Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

XChat 2.8.4-1 - Multiple Vulnerabilities

from [evilcry] Network Security [Permanent Link]
Subject: XChat 2.8.4-1 - Multiple Vulnerabilities
Date: 28 Mar 2008 16:37:52 -0000 
1) Infos
---------
Date : 2008-03-23
Product : XChat
Version : 2.8.4-1
Vendor : http://www.silverex.org/news/
Vendor Status :
2007-12-?? Not Informed!
2008-01-?? Vendor contacted!
2008-03-28 No reply from vendor. Published!


Description :
XChat, is one of the most popular IRC clients for Unix-like systems. 
It is also available for Microsoft Windows and Mac OS X.

silverex.org done an unofficial free X-Chat built for Windows,
compiled on Windows XP SP2 with Microsoft Visual Studio .NET 2003 
Enterprise Architect C/C++ compiler.

Discovered/Provided By :

Giuseppe `Evilcry` Bonfa' - http://evilcry.altervista.org
Omni - http://omni.playhack.net

E-mail : 

evilcry[at]NOSPAM-gmail[dot]com
omnipresent[at]NOSPAM-email[dot]it - omni[at]NOSPAM-playhack[dot]net


2) Security Issues
-------------------

--- [ Password Disclosure Vulnerability ] ---
===============================================


XChat 2.8.4-1 is prone to a Password Disclosure Vulnerability that could 
expose XChat users to a leak of Sensitive Informations, such as the NickServ 
and Server Password, allowing User Impersonation.

XChat leaves User's Passwords in clear in memory, an attacker could carve with a
Process Memory Dump of the Xchat process, and next by identifing some costants 
string it's possible, with some byte displacement, to retrive the passwords.


--- [ PoC ] ---
===============

If a user has saved him/her own NickServ password or
Server Password a malicious person can launch a Process Memory Dumper 
and look through the dumped memory and with a simple 
string searching he/she can retrieve user password / server password.

Useful keyword:

ns identify
WHOIS %2 %2

Images:
http://omni.playhack.net/misc/FirstOccurr.png
http://omni.playhack.net/misc/SecondOccurr.png
http://omni.playhack.net/misc/NickServ.png


--- [ Local DoS ] ---
===============================================


A local DoS (Denial of Service) Vulnerability has been found 
in XChat 2.8.4-1 (unofficial).

This vulnerability can be exploited by a malicious person by a simple
click on the xchat's Icon in the Try-bar.
After the click on that icon xchat will crash.

Windows API used to put the application in the tray bar: Shell_NotifyIcon .

Info registers:

EDI: 0x7ffd6000
EBX: 0x0012d8e8
EIP: 0x7c91eb94
ESI: 0x00000000
ECX: 0x00001000
EBP: 0x0012d95c
EAX: 0x01180000
EDX: 0x7c91eb94

--- [ Patch ] ---
===============

- No patch available from the vendor.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  CA Multiple Products DSM ListCtrl ActiveX Control Buffer Overflow Vulnerability, Williams, James K
Next by Date:  Re: Smf 1.1.4 Remote File Inclusion Vulnerabilities, Jindrich Kubec
Previous by Thread:  CA Multiple Products DSM ListCtrl ActiveX Control Buffer Overflow Vulnerability, Williams, James K
Next by Thread:  Re: XChat 2.8.4-1 - Multiple Vulnerabilities, fabio
Indexes:  [Date] [Thread] [Top] [All Lists]