Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.50829
Kategorie:Mandrake Local Security Checks
Titel:Mandrake Security Advisory MDKSA-2002:051 (xchat)
Zusammenfassung:NOSUMMARY
Beschreibung:Description:

The remote host is missing an update to xchat
announced via advisory MDKSA-2002:051.

In versions of the xchat IRC client prior to version 1.8.9, xchat does
not filter the response from an IRC server when a /dns query is
executed. xchat resolves hostnames by passing the configured resolver
and hostname to a shell, so an IRC server may return a malicious
response formatted so that arbitrary commands are executed with the
privilege of the user running xchat.

Affected versions: 7.1, 7.2, 8.0, 8.1, 8.2, Corporate Server 1.0.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2002:051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0382
http://online.securityfocus.com/bid/4376/info/

Risk factor : High

CVSS Score:
7.5

Querverweis: BugTraq ID: 4376
Common Vulnerability Exposure (CVE) ID: CVE-2002-0382
http://www.securityfocus.com/bid/4376
Bugtraq: 20020327 Xchat /dns command execution vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=101725430425490&w=2
Conectiva Linux advisory: CLA-2002:526
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000526
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-051.php
http://www.redhat.com/support/errata/RHSA-2002-097.html
http://www.redhat.com/support/errata/RHSA-2002-124.html
http://www.iss.net/security_center/static/8704.php
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.