Pidgin 2.4.1 Vulnerability

From: <jplopezy_at_nospam>
Date: Thu Jun 26 2008 - 04:15:11 GMT
To: bugtraq@securityfocus.com

('binary' encoding is not supported, stored as-is)

Application: Pidgin 2.4.1
OS: Linux - Ubuntu 8.04

1 - Description 2 - Vulnerability 3 - POC/EXPLOIT
------------------------------------------------------
Description

Pidgin is an instant messaging program with which you can use a number of protocols known as (MSN, ICQ, AIM).

While there is Pidgin 2.4.2 version which was not provided in this version so I could not say whether it was also vulnerable.

Vulnerability

The vulnerability works sending files with the protocol msn (I did not test at all protocols), if a file is sent with a long name and special characters and this causes the program to break.

If we analyze the vulnerability with a debugger you can see a flaw in the following function

0xb62abaeb in msn_slplink_process_msg

According with the characters used, the fault may vary in other functions.

POC/EXPLOIT For proof of the concept you should create a file either (never mind the extension) with the maximum allowable characters, with the following characteristics.

ASCII = (‣ ․ ‥ … ) HEX = ( 26 23 38 32 32 37 3b 20 26 23 38 32 32 38 3b 20 26 23 38 32 32 39 3b 20 85 )

Juan Pablo Lopez Yacubian

This message: [ Message body ]
Next message: jplopezy_at_nospam: "Evolution Vulnerability"
Previous message: tan_prathan_at_nospam: "The Rat CMS (SQL/XSS) Multiple Remote Vulnerabilities"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]