Bug 121333

Summary: CAN-2004-0409 XChat buffer overflow in socks5 proxy
Product: Red Hat Enterprise Linux 3 Reporter: Mark J. Cox <mjc>
Component: xchatAssignee: Daniel Reed <djr>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 3.0CC: bressers, mharris
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://mail.nl.linux.org/xchat-announce/2004-04/msg00000.html
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-10-27 15:14:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Mark J. Cox 2004-04-20 15:52:59 UTC 
A flaw in the XChat's Socks-5 proxy code could allow arbitrary code
execution.  To exploit this flaw an attacker would need to create a
malicious socks-5 proxy that the victim connects to.

         CAN-2004-0409 Affects: 3AS 3ES 3WS
         CAN-2004-0409 Affects: 2.1AS 2.1AW 2.1ES 2.1WS

This issue was public on Mon, 5 Apr 2004
Comment 1 Daniel Reed 2004-04-20 21:16:05 UTC 
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0409 links to
http://mail.nl.linux.org/xchat-announce/2004-04/msg00000.html for 
more information.

"XChat's Socks-5 proxy code is vulnerable to a remote exploit. To
successfully exploit the code, you would need to enable socks5 
traversal (default off) and connect to the attacker's own custom
proxy server.

"If you never intend to use a Socks5 proxy, you are not affected at
all by this issue."
Comment 2 Josh Bressers 2004-06-23 15:17:36 UTC 
This will be RHSA-2004:297.
Comment 3 Josh Bressers 2004-10-27 15:14:19 UTC 
An errata has been issued which should help the problem 
described in this bug report. This report is therefore being 
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, 
please follow the link below. You may reopen this bug report 
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2004-585.html
Comment 4 John Flanagan 2004-12-20 17:37:57 UTC 
An errata has been issued which should help the problem 
described in this bug report. This report is therefore being 
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, 
please follow the link below. You may reopen this bug report 
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2004-297.html