lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4AA3EC75.7060102@icysilence.org>
Date: Sun, 06 Sep 2009 19:08:05 +0200
From: Cristofaro Mune <pulsoid@...silence.org>
To: full-disclosure@...ts.grok.org.uk
Subject: IS-2009-001 - Pidgin IRC TOPIC message DOS

Security Advisory

IS-2009-001 - Pidgin IRC TOPIC message DOS


Advisory Information
--------------------
Published:
2009-09-03

Updated:
2009-09-06

Vulnerable:
Pidgin 2.6.1
Previous versions may be also affected.

Not Vulnerable:
Pidgin 2.6.2

Vulnerability Details
---------------------
Class:
Denial of Service

Remote:
Yes

Local:
No

Public References:
CVE: CVE-2009-2703
BugtraqID: 36277


Summary:
A malicious IRC server may perform a remote denial of service by sending
a malformed IRC TOPIC message.
Application crash will occur upon reception of such message.


Details:
A properly crafted IRC TOPIC message is able to trigger a NULL pointer
dereference in the libpurple code portion devoted to IRC message parsing.
The relevant code is located in libpurple/protocols/irc inside the
pidgin source tree.

Failure in populating a zero-filled array with the proper values, will
occur when parsing some TOPIC messages that do not include a topic
description field.
Such an array will then be processed by irc_msg_topic in msgs.c and
irc_mirc2txt in parse.c, without being checked for the presence of NULL
values.
This leads to a NULL pointer dereference in irc_mirc2txt, causing a
segmentation fault and the application crash.

An attacker could also trigger the vulnerability by properly injecting,
by any means, a '\r\n' sequence into a valid TOPIC message.


Solution:
Upgrade to Pidgin 2.6.2


Additional Information
----------------------
A more detailed analysis is available on http://www.icysilence.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ