Pidgin MSN memory corruption issue
Jan Lieskovsky
jlieskov at redhat.com
Tue Feb 16 09:34:46 EST 2010
Hi Mark,
Warren mentioned today, there might be yet another, modified
reproducer for CVE-2010-0277 (not the Java one). If so,
could you please share it with us?
Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team
Mark Doliner wrote:
> On Wed, Feb 10, 2010 at 9:15 AM, Jan Lieskovsky <jlieskov at redhat.com> wrote:
>> Hi Mark,
>>
>> thanks for the reproducer.
>>
>> Regarding the crash mentioned in gdb.txt:
>>
>> (19:43:24) msn: switchboard send msg..
>> (19:43:24) GLib: g_queue_is_empty: assertion `queue != NULL' failed
>> (19:43:24) g_log: msn_cmdproc_send_trans: assertion `cmdproc != NULL' failed
>>
>> Program received signal SIGSEGV, Segmentation fault.
>>
>> What was the version of Pidgin, you reproduced on?
>
> I do not know--this file comes directly from the person who found the problem.
>
>> Tried two Fedora's ones (pidgin-2.6.5-1 already with the CVE-2010-0013
>> patch applied) and pidgin-2.6.4-1, got two Hotmail MSN accounts:
>>
>> iankko at hotmail.com/somePass, iankkotest at hotmail.com/somePass
>>
>> when logged into Pidgin (started under gdb) as 'iankkotest', starting up the
>> java
>> PidginExploit in the form of:
>>
>> java PidginExploit iankko at hotmail.com somePass iankkotest at hotmail.com
>>
>> and inviting 'iankko at hotmail.com' from 'iankkotest at hotmail.com'
>> (see attached further_steps.txt), the only (verbose) gdb output, I can see
>> is
>> (attached result.txt) -- no crash, just some assertion message.
>>
>> Could you advice, what I am doing wrong here? (Or once Pidgin was
>> patched for CVE-2010-0013, the crash isn't present anymore, just
>> some valgrind warnings?)
>
> I don't think you're doing anything wrong. I think Pidgin patched for
> CVE-2010-0013 is less likely to crash, and will just show valgrind
> warnings.
>
> --Mark
More information about the security
mailing list