CVE-2002-0006 - XChat 1.8.7 and earlier, including default configurations of 1.4.2 and 1.4.3, allows remote attacker

CVE-2002-0006

Summary

XChat 1.8.7 and earlier, including default configurations of 1.4.2 and 1.4.3, allows remote attackers to execute arbitrary IRC commands as other clients via encoded characters in a PRIVMSG command that calls CTCP PING, which expands the characters in the client response when the percascii variable is set.

References

Vulnerable Configurations

cpe:2.3:a:xchat:xchat:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:xchat:xchat:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:xchat:xchat:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:xchat:xchat:1.4.3:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 10-10-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

redhat via4

advisories

rhsa

id	RHSA-2002:005

refmap via4

bid	3830
bugtraq	20020109 xchat IRC session hijacking vulnerability (versions 1.4.1, 1.4.2)
conectiva	CLA-2002:453
debian	DSA-099
hp	HPSBTL0201-016
xf	xchat-ctcp-ping-command(7856)

Last major update

10-10-2017 - 01:30

Published

25-06-2002 - 04:00

Last modified

10-10-2017 - 01:30