安全研究
安全漏洞
XChat SOCKS5 远程缓冲区溢出漏洞
发布日期:2004-04-05
更新日期:2004-04-28
受影响系统:
X-Chat X-Chat 2.0.8不受影响系统:
X-Chat X-Chat 2.0.7
X-Chat X-Chat 2.0.6
X-Chat X-Chat 2.0.5
X-Chat X-Chat 2.0.1
X-Chat X-Chat 1.8.8
X-Chat X-Chat 1.8.7
X-Chat X-Chat 1.8.6
X-Chat X-Chat 1.8.2
X-Chat X-Chat 1.8.1
X-Chat X-Chat 1.8
X-Chat X-Chat 1.8.9
- Debian Linux 3.0
- Mandrake Linux 9.0
- Mandrake Linux 8.2
- RedHat Linux 7.3
- RedHat Linux 7.2
- RedHat Linux 7.1
- RedHat Linux 7.0
- RedHat Linux 6.2
X-Chat X-Chat 2.0.8-r1描述:
BUGTRAQ ID: 10168
CVE(CAN) ID: CVE-2004-0409
X-chat是一款免费开放源代码的IRC客户端,可运行在Unix、Linux和Microsoft Windows平台下。
X-chat中SOCKS 5代理实现存在问题,远程攻击者可以利用这个漏洞利用恶意代理服务器,诱使X-chat用户穿梭,而触发缓冲区溢出。
目前没有详细漏洞细节提供。
<*来源:XChat
链接:http://www.debian.org/security/2004/dsa-493
http://www.linux-mandrake.com/en/security/2004/2004-036.php
*>
建议:
厂商补丁:
Debian
------
http://www.debian.org/security/2004/dsa-493
MandrakeSoft
------------
MandrakeSoft已经为此发布了一个安全公告(MDKSA-2004:036)以及相应补丁:
MDKSA-2004:036:Updated xchat packages fix remote vulnerability
链接:http://www.linux-mandrake.com/en/security/2004/2004-036.php
补丁下载:
Updated Packages:
Mandrakelinux 10.0:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/xchat-2.0.7-6.1.100mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/xchat-perl-2.0.7-6.1.100mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/xchat-python-2.0.7-6.1.100mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/xchat-tcl-2.0.7-6.1.100mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/SRPMS/xchat-2.0.7-6.1.100mdk.src.rpm
Mandrakelinux 9.2:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/xchat-2.0.4-7.1.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/xchat-perl-2.0.4-7.1.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/xchat-python-2.0.4-7.1.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/xchat-tcl-2.0.4-7.1.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/SRPMS/xchat-2.0.4-7.1.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/xchat-2.0.4-7.1.92mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/xchat-perl-2.0.4-7.1.92mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/xchat-python-2.0.4-7.1.92mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/xchat-tcl-2.0.4-7.1.92mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/SRPMS/xchat-2.0.4-7.1.92mdk.src.rpm
_______________________________________________________________________
上述升级软件还可以在下列地址中的任意一个镜像ftp服务器上下载:
http://www.mandrakesecure.net/en/ftp.php
X-Chat
------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
XChat Patch xc208-fixsocks5.diff
http://www.xchat.org/files/source/2.0/patches/xc208-fixsocks5.diff
浏览次数:3613
严重程度:0(网友投票)
绿盟科技给您安全的保障