[LWN Logo]
[Timeline]
Date:         Tue, 29 Aug 2000 18:14:12 -0400
From: "Helix Code, Inc." <security@HELIXCODE.COM>
Subject:      Helix Code Security Advisory - X-Chat
To: BUGTRAQ@SECURITYFOCUS.COM

HELIX CODE, INC.                                             SECURITY ADVISORY
security@helixcode.com                                 Issue Date: 29 Aug 2000

PACKAGES AFFECTED:
X-Chat 1.4.2 and previous for all supported distributions.

SYNOPSIS:
A vulnerability in the X-Chat IRC client allows a malicious URL to possibly
execute arbitrary shell commands as the user running X-Chat.

DESCRIPTION:
X-Chat has a feature that allows a user to right-click on a URL in an IRC
window and open it in a browser. X-Chat passes the URL to /bin/sh when
executing the browser command. A malicious URL could be created to run
arbitrary commands or scripts on the system if a user opens the URL.

SOLUTION:
A new version of X-Chat has been released by the maintainers which eliminates
this vulnerability.

AVAILABILITY:
An essential update is available immediately from Helix Code, Inc. via the
Helix GNOME Updater and from the following URLs:

For Caldera OpenLinux eDesktop 2.4 systems:
http://spidermonkey.helixcode.com/distributions/Caldera-2.4/xchat-1.4.3-0_helix_1.i386.rpm

For Debian GNU/Linux potato (2.2) and woody systems:
http://spidermonkey.helixcode.com/distributions/Debian/dists/woody/main/binary-i386/xchat_1.4.3-helix1_i386.deb
http://spidermonkey.helixcode.com/distributions/Debian/dists/woody/main/binary-i386/xchat-common_1.4.3-helix1_all.deb
http://spidermonkey.helixcode.com/distributions/Debian/dists/woody/main/binary-i386/xchat-text_1.4.3-helix1_i386.deb
http://spidermonkey.helixcode.com/distributions/Debian/dists/woody/main/binary-i386/xchat-gnome_1.4.3-helix1_i386.deb

For LinuxPPC systems:
http://spidermonkey.helixcode.com/distributions/LinuxPPC/xchat-1.4.3-0_helix_1.ppc.rpm

For Linux Mandrake systems:
http://spidermonkey.helixcode.com/distributions/Mandrake/xchat-1.4.3-0mdk_helix_1.i586.rpm

For Red Hat Linux systems:
http://spidermonkey.helixcode.com/distributions/RedHat-6/xchat-1.4.3-0_helix_1.i386.rpm

For Solaris running on UltraSparc systems:
http://spidermonkey.helixcode.com/distributions/Solaris/xchat-1.4.3-0_helix_1.sparc64.rpm

For SuSE 6.3 systems:
http://spidermonkey.helixcode.com/distributions/SuSE/xchat-1.4.3-0_helix_1.i386.rpm

For SuSE 6.4 systems:
http://spidermonkey.helixcode.com/distributions/SuSE-6.4/xchat-1.4.3-0_helix_1.i386.rpm

For TurboLinux systems:
http://spidermonkey.helixcode.com/distributions/TurboLinux-6/xchat-1.4.3-0_helix_1.i386.rpm

VERIFICATION:
2261b9fec19b27e6dbabae406bc0fd54  Caldera-2.4/xchat-1.4.3-0_helix_1.i386.rpm
fef17cd9dcf8e92b908be61f8fff4510  Debian/dists/woody/main/binary-i386/xchat_1.4.3-helix1_i386.deb
9763bb303a2c3eb08206b44dc646dea5  Debian/dists/woody/main/binary-i386/xchat-common_1.4.3-helix1_all.deb
fbda48026bea635ca093d931aec50a8d  Debian/dists/woody/main/binary-i386/xchat-text_1.4.3-helix1_i386.deb
0fbf8726ba981de77c2dd71fb728a6d4  Debian/dists/woody/main/binary-i386/xchat-gnome_1.4.3-helix1_i386.deb
80eb40b6c7c31eb6381b320fff294527  LinuxPPC/xchat-1.4.3-0_helix_1.ppc.rpm
5eecb8d78c314c7c5124ec61413fdca3  Mandrake-7/xchat-1.4.3-0mdk_helix_1.i586.rpm
ef0294dcc2188682e4936a4d9f73208c  RedHat-6/xchat-1.4.3-0_helix_1.i386.rpm
2dcb655a39854da46e0a4281c6112dbe  Solaris/xchat-1.4.3-0_helix_1.sparc64.rpm
51273503d8b85a916ed757cc05d5c1c7  SuSE/xchat-1.4.3-0_helix_1.i386.rpm
a1c52390e0bb5b921099edb60ba86f82  SuSE-6.4/xchat-1.4.3-0_helix_1.i386.rpm
0915ca28a9fe0ba09b3636de9e28c74d  TurboLinux-6/xchat-1.4.3-0_helix_1.i386.rpm

Copyright (c) 2000 Helix Code, Inc.