Red Hat Linux 6.2 Security Advisory
Back to Security Advisories

 
Red Hat, Inc. Security Advisory
Synopsis XChat can pass URLs from IRC to a shell
Advisory ID RHSA-2000:055-03
Issue Date 2000-08-22
Updated On 2000-08-23
Product Red Hat Linux
Keywords XChat IRC shell
Cross References N/A


1. Topic:

A new XChat package is available that fixes a possible
security hole.

2. Problem description:

XChat allows users to right-click on a URL appearing
in an IRC discussion and select "Open in Browser." To
open the URL in a browser, XChat passes it to /bin/sh.
So, a malicious URL could execute arbitrary shell commands
as the user running XChat. This errata changes XChat to
bypass the shell and execute the browser directly.

3. Bug IDs fixed: (see bugzilla for more information)

N/A -

4. Relevant releases/architectures:

Red Hat Linux 6.2 - i386, alpha, sparc

5. RPMs required:

Red Hat Linux 6.2:

sparc:
ftp://updates.redhat.com/6.2/en/os/sparc/xchat-1.4.0-2.sparc.rpm

alpha:
ftp://updates.redhat.com/6.2/en/os/alpha/xchat-1.4.0-2.alpha.rpm

i386:
ftp://updates.redhat.com/6.2/en/os/i386/xchat-1.4.0-2.i386.rpm

sources:
ftp://updates.redhat.com/6.2/en/os/SRPMS/xchat-1.4.0-2.src.rpm

6. Solution:

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

7. Verification:

MD5 sum                           Package Name
-------------------------------------------------------------------------
0642e627980c723b64a865662b27c638  6.2/en/os/SRPMS/xchat-1.4.0-2.src.rpm
79491287b1b683bd882f5ddcf0429018  6.2/en/os/alpha/xchat-1.4.0-2.alpha.rpm
285f31993a4084659c38b13d3f8f9c41  6.2/en/os/i386/xchat-1.4.0-2.i386.rpm
5878e8cd14c2aacb59ea3d05e379ca67  6.2/en/os/sparc/xchat-1.4.0-2.sparc.rpm
These packages are GPG signed by Red Hat, Inc. for security. Our key is available at:
http://www.redhat.com/about/contact.html

You can verify each package with the following command: rpm --checksig filename

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg filename

Note that you need RPM >= 3.0 to check GnuPG keys.

8. References:

Reported to BUGTRAQ by Zenith Parsec.