TUCoPS :: Linux :: Ubuntu :: bx3594.htm

Pidgin 2.4.1 Vulnerability
Pidgin 2.4.1 Vulnerability
Pidgin 2.4.1 Vulnerability


=0D
Application: Pidgin 2.4.1 =0D
OS: Linux - Ubuntu 8.04=0D
------------------------------------------------------=0D
1 - Description=0D
2 - Vulnerability=0D
3 - POC/EXPLOIT=0D
------------------------------------------------------=0D
Description=0D
=0D
Pidgin is an instant messaging program with which you can use a number of protocols known as (MSN, ICQ, AIM).=0D
=0D
While there is Pidgin 2.4.2 version which was not provided in this version so I could not say whether it was also vulnerable.=0D
=0D
------------------------------------------------------=0D
Vulnerability=0D
=0D
The vulnerability works sending files with the protocol msn (I did not test at all protocols),=0D
if a file is sent with a long name and special characters and this causes the program to break.=0D
=0D
	=0D
If we analyze the vulnerability with a debugger you can see a flaw in the following function=0D
=0D
=0D
0xb62abaeb in msn_slplink_process_msg =0D
=0D
=0D
According with the characters used, the fault may vary in other functions.=0D
=0D
------------------------------------------------------=0D
POC/EXPLOIT=0D
=0D
For proof of the concept you should create a file either (never mind the extension) with the maximum allowable characters, =0D
with the following characteristics.=0D
=0D
ASCII = (‣ ․ ‥ =85 )=0D
=0D
HEX = ( 26 23 38 32 32 37 3b 20 26 23 38 32 32 38 3b 20 26 23 38 32 32 39 3b 20 85 )=0D
=0D
------------------------------------------------------=0D
Juan Pablo Lopez Yacubian

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH