| CVE-2008-2841 |
|
发布时间 :2008-06-24 15:41:00 | ||
| 修订时间 :2009-04-14 01:32:49 | ||||
| NMCOE |
[原文]Argument injection vulnerability in XChat 2.8.7b and earlier on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary commands via the –command parameter in an ircs:// URI.
[CNNVD]XChat ircs:// URI 任意命令执行漏洞(CNNVD-200806-335)
X-Chat是一款免费开放源代码的IRC客户端。
X-Chat在处理ircs URI时存在输入验证错误,如果用户在运行时受骗使用Internet Explorer浏览了恶意站点的话,远程攻击者就可以通过带有–command参数的ircs URI在用户系统上执行任意命令。
–
CVSS (基础分值)
| CVSS分值: | 6.8 | [中等(MEDIUM)] |
| 机密性影响: | PARTIAL | [很可能造成信息泄露] |
| 完整性影响: | PARTIAL | [可能会导致系统文件被修改] |
| 可用性影响: | PARTIAL | [可能会导致性能下降或中断资源访问] |
| 攻击复杂度: | MEDIUM | [漏洞利用存在一定的访问条件] |
| 攻击向量: | NETWORK | [攻击者不需要获取内网访问权或本地访问权] |
| 身份认证: | NONE | [漏洞利用无需身份认证] |
–
CWE (弱点类目)
| CWE-94 | [对生成代码的控制不恰当(代码注入)] |
–
CPE (受影响的平台与产品)
| cpe:/a:xchat:xchat:2.8.7b | XChat XChat 2.8.7b |
| cpe:/a:microsoft:ie | Microsoft Internet Explorer |
–
OVAL (用于检测的技术细节)
| 未找到相关OVAL定义 |
–
官方数据库链接
–
其它链接及资源
|
http://xforce.iss.net/xforce/xfdb/43065 (UNKNOWN) XF xchat-ircs-command-execution(43065) |
|
http://www.securityfocus.com/bid/29696 (UNKNOWN) BID 29696 |
|
http://www.milw0rm.com/exploits/5795 (UNKNOWN) MILW0RM 5795 |
|
http://secunia.com/advisories/30695 (VENDOR_ADVISORY) SECUNIA 30695 |
|
http://forum.xchat.org/viewtopic.php?t=4218 (UNKNOWN) CONFIRM http://forum.xchat.org/viewtopic.php?t=4218 |
–
漏洞信息
| XChat ircs:// URI 任意命令执行漏洞 | |
| 中危 | 代码注入 |
| 2008-06-24 00:00:00 | 2009-04-14 00:00:00 |
| 远程 | |
| X-Chat是一款免费开放源代码的IRC客户端。 X-Chat在处理ircs URI时存在输入验证错误,如果用户在运行时受骗使用Internet Explorer浏览了恶意站点的话,远程攻击者就可以通过带有–command参数的ircs URI在用户系统上执行任意命令。 |
|
–
公告与补丁
|
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接: http://www.xchat.org/files/binary/win32/xchat-2.8.7c.exe |
–
漏洞信息 (5795)
| XChat <= 2.8.7b (URI Handler) Remote Code Execution Exploit (ie6/ie7) (EDBID:5795) | |
| windows | remote |
| 2008-06-13 | Verified |
| 0 | securfrog |
N/A |
[点击下载] |
################################################################################################################## # # Xchat <= 2.8.7b Remote Code Execution (tested on Windows XP SP1+SP2+SP3, IE6 & IE7 fully patched) # Vendor : http://xchat.org/ # Affected Os : Windows * # Risk : critical # # This bug is related to the URI Handler vulnerability but the approch is a bit different. # We don't use any % or ../../../ as the others related bugs, just a single " # According to the registry , when the IRCS:// URI is called , the command launched is : # C:\Program Files\xchat\xchat.exe --existing --url="%1" # # The xchat --help option tells us : # " --command=COMMAND :Send a command to existing xchat " # # So we add a simple " at the end of the URL and we're in business ? # Yep =) ircs://[email protected]" --command "shell calc" # # Note: The victim needs to be connected to an irc server , and also need IE * . # # # # Greetz: French/Quebec community, http://spiritofhack.net/ # # "If in times like theses you can talk about individual freedoom, you're propably a terrorist" # # Poc: this only launch the calc, sky is the limit passed this point.Welcome to my personal website # milw0rm.com [2008-06-13]
–
漏洞信息
46196 |
|
| XChat Crafted ircs URI Handling Arbitrary Remote Command Execution | |
Remote / Network Access |
Input Manipulation |
| Loss of Integrity | Upgrade |
| Exploit Public | Vendor Verified |
–
漏洞描述
–
时间线
2008-06-13 |
Unknow |
| 2008-06-13 | Unknow |
–
解决方案
| Upgrade to version 2.8.7c or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. |
–
相关参考
|
–
漏洞作者
| Unknown or Incomplete |
![[八卦] 王婷婷—揭秘一个大三女生的性爱录像-微慑信息网-VulSee.com](http://free.86hy.com/crack/pic/1.jpg)
![[随笔]今天国际警察节-微慑信息网-VulSee.com](http://photo.sohu.com/20041017/Img222528326.jpg)
青云网
