| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 26 Jun 2008 04:15:11 -0000 From: jplopezy@...il.com To: bugtraq@...urityfocus.com Subject: Pidgin 2.4.1 Vulnerability Application: Pidgin 2.4.1 OS: Linux - Ubuntu 8.04 ------------------------------------------------------ 1 - Description 2 - Vulnerability 3 - POC/EXPLOIT ------------------------------------------------------ Description Pidgin is an instant messaging program with which you can use a number of protocols known as (MSN, ICQ, AIM). While there is Pidgin 2.4.2 version which was not provided in this version so I could not say whether it was also vulnerable. ------------------------------------------------------ Vulnerability The vulnerability works sending files with the protocol msn (I did not test at all protocols), if a file is sent with a long name and special characters and this causes the program to break. If we analyze the vulnerability with a debugger you can see a flaw in the following function 0xb62abaeb in msn_slplink_process_msg According with the characters used, the fault may vary in other functions. ------------------------------------------------------ POC/EXPLOIT For proof of the concept you should create a file either (never mind the extension) with the maximum allowable characters, with the following characteristics. ASCII = (‣ ․ ‥ … ) HEX = ( 26 23 38 32 32 37 3b 20 26 23 38 32 32 38 3b 20 26 23 38 32 32 39 3b 20 85 ) ------------------------------------------------------ Juan Pablo Lopez Yacubian
Powered by blists - more mailing lists