[oss-security] CVE request - pidgin MSN arbitrary file upload

Mark Doliner mark at kingant.net
Thu Jan 14 17:14:52 EST 2010 

Just want to be clear I'm not missing anything... the specific bits of
that pdf that Nico Golde is concerned about are:
"3. Try to implement a standalone exploit for the
   file download vuln without copy/pasting from
   wireshark.
4. Whoever does NOT trip over a memory
   corruption bug in SLP-code wins."

Right?

Also curious: Has anyone contacted the author of that pdf to request
that any future security problems be disclosed to us privately before
being released publicly?

--Mark

On Sat, Jan 9, 2010 at 1:00 PM, Paul Aurich <paul at darkrain42.org> wrote:
> FYI.
> ~Paul
>
> Begin forwarded message:
>>
>> From: "Steven M. Christey" <coley at linus.mitre.org>
>> Date: January 9, 2010 10:08:49 PST
>> To: oss-security at lists.openwall.com
>> Cc: bressers at redhat.com
>> Subject: Re: [oss-security] CVE request - pidgin MSN arbitrary file upload
>> Reply-To: oss-security at lists.openwall.com
>>
>>
>> On Thu, 7 Jan 2010, Nico Golde wrote:
>>
>>> While everyone is talking about the file inclusion vulnerability which is
>>> really important, has anyone investigated the SLP memory corruption issue yet?
>>> Page 24: http://events.ccc.de/congress/2009/Fahrplan/attachments/1483_26c3_ipv4_fuckups.pdf
>>
>>
>> Use CVE-2010-0277 for the memory corruption.
>>
>> - Steve
>>
>> ======================================================
>> Name: CVE-2010-0277
>> Status: Candidate
>> URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0277
>> Reference: MLIST:[oss-security] 20100107 Re: CVE request - pidgin MSN arbitrary file upload
>> Reference: URL:http://www.openwall.com/lists/oss-security/2010/01/07/2
>> Reference: MISC:http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html
>>
>> slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and
>> Adium 1.3.8 allows remote attackers to cause a denial of service
>> (memory corruption) or possibly have unspecified other impact via
>> unknown vectors, a different issue than CVE-2010-0013.
>>
>>
>
> _______________________________________________
> security mailing list
> security at pidgin.im
> http://pidgin.im/cgi-bin/mailman/listinfo/security
>

More information about the security mailing list