New potential DoS vulnerability
stu at nosnilmot.com
Thu Dec 23 22:00:03 EST 2010
On Wed, 2010-12-22 at 18:39 -0500, John Bailey wrote:
> We have yet another potential denial of service vunlnerability in our MSN code.
> It's a null pointer dereference due to receiving a "short" packet for a direct
> connection. This vulnerability was discovered by Stu Tomlinson, and Elliott
> Sales de Andrade provided the attached patch, which he believes fixes the issue.
> I believe, but am not certain, that this vulnerability *should* affect only
> libpurple 2.7.6, 2.7.7, and 2.7.8, as previous versions do not cause the MSN
> servers to send us the "short" packets that cause the crash. Any developer with
> better knowledge of this should chime in and correct my mistakes (if any).
I should clarify that because this is in the direct connection code it
is not dependent on what the servers send us but rather what other
clients send, so is susceptible to attack by malicious clients.
I think only libpurple 2.7.6-2.7.8 are vulnerable because it was
introduced by the MSN code remodelling that was merged in 2.7.6, not due
to what the servers send.
More information about the Packagers