ID de Prueba:	1.3.6.1.4.1.25623.1.0.51536
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2002:526
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2002:526. XChat is a popular graphical IRC client available in most linux distributions. XChat prior to version 1.8.9 has a vulnerability[1] that may allow a remote attacker to execute arbitrary commands in the IRC client context. The vulnerability resides in the way xchat handles the IRC server response for the /dns command. It passes the response directly to a shell without filtering it. An attacker with administration privileges in the IRC server can insert escaped commands in such a response, which will be executed by the client's shell. Please note that in order to have this vulnerability exploited, the xchat user must be connected to an IRC server where the attacker has administration privileges and must also run the /dns command. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://marc.theaimsgroup.com/?l=bugtraq&m=101725430425490&w=2 http://distro.conectiva.com.br/bugzilla/show_bug.cgi?id=6596 https://secure1.securityspace.com/smysecure/catid.html?in=CLA-2002:526 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002 Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.