xfocus logo xfocus title
首页 焦点原创 安全文摘 安全工具 安全漏洞 焦点项目 焦点论坛 关于我们
English Version
 最近严重漏洞 
Microsoft RPC接口远程任意代码可执行漏洞
Cisco IOS接口不正确处理IPV4包远程拒绝服务漏洞
Microsoft Windows CreateFile API命名管道权限提升漏洞

X-Chat通过URL来命令可执行漏洞


发布时间:2000-04-16
更新时间:2000-04-16
严重程度:
威胁程度:普通用户访问权限
错误类型:输入验证错误
利用方式:服务器模式

受影响系统
X-Chat X-Chat 1.5.x dev
- Sun Solaris 8.0
- Sun Solaris 7.0
- Sun Solaris 2.6
- Slackware Linux 7.1
- SGI IRIX 6.5
- SGI IRIX 6.4
- S.u.S.E. Linux 7.0
- S.u.S.E. Linux 6.4
- S.u.S.E. Linux 6.3
- RedHat Linux 6.2E i386
- RedHat Linux 6.2 i386
- RedHat Linux 6.1 i386
- RedHat Linux 6.0 i386
- OpenBSD OpenBSD 2.7
- OpenBSD OpenBSD 2.6
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- MandrakeSoft Linux Mandrake 7.1
- MandrakeSoft Linux Mandrake 7.0
- HP HP-UX 11.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- Debian Linux 2.2
- Debian Linux 2.1
X-Chat X-Chat 1.4.2
- Sun Solaris 8.0
- Sun Solaris 7.0
- Sun Solaris 2.6
- Slackware Linux 7.1
- SGI IRIX 6.5
- SGI IRIX 6.4
- S.u.S.E. Linux 7.0
- S.u.S.E. Linux 6.4
- S.u.S.E. Linux 6.3
- RedHat Linux 6.2E i386
- RedHat Linux 6.2 i386
- RedHat Linux 6.1 i386
- RedHat Linux 6.0 i386
- OpenBSD OpenBSD 2.7
- OpenBSD OpenBSD 2.6
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- MandrakeSoft Linux Mandrake 7.1
- MandrakeSoft Linux Mandrake 7.0
- HP HP-UX 11.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- Debian Linux 2.2
- Debian Linux 2.1
X-Chat X-Chat 1.4.1
- Sun Solaris 8.0
- Sun Solaris 7.0
- Sun Solaris 2.6
- Slackware Linux 7.1
- SGI IRIX 6.5
- SGI IRIX 6.4
- S.u.S.E. Linux 7.0
- S.u.S.E. Linux 6.4
- S.u.S.E. Linux 6.3
- RedHat Linux 6.2E i386
- RedHat Linux 6.2 i386
- RedHat Linux 6.1 i386
- RedHat Linux 6.0 i386
- OpenBSD OpenBSD 2.7
- OpenBSD OpenBSD 2.6
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- MandrakeSoft Linux Mandrake 7.1
- MandrakeSoft Linux Mandrake 7.0
- HP HP-UX 11.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- Debian Linux 2.2
- Debian Linux 2.1
X-Chat X-Chat 1.4
- Sun Solaris 8.0
- Sun Solaris 7.0
- Sun Solaris 2.6
- Slackware Linux 7.1
- SGI IRIX 6.5
- SGI IRIX 6.4
- S.u.S.E. Linux 7.0
- S.u.S.E. Linux 6.4
- S.u.S.E. Linux 6.3
- RedHat Linux 6.2E i386
- RedHat Linux 6.2 i386
- RedHat Linux 6.1 i386
- RedHat Linux 6.0 i386
- OpenBSD OpenBSD 2.7
- OpenBSD OpenBSD 2.6
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- MandrakeSoft Linux Mandrake 7.1
- MandrakeSoft Linux Mandrake 7.0
- HP HP-UX 11.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- Debian Linux 2.2
- Debian Linux 2.1
X-Chat X-Chat 1.3.9
- Sun Solaris 8.0
- Sun Solaris 7.0
- Sun Solaris 2.6
- Slackware Linux 7.1
- SGI IRIX 6.5
- SGI IRIX 6.4
- S.u.S.E. Linux 7.0
- S.u.S.E. Linux 6.4
- S.u.S.E. Linux 6.3
- RedHat Linux 6.2E i386
- RedHat Linux 6.2 i386
- RedHat Linux 6.1 i386
- RedHat Linux 6.0 i386
- OpenBSD OpenBSD 2.7
- OpenBSD OpenBSD 2.6
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- MandrakeSoft Linux Mandrake 7.1
- MandrakeSoft Linux Mandrake 7.0
- HP HP-UX 11.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- Debian Linux 2.2
- Debian Linux 2.1
X-Chat X-Chat 1.3.13
- Sun Solaris 8.0
- Sun Solaris 7.0
- Sun Solaris 2.6
- Slackware Linux 7.1
- SGI IRIX 6.5
- SGI IRIX 6.4
- S.u.S.E. Linux 7.0
- S.u.S.E. Linux 6.4
- S.u.S.E. Linux 6.3
- RedHat Linux 6.2E i386
- RedHat Linux 6.2 i386
- RedHat Linux 6.1 i386
- RedHat Linux 6.0 i386
- OpenBSD OpenBSD 2.7
- OpenBSD OpenBSD 2.6
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- MandrakeSoft Linux Mandrake 7.1
- MandrakeSoft Linux Mandrake 7.0
- HP HP-UX 11.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- Debian Linux 2.2
- Debian Linux 2.1
X-Chat X-Chat 1.3.12
- Sun Solaris 8.0
- Sun Solaris 7.0
- Sun Solaris 2.6
- Slackware Linux 7.1
- SGI IRIX 6.5
- SGI IRIX 6.4
- S.u.S.E. Linux 7.0
- S.u.S.E. Linux 6.4
- S.u.S.E. Linux 6.3
- RedHat Linux 6.2E i386
- RedHat Linux 6.2 i386
- RedHat Linux 6.1 i386
- RedHat Linux 6.0 i386
- OpenBSD OpenBSD 2.7
- OpenBSD OpenBSD 2.6
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- MandrakeSoft Linux Mandrake 7.1
- MandrakeSoft Linux Mandrake 7.0
- HP HP-UX 11.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- Debian Linux 2.2
- Debian Linux 2.1
X-Chat X-Chat 1.3.11
- Sun Solaris 8.0
- Sun Solaris 7.0
- Sun Solaris 2.6
- Slackware Linux 7.1
- SGI IRIX 6.5
- SGI IRIX 6.4
- S.u.S.E. Linux 7.0
- S.u.S.E. Linux 6.4
- S.u.S.E. Linux 6.3
- RedHat Linux 6.2E i386
- RedHat Linux 6.2 i386
- RedHat Linux 6.1 i386
- RedHat Linux 6.0 i386
- OpenBSD OpenBSD 2.7
- OpenBSD OpenBSD 2.6
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- MandrakeSoft Linux Mandrake 7.1
- MandrakeSoft Linux Mandrake 7.0
- HP HP-UX 11.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- Debian Linux 2.2
- Debian Linux 2.1
X-Chat X-Chat 1.3.10
- Sun Solaris 8.0
- Sun Solaris 7.0
- Sun Solaris 2.6
- Slackware Linux 7.1
- SGI IRIX 6.5
- SGI IRIX 6.4
- S.u.S.E. Linux 7.0
- S.u.S.E. Linux 6.4
- S.u.S.E. Linux 6.3
- RedHat Linux 6.2E i386
- RedHat Linux 6.2 i386
- RedHat Linux 6.1 i386
- RedHat Linux 6.0 i386
- OpenBSD OpenBSD 2.7
- OpenBSD OpenBSD 2.6
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- MandrakeSoft Linux Mandrake 7.1
- MandrakeSoft Linux Mandrake 7.0
- HP HP-UX 11.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- Debian Linux 2.2
- Debian Linux 2.1
详细描述
在版本1.3.9中和以后的X-CHAT IRC客户端 存在漏洞,通过在URL中的("")写
入可执行命令,就可能执行任意命令,主要依靠X-CHAT用户是否会查看此连接。

在NETSCAPE弹出的X-CHAT没有对在提供的URL中检查SHELL字符,所有允许攻击者
利用SHELL扩展能力来以NETSCAPE的方式执行命令。

http://www.altavista.com/?x=`date`y="`date`"

测试代码
见描述部分。

解决方案
尚无

相关信息
Copyright © 1998-2003 XFOCUS Team. All Rights Reserved