From klieber@gentoo.org Mon Dec 15 15:49:46 2003 From: Kurt Lieber To: bugtraq@securityfocus.com Date: Sun, 14 Dec 2003 15:46:10 -0500 Subject: GLSA: Malformed dcc send requests in xchat-2.0.6 lead to a denial of service --------------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200312-06 --------------------------------------------------------------------------- GLSA: 200312-06 Package: net-irc/xchat Summary: Malformed dcc send requests in xchat-2.0.6 lead to a denial of service Severity: medium Gentoo bug: 35623 Date: 2003-12-14 CVE: none Exploit: remote Affected: =2.0.6 Fixed: >=2.0.6-r1 DESCRIPTION: There is a remotely exploitable bug in xchat 2.0.6 that could lead to a denial of service attack. This is caused by sending a malformed DCC packet to xchat 2.0.6, causing it to crash. Versions prior to 2.0.6 do not appear to be affected by this bug. For more information, please see: http://mail.nl.linux.org/xchat-announce/2003-12/msg00000.html SOLUTION: For Gentoo users, xchat-2.0.6 was marked ~arch (unstable) for most architectures. Since it was never marked as stable in the portage tree, only xchat users who have explictly added the unstable keyword to ACCEPT_KEYWORDS are affected. Users may updated affected machines to the patched version of xchat using the following commands: emerge sync emerge -pv '>=net-irc/xchat-2.0.6-r1' emerge '>=net-irc/xchat-2.0.6-r1' emerge clean [ Part 2, Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ]