lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <004e01cc6089$6de0d920$49a28b60$@com>
Date: Mon, 22 Aug 2011 17:07:45 +1200
From: "Brett Moore" <advisories@...omniasec.com>
To: <full-disclosure@...ts.grok.org.uk>
Subject: Insomnia : ISVA-110822.1 - Pidgin IM Insecure URL
	Handling Remote Code Execution

___________________________________________________________________

 Insomnia Security Vulnerability Advisory: ISVA-110822.1
___________________________________________________________________

 Name: Pidgin IM Insecure URL Handling Remote Code Execution
 Reported: 21 July 2011
 
 Vendor Link:
    http://www.pidgin.im
 
 Affected Products:
    Pidgin Instant Messaging Client <= 2.9.0
     
 Original Advisory:
    http://www.insomniasec.com/advisories/ISVA-110822.1.htm
 
 Researcher:
    James Burton, Insomnia Security
    http://www.insomniasec.com
___________________________________________________________________


_______________

 Description
_______________

Pidgin is an open source instant messaging client that allows users
to log in to accounts on multiple chat networks simultaneously.

An insecure URL handling vulnerability exists in Pidgin <= 2.9.0
that can be exploited to cause remote code execution.

This vulnerability requires user interaction in the form of clicking
a malicious crafted URL.

_______________

 Details
_______________

Pidgin supports the use of URL handlers in IM sessions.  The Windows build
passes URLs directly to the ShellExecute API where they are executed under
the context of the user running the application.

When passed through a file:// URL a malicious executable can be hosted
and executed off a remote WEBDAV/SMB share.

This vulnerability requires user interaction in the form of clicking a
crafted URL but Pidgins Insert -> Link function gives the option of adding
a description which masks the underlying link. 

This makes the task of social engineering the target a trivial one.

This vulnerability has only been confirmed over Google-Talk though
exploitation over other chat networks may be possible.

_______________

 Solution
_______________

Upgrade to Pidgin 2.10.0 from http://www.pidgin.im/
The Pidgin changelog can be found http://developer.pidgin.im/wiki/ChangeLog

_______________

 Legals
_______________

The information is provided for research and educational purposes
only. Insomnia Security accepts no liability in any form whatsoever
for any direct or indirect damages associated with the use of this
information.

___________________________________________________________________
 
 Insomnia Security Vulnerability Advisory: ISVA-110822.1
___________________________________________________________________

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ