Re: Re: XChat 2.8.4-1 - Multiple Vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Re: XChat 2.8.4-1 - Multiple Vulnerabilities
From: omnipresent@xxxxxxxx
Date: 29 Mar 2008 17:41:01 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

>1) Password disclosure
>What priviledges on the system do you need to >read that process memory?
>With such priviledges, why don't you read the >data directly from the
>config file?

You can try to use the evil's ProcessMemoryDumper.

I dumped (and I've obtained user password) the memory from a limited User.

>2) Local Dos
>Is the build unoficial/unsupported from the XChat >team? Does the same
>bug exists in the official builds?

I've not tested the Official release.

>You talk about a local dos.. how can a user access >the tray icon of
>another user to trigger the crash?

The "bug" was found while I was working in a VPN..

Regards.

Prev by Date: Re: Internet explorer 7.0 spoofing
Next by Date: Proviso SiteKiosk File Download Vulnerability
Previous by thread: Re: XChat 2.8.4-1 - Multiple Vulnerabilities
Next by thread: [SECURITY] [DSA 1534-1] New iceape packages fix several vulnerabilities
Index(es):
- Date
- Thread