Stack-based buffer overflow in the Socks-5 proxy code for XChat 1.8.0 to 2.0.8, with socks5 traversal enabled, allows remote attackers to execute arbitrary code.

A straightforward stack-based buffer overflow exists in XChat's Socks5 proxy support.

The XChat developers report that `tsifra' discovered this issue.

NOTE: XChat Socks5 support is disabled by support in the FreeBSD Ports Collection.

An updated xchat package that fixes a stack-based buffer overflow in the SOCKSv5 proxy code.

X-Chat is a graphical IRC chat client for the X Window System.

A stack-based buffer overflow has been fixed in the SOCKSv5 proxy code. An attacker could create a malicious SOCKSv5 proxy server in such a way that X-Chat would execute arbitrary code if a victim configured X-Chat to use the proxy. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0409 to this issue.

Users of X-Chat should upgrade to this erratum package, which contains a backported security patch, and is not vulnerable to this issue.

A buffer overflow has been discovered in the Socks-5 proxy code of XChat, an IRC client for X similar to AmIRC. This allows an attacker to execute arbitrary code on the users' machine.

The remote host is affected by the vulnerability described in GLSA-200404-15 (XChat 2.0.x SOCKS5 Vulnerability)

    The SOCKS 5 proxy code in XChat is vulnerable to a remote exploit.
    Users would have to be using XChat through a SOCKS 5 server, enable     SOCKS 5 traversal which is disabled by default and also connect to an     attacker's custom proxy server.
  Impact :

    This vulnerability may allow an attacker to run arbitrary code within     the context of the user ID of the XChat client.
  Workaround :

    A workaround is not currently known for this issue. All users are     advised to upgrade to the latest version of the affected package.

A remotely exploitable vulnerability was discovered in the Socks-5 proxy code in XChat. By default, socks5 traversal is disabled, and one would also need to connect to an attacker's own custom proxy server in order for this to be exploited. Successful exploitation could lead to arbitrary code execution as the user running XChat.

The provided packages are patched to prevent this problem.

ID	Name	Product	Family	Severity
37503	FreeBSD : xchat remotely exploitable buffer overflow (Socks5) (8338a20f-9573-11d8-9366-0020ed76ef5a)	Nessus	FreeBSD Local Security Checks	high
15633	RHEL 2.1 / 3 : xchat (RHSA-2004:585)	Nessus	Red Hat Local Security Checks	high
15330	Debian DSA-493-1 : xchat - buffer overflow	Nessus	Debian Local Security Checks	high
14480	GLSA-200404-15 : XChat 2.0.x SOCKS5 Vulnerability	Nessus	Gentoo Local Security Checks	high
14135	Mandrake Linux Security Advisory : xchat (MDKSA-2004:036)	Nessus	Mandriva Local Security Checks	high

Detections

Analytics

CVE-2004-0409

critical

Tenable Plugins

high

high

high

high

high