Fwd: Pidgin MSN memory corruption issue
Paul Aurich
paul at darkrain42.org
Sun Jan 17 14:14:55 EST 2010
I haven't looked at any of this yet (but I am confirming with him that there's no embargo date).
~P
Begin forwarded message:
>
> From: Fabian Yamaguchi <fabs at recurity-labs.com>
> Date: January 17, 2010 11:06:42 PST
> To: Paul Aurich <darkrain42 at pidgin.im>
> Subject: Re: Pidgin MSN memory corruption issue
>
> Hey Paul,
>
> I've assembled some information for you to reproduce the issue. The
> attached tarball includes a proof of concept exploit, two packet-logs,
> one from the attacker to the server and another from the server to the
> attacked host, and a backtrace obtained from gdb.
>
> To run the code, you'll need the newest SVN-snapshot of the java MSN
> Library, which you can find at: http://jml.blathersource.org/.
>
> Hope this helps you guys fix the issue.
>
> Fabian
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pidginMemoryCorruption.tar.gz
Type: application/x-compressed-tar
Size: 27632 bytes
Desc: not available
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20100117/4f6b4c45/attachment-0001.bin>
-------------- next part --------------
>
More information about the security
mailing list