lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: khermansen at ht-technology.com (Kristian Hermansen) Subject: Gaim Festival Logoff Vulnerability <= 0.81 (1.03) DATE: Friday, December 3, 2004 After some playing around this week, there seems to be vulnerabilities in the Festival plugin (/usr/lib/gaim/festival.so) for Gaim. I tested version 0.81 in Gaim 1.03 with the ked_diphone voice. I'm not sure if these are already known and remain unpatched. Basically, by sending certain strings you can exploit it in various ways. ratjed and I ran into this last night while passing some code back and forth. For the most simple example try sending it these two strings concurrently: --snip-- ##printf("%s", "%s", "hello world"); ##printf("%s", "hello world"); --snip-- It should close down Gaim immediately. You might be able to get it to delete files, but I have not put more than five minutes into analyzing it yet. I publish this in the event that there are other more dangerous strings that could be sent. Any feedback is greatly appreciated and if anyone has a patch please make it available... CREDITS: ratjed and netsniper -- Kristian Hermansen <khermansen@...technology.com>
Powered by blists - more mailing lists