Pidgin MSN memory corruption issue
Mark Doliner
mark at kingant.net
Thu Feb 18 04:42:39 EST 2010
I don't know what he is referring to.
--Mark
On Tue, Feb 16, 2010 at 6:34 AM, Jan Lieskovsky <jlieskov at redhat.com> wrote:
> Hi Mark,
>
> Warren mentioned today, there might be yet another, modified
> reproducer for CVE-2010-0277 (not the Java one). If so,
> could you please share it with us?
>
> Thanks && Regards, Jan.
> --
> Jan iankko Lieskovsky / Red Hat Security Response Team
>
> Mark Doliner wrote:
>>
>> On Wed, Feb 10, 2010 at 9:15 AM, Jan Lieskovsky <jlieskov at redhat.com>
>> wrote:
>>>
>>> Hi Mark,
>>>
>>> thanks for the reproducer.
>>>
>>> Regarding the crash mentioned in gdb.txt:
>>>
>>> (19:43:24) msn: switchboard send msg..
>>> (19:43:24) GLib: g_queue_is_empty: assertion `queue != NULL' failed
>>> (19:43:24) g_log: msn_cmdproc_send_trans: assertion `cmdproc != NULL'
>>> failed
>>>
>>> Program received signal SIGSEGV, Segmentation fault.
>>>
>>> What was the version of Pidgin, you reproduced on?
>>
>> I do not know--this file comes directly from the person who found the
>> problem.
>>
>>> Tried two Fedora's ones (pidgin-2.6.5-1 already with the CVE-2010-0013
>>> patch applied) and pidgin-2.6.4-1, got two Hotmail MSN accounts:
>>>
>>> iankko at hotmail.com/somePass, iankkotest at hotmail.com/somePass
>>>
>>> when logged into Pidgin (started under gdb) as 'iankkotest', starting up
>>> the
>>> java
>>> PidginExploit in the form of:
>>>
>>> java PidginExploit iankko at hotmail.com somePass iankkotest at hotmail.com
>>>
>>> and inviting 'iankko at hotmail.com' from 'iankkotest at hotmail.com'
>>> (see attached further_steps.txt), the only (verbose) gdb output, I can
>>> see
>>> is
>>> (attached result.txt) -- no crash, just some assertion message.
>>>
>>> Could you advice, what I am doing wrong here? (Or once Pidgin was
>>> patched for CVE-2010-0013, the crash isn't present anymore, just
>>> some valgrind warnings?)
>>
>> I don't think you're doing anything wrong. I think Pidgin patched for
>> CVE-2010-0013 is less likely to crash, and will just show valgrind
>> warnings.
>>
>> --Mark
>
>
More information about the security
mailing list