AOH :: HP Unsorted X :: BX2601.HTM

XChat 2.8.4-1 - Multiple Vulnerabilities



XChat 2.8.4-1 - Multiple Vulnerabilities
XChat 2.8.4-1 - Multiple Vulnerabilities



1) Infos=0D
---------=0D
Date : 2008-03-23=0D
Product : XChat=0D
Version : 2.8.4-1=0D
Vendor : http://www.silverex.org/news/=0D 
Vendor Status :=0D
2007-12-?? Not Informed!=0D
2008-01-?? Vendor contacted!=0D
2008-03-28 No reply from vendor. Published!=0D
=0D
=0D
Description :=0D
XChat, is one of the most popular IRC clients for Unix-like systems. =0D
It is also available for Microsoft Windows and Mac OS X.=0D
=0D
silverex.org done an unofficial free X-Chat built for Windows,=0D
compiled on Windows XP SP2 with Microsoft Visual Studio .NET 2003 =0D
Enterprise Architect C/C++ compiler.=0D
=0D
Discovered/Provided By :=0D
=0D
Giuseppe `Evilcry` Bonfa' - http://evilcry.altervista.org=0D 
Omni - http://omni.playhack.net=0D 
=0D
E-mail : =0D
=0D
evilcry[at]NOSPAM-gmail[dot]com=0D
omnipresent[at]NOSPAM-email[dot]it - omni[at]NOSPAM-playhack[dot]net=0D
=0D
=0D
2) Security Issues=0D
-------------------=0D
=0D
--- [ Password Disclosure Vulnerability ] ---=0D
================================================0D
=0D
=0D
XChat 2.8.4-1 is prone to a Password Disclosure Vulnerability that could =0D
expose XChat users to a leak of Sensitive Informations, such as the NickServ =0D
and Server Password, allowing User Impersonation.=0D
=0D
XChat leaves User's Passwords in clear in memory, an attacker could carve with a=0D
Process Memory Dump of the Xchat process, and next by identifing some costants =0D
string it's possible, with some byte displacement, to retrive the passwords.=0D
=0D
=0D
--- [ PoC ] ---=0D
================0D
=0D
If a user has saved him/her own NickServ password or=0D
Server Password a malicious person can launch a Process Memory Dumper =0D
and look through the dumped memory and with a simple =0D
string searching he/she can retrieve user password / server password.=0D
=0D
Useful keyword:=0D
=0D
ns identify=0D
WHOIS %2 %2=0D
=0D
Images:=0D
http://omni.playhack.net/misc/FirstOccurr.png=0D 
http://omni.playhack.net/misc/SecondOccurr.png=0D 
http://omni.playhack.net/misc/NickServ.png=0D 
=0D
=0D
--- [ Local DoS ] ---=0D
================================================0D
=0D
=0D
A local DoS (Denial of Service) Vulnerability has been found =0D
in XChat 2.8.4-1 (unofficial).=0D
=0D
This vulnerability can be exploited by a malicious person by a simple=0D
click on the xchat's Icon in the Try-bar.=0D
After the click on that icon xchat will crash.=0D
=0D
Windows API used to put the application in the tray bar: Shell_NotifyIcon .=0D
=0D
Info registers:=0D
=0D
EDI: 0x7ffd6000=0D
EBX: 0x0012d8e8=0D
EIP: 0x7c91eb94=0D
ESI: 0x00000000=0D
ECX: 0x00001000=0D
EBP: 0x0012d95c=0D
EAX: 0x01180000=0D
EDX: 0x7c91eb94=0D
=0D
--- [ Patch ] ---=0D
================0D
=0D
- No patch available from the vendor.

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.