Vulnerability Description
XChat 1.8.7 and earlier, including default configurations of 1.4.2 and 1.4.3, allows remote attackers to execute arbitrary IRC commands as other clients via encoded characters in a PRIVMSG command that calls CTCP PING, which expands the characters in the client response when the percascii variable is set.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xchat | Xchat | 1.4.2 |
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000453
- http://marc.info/?l=bugtraq&m=101060676210255&w=2
- http://online.securityfocus.com/advisories/3806
- http://rhn.redhat.com/errata/RHSA-2002-005.html
- http://www.debian.org/security/2002/dsa-099PatchVendor Advisory
- http://www.securityfocus.com/bid/3830
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7856
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000453
- http://marc.info/?l=bugtraq&m=101060676210255&w=2
- http://online.securityfocus.com/advisories/3806
- http://rhn.redhat.com/errata/RHSA-2002-005.html
- http://www.debian.org/security/2002/dsa-099PatchVendor Advisory
- http://www.securityfocus.com/bid/3830
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7856
FAQ
What is CVE-2002-0006?
CVE-2002-0006 is a vulnerability with a CVSS score of 7.5 (HIGH). XChat 1.8.7 and earlier, including default configurations of 1.4.2 and 1.4.3, allows remote attackers to execute arbitrary IRC commands as other clients via encoded characters in a PRIVMSG command tha...
How severe is CVE-2002-0006?
CVE-2002-0006 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0006?
Check the references section above for vendor advisories and patch information. Affected products include: Xchat Xchat.