CVE-2016-2087

Опубликовано: 18 янв. 2017

Источник: debian

Описание

Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. (dot dot) in the server name.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
xchat	fixed	2.8.8-10		package
xchat	no-dsa		jessie	package
hexchat	fixed	2.12.4-4		package
hexchat	no-dsa		stretch	package
hexchat	no-dsa		jessie	package

Примечания

https://www.exploit-db.com/exploits/39656/
https://github.com/hexchat/hexchat/issues/1933
https://github.com/hexchat/hexchat/commit/15600f405f2d5bda6ccf0dd73957395716e0d4d3
Would be included in upstream source since the upload 2.12.3-0.1 to unstable but the
Debian packaging reverts the 15600f405f2d5bda6ccf0dd73957395716e0d4d3 commit
The Debian packagging drops the revert in 2.12.4-4 to not diverge from upstream.

Связанные уязвимости

CVE-2016-2087

CVSS3: 7.4

ubuntu

около 9 лет назад

Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. (dot dot) in the server name.

CVE-2016-2087

CVSS3: 7.4

nvd

около 9 лет назад

Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. (dot dot) in the server name.

SUSE-SU-2020:2872-1

suse-cvrf

больше 5 лет назад

Security update for hexchat

GHSA-r36g-f4rx-gr5p

CVSS3: 7.4

github

больше 3 лет назад

Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. (dot dot) in the server name.