Re: XChat 2.8.4-1 - Multiple Vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: XChat 2.8.4-1 - Multiple Vulnerabilities
From: fabio <ctrlaltca@xxxxxxxxx>
Date: Fri, 28 Mar 2008 19:13:36 +0100
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: Thunderbird 2.0.0.12 (X11/20080213)

1) Password disclosure

What priviledges on the system do you need to read that process memory?With such priviledges, why don't you read the data directly from theconfig file?

2) Local Dos

Is the build unoficial/unsupported from the XChat team? Does the samebug exists in the official builds?You talk about a local dos.. how can a user access the tray icon ofanother user to trigger the crash?


Please explain

CtrlAltCa

Prev by Date: Immunity Debugger 1.5
Next by Date: Re: Smf 1.1.4 Remote File Inclusion Vulnerabilities
Previous by thread: XChat 2.8.4-1 - Multiple Vulnerabilities
Next by thread: Re: Re: XChat 2.8.4-1 - Multiple Vulnerabilities
Index(es):
- Date
- Thread