Red Hat Bugzilla – Bug 452815
CVE-2008-2841 xchat: command execution when xchat is started from the browser
Last modified: 2008-06-25 08:06:07 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-2841 to the following vulnerability:
Argument injection vulnerability in XChat 2.8.7b and earlier on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary commands via the --command parameter in an ircs:// URI.
This seems to be IE flaw rather than xchat flaw, as this can be used to inject
additional command line arguments to any external protocol handler application.
Firefox does have a irc:// protocol handler, but seems to escape / URL-encode
arguments passed to external program properly (as any sane browse should do).
Additionally, --command argument to xchat was only introduced recently. It is
only supported in 2.8.6 currently only in Rawhide. Versions of xchat in Fedora
8 and 9, and Red Hat Enterprise Linux 2.1, 3, 4 and 5 do not support --command
command line argument.
Window$-only exploit, does not affect any version of Fedora or RHEL.