http://www.mandrakesecure.net/en/ftp.php” target=”_blank”>
http://www.mandrakesecure.net/en/ftp.php
X-Chat
——
目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：

XChat Patch xc208-fixsocks5.diff

http://www.xchat.org/files/source/2.0/patches/xc208-fixsocks5.diff” target=”_blank”>
http://www.xchat.org/files/source/2.0/patches/xc208-fixsocks5.diff

来源: www.xchat.org
链接:http://www.xchat.org/

来源: REDHAT
名称: RHSA-2004:177
链接:http://www.redhat.com/support/errata/RHSA-2004-177.html

来源: DEBIAN
名称: DSA-493
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=108258002427226&w=2

来源: MLIST
名称: [xchat-announce] 20040405 xchat 2.0.x Socks5 Vulnerability
链接:http://mail.nl.linux.org/xchat-announce/2004-04/msg00000.html

来源: REDHAT
名称: RHSA-2004:585
链接:http://www.redhat.com/support/errata/RHSA-2004-585.html

来源: GENTOO
名称: GLSA-200404-15
链接:http://security.gentoo.org/glsa/glsa-200404-15.xml

来源: OVAL
名称: oval:org.mitre.oval:def:11312
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11312

来源: FEDORA
名称: FLSA:123013
链接:http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_123013