[Bug 21065] New: ctcp version reveals too much info
bugzilla-daemon at bugzilla.ubuntu.com
bugzilla-daemon at bugzilla.ubuntu.com
Thu Dec 15 18:00:28 UTC 2005
Please do not reply to this email. You can add comments at
http://bugzilla.ubuntu.com/show_bug.cgi?id=21065
Ubuntu | xchat
Summary: ctcp version reveals too much info
Product: Ubuntu
Version: unspecified
Platform: All
OS/Version: Linux
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: xchat
AssignedTo: debzilla at ubuntu.com
ReportedBy: james.troup at ubuntu.com
QAContact: desktop-bugs at lists.ubuntu.com
| 17:49 CTCP VERSION reply from user: xchat 2.4.4 Linux 2.6.12-3-386
[i686/598.67MHz]
There's no need for xchat to reveal the exact version+abi of the kernel the user
is running; doing so merely allows an attacker to trivially determine a list of
potentially vulnerable victims, and this much info isn't trivial obtainable by
other means from a default ubuntu box (i.e. no open services).
(The CPU + processor info is harmless but also entirely unnecessary)
--
Configure bugmail: http://bugzilla.ubuntu.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
More information about the desktop-bugs
mailing list