[<prev] [next>] [day] [month] [year] [list]
Message-ID: <004e01cc6089$6de0d920$49a28b60$@com>
Date: Mon, 22 Aug 2011 17:07:45 +1200
From: "Brett Moore" <advisories@...omniasec.com>
To: <full-disclosure@...ts.grok.org.uk>
Subject: Insomnia : ISVA-110822.1 - Pidgin IM Insecure URL
Handling Remote Code Execution
___________________________________________________________________
Insomnia Security Vulnerability Advisory: ISVA-110822.1
___________________________________________________________________
Name: Pidgin IM Insecure URL Handling Remote Code Execution
Reported: 21 July 2011
Vendor Link:
http://www.pidgin.im
Affected Products:
Pidgin Instant Messaging Client <= 2.9.0
Original Advisory:
http://www.insomniasec.com/advisories/ISVA-110822.1.htm
Researcher:
James Burton, Insomnia Security
http://www.insomniasec.com
___________________________________________________________________
_______________
Description
_______________
Pidgin is an open source instant messaging client that allows users
to log in to accounts on multiple chat networks simultaneously.
An insecure URL handling vulnerability exists in Pidgin <= 2.9.0
that can be exploited to cause remote code execution.
This vulnerability requires user interaction in the form of clicking
a malicious crafted URL.
_______________
Details
_______________
Pidgin supports the use of URL handlers in IM sessions. The Windows build
passes URLs directly to the ShellExecute API where they are executed under
the context of the user running the application.
When passed through a file:// URL a malicious executable can be hosted
and executed off a remote WEBDAV/SMB share.
This vulnerability requires user interaction in the form of clicking a
crafted URL but Pidgins Insert -> Link function gives the option of adding
a description which masks the underlying link.
This makes the task of social engineering the target a trivial one.
This vulnerability has only been confirmed over Google-Talk though
exploitation over other chat networks may be possible.
_______________
Solution
_______________
Upgrade to Pidgin 2.10.0 from http://www.pidgin.im/
The Pidgin changelog can be found http://developer.pidgin.im/wiki/ChangeLog
_______________
Legals
_______________
The information is provided for research and educational purposes
only. Insomnia Security accepts no liability in any form whatsoever
for any direct or indirect damages associated with the use of this
information.
___________________________________________________________________
Insomnia Security Vulnerability Advisory: ISVA-110822.1
___________________________________________________________________
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists