|Main Archive Page > Month Archives > bugtraq archives|
Application: Pidgin 2.4.1
OS: Linux - Ubuntu 8.04
Pidgin is an instant messaging program with which you can use a number of protocols known as (MSN, ICQ, AIM).
While there is Pidgin 2.4.2 version which was not provided in this version so I could not say whether it was also vulnerable.
The vulnerability works sending files with the protocol msn (I did not test at all protocols), if a file is sent with a long name and special characters and this causes the program to break.
If we analyze the vulnerability with a debugger you can see a flaw in the following function
0xb62abaeb in msn_slplink_process_msg
According with the characters used, the fault may vary in other functions.
ASCII = (‣ ․ ‥ … ) HEX = ( 26 23 38 32 32 37 3b 20 26 23 38 32 32 38 3b 20 26 23 38 32 32 39 3b 20 85 )