lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <1102058176.5981.27.camel@localhost>
From: khermansen at ht-technology.com (Kristian Hermansen)
Subject: Gaim Festival Logoff Vulnerability <= 0.81 (1.03)

DATE: Friday, December 3, 2004

After some playing around this week, there seems to be vulnerabilities
in the Festival plugin (/usr/lib/gaim/festival.so) for Gaim.  I tested
version 0.81 in Gaim 1.03 with the ked_diphone voice.  I'm not sure if
these are already known and remain unpatched.  Basically, by sending
certain strings you can exploit it in various ways.  ratjed and I ran
into this last night while passing some code back and forth.  For the
most simple example try sending it these two strings concurrently:

--snip--
##printf("%s", "%s", "hello world");
##printf("%s", "hello world");
--snip--

It should close down Gaim immediately.  You might be able to get it to
delete files, but I have not put more than five minutes into analyzing
it yet.  I publish this in the event that there are other more dangerous
strings that could be sent.  Any feedback is greatly appreciated and if
anyone has a patch please make it available...

CREDITS: ratjed and netsniper
-- 
Kristian Hermansen <khermansen@...technology.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ