[Fwd: Re: [Advisories] Libpurple security vulnerability CORE-2009-0727]

Paul Aurich darkrain42 at pidgin.im
Fri Jul 31 16:09:55 EDT 2009


The attachment appears to be encrypted.
~Paul

And Luke Schierer spoke on 07/31/2009 12:22 PM, saying:
> ---------------------------- Original Message ----------------------------
> Subject: Re: [Advisories] Libpurple security vulnerability CORE-2009-0727
> From:    "Core Security Advisories Team (jo)"
> <advisories-publication at coresecurity.com>
> Date:    Fri, July 31, 2009 14:39
> To:      "Luke Schierer" <lschiere at pidgin.im>
> Cc:      "Federico Muttis" <acid at corest.com>
>          "CORE Security Technologies Advisories-publication"
> <advisories-publication at coresecurity.com>
> --------------------------------------------------------------------------
> 
> Luke,
> 
> Here is the PoC that triggers the bug. To run exploit.py you must first
> edit msnclient.py:
> 
>        # Setup some MSN accounts
>        self.account = "Attacker MSN account"
>        self.password = "Attacker password"
>        self.victim = "Victim MSN Account"
>        self.display_name = "My Display Name"
> 
>        # Set your proxy if you need it, with this format:
>        #self.proxy = "192.168.254.254:80"
>        # Else, leave it blank.
>        self.proxy = ""
> 
> Don't hesitate to write if you have any doubt or comment.
> 
> Regards,
> Jose.
> 
> Luke Schierer escribió:
>> We have looked into the code and we're not sure how this can be triggered.
>> You have outlined a two-step process. For the second step, you say
>> buffer is NULL, thus allowing a memcpy to an arbitrary location.
>> However, we don't see how this could happen. The buffer should either
>> have been allocated in the first step, or if that fails, the original
>> message would be destroyed. And without that, the second part could
>> not occur. So, how are you getting buffer to be NULL?
>>
>> Thanks!
>>
>> Luke
>>
>> On Jul 30, 2009, at 13:17 EDT, Core Security Advisories Team (jo) wrote:
>>
>>
>>> Hi,
>>> I am attaching a preliminary version of the advisory, written by
>>> Federico Muttis, encrypted with Luke's key. Don't hesitate to write back
>>> if you have any doubts or comments.  We are planning to release the
>>> advisory on August 18th, 2009.
>>> Regards,
>>> Jose.
>>> --José I. Orlicki
>>> Advisories Team
>>> Core Security Technologies
>>>
>> http://corelabs.coresecurity.com/index.php?module=FrontEndMod&action=list&type=advisory
>>
>>> <pidgin-1.txt.pgp>
> 



More information about the Packagers mailing list