CVE-2002-0006 | Vulnerability Database | Aqua Security

XChat 1.8.7 and earlier, including default configurations of 1.4.2 and 1.4.3, allows remote attackers to execute arbitrary IRC commands as other clients via encoded characters in a PRIVMSG command that calls CTCP PING, which expands the characters in the client response when the percascii variable is set.

Affected Software

Name	Vendor	Start Version	End Version
Xchat	Xchat	1.4.2 (including)	1.4.2 (including)
Xchat	Xchat	1.4.3 (including)	1.4.3 (including)
Red Hat Linux 6.2	RedHat		*
Red Hat Linux 7.0	RedHat		*
Red Hat Linux 7.1	RedHat		*
Red Hat Linux 7.2	RedHat		*

References

http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000453
http://marc.info/?l=bugtraq\u0026m=101060676210255\u0026w=2
http://online.securityfocus.com/advisories/3806
http://rhn.redhat.com/errata/RHSA-2002-005.html
http://www.debian.org/security/2002/dsa-099
http://www.securityfocus.com/bid/3830
https://exchange.xforce.ibmcloud.com/vulnerabilities/7856
http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000453
http://marc.info/?l=bugtraq\u0026m=101060676210255\u0026w=2
http://online.securityfocus.com/advisories/3806
http://rhn.redhat.com/errata/RHSA-2002-005.html
http://www.debian.org/security/2002/dsa-099
http://www.securityfocus.com/bid/3830
https://exchange.xforce.ibmcloud.com/vulnerabilities/7856

NVD	https://nvd.nist.gov/vuln/detail/CVE-2002-0006
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html