CHAT: XChat SOCKS 5 Buffer Overrun

This signature detects attempts to exploit a known vulnerability against an XChat client, an IRC client for UNIX. XChat versions 1.8.0 through 2.0.8 are vulnerable. Because the XChat client does not properly validate user input, an attacker can use a malicious IRC server to overflow a buffer and execute arbitrary code on the target host.

Extended Description

A remotely exploitable buffer overrun was reported in XChat. This issue exists in the SOCKS 5 proxy code. This stack-based buffer overrun could be exploited by a malicious proxy server if SOCKS 5 traversal has been enabled in the client. Successful exploitation will result in execution of arbitrary code as the client user. It should be noted that SOCKS 5 traversal is not enabled by default and this issue only poses a risk if the victim user deliberately connects to an attacker's SOCKS 5 proxy server.

Affected Products

X-chat x-chat

Short Name
CHAT:IRC:OVERFLOW:XCHAT-SOCKS
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
CHAT
Keywords
5 Buffer CVE-2004-0409 Overrun SOCKS XChat bid:10168
Release Date
05/19/2004
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3336
Port
TCP/6667-7000
False Positive
Unknown
Vendors

Red_hat

X-chat

Netwosix

CVSS Score

7.5

Found a potential security threat?