Remote crash in gaim-text
Richard Nelson
wabz at whatsbeef.net
Tue Mar 6 05:03:00 EST 2007
On Tuesday 06 March 2007 18:09, Mark Doliner wrote:
> Unless someone objects, wabz, do you think you could write up some info on
> the vulnerability?
I'll reply now because my mails to cabal still appear to be grey-listed for a
very long time (is there a way for me to tell if this is my ISP's fault?).
Title: gaim-text format string bug
Summary: Carefully crafted strings supplied by remote users can cause the
client to crash or possibly lead to remote code execution.
Description: Several gnt widgets used the ncurses library function mvwprintw
with format strings supplied by gaim-text, which could be supplied by remote
users.
Fix: All instances of mvwprintw with only 4 arguments were changed to
mvwaddstr.
> How does this sound: We check in a fix to MTN as soon as possible We hold
> off on checking a fix into Subversion so as to avoid people noticing the
> bug (unless the fix is already been checked in?).
Yeah, the fix is currently in mtn (rev f59170f3) and not svn.
-- Richard Nelson
More information about the Cabal
mailing list