'Denial of Service' Vulnerability in XChat

[Asmo]

Over the past period several security related websites have posted news about a DoS exploit for the Windows version of XChat up to version 2.6.7. Code to abuse the exploit have been released as well.

"A few security web sites are reporting a 'Denial of Service' vulnerability in XChat <= 2.6.7 for Windows. This is incorrect, 2.6.7 is not affected, nor is 2.6.5a nor any recent version" XChat author Zed announced on the XChat website.

IRC-Junkie contacted Zed about this. "After closer research it appears no official version is vulnerable," Zed starts his reply. "It only applies to SilvereX's releases."

Due to the costs of compiling the Windows version Zed started asking a fee for the compiled Windows version. SilvereX is still releasing free Windows builds from time to time.

IRC-Junkie tried to contact SilvereX but have not gotten a reply yet.
_________________
Asmo

webmaster www.IRC-Junkie.org

[Horcsog]

They found a bug in every XChat, including 2.6.5 and 2.6.7. As the XChat officials said: there is no such bug in their release, only in SilvereX free releases. Wich is fun, because the latest from SilvereX is 2.6.4.1

So these "security related" sites looked into the future. The already know, that the next release will be vulnerable as well. I have to contact them for some lottery tips.

[Asmo]

Its a bit vague indeed. I tried to contact Silverex, who did replied today, but just with "what security issue do you mean?".

Guess story will be continued later on =)
_________________
Asmo

webmaster www.IRC-Junkie.org