Fwd: Pidgin MSN memory corruption issue

Paul Aurich paul at darkrain42.org
Sun Jan 17 14:14:55 EST 2010


I haven't looked at any of this yet (but I am confirming with him that there's no embargo date).

~P

Begin forwarded message:
> 
> From: Fabian Yamaguchi <fabs at recurity-labs.com>
> Date: January 17, 2010 11:06:42 PST
> To: Paul Aurich <darkrain42 at pidgin.im>
> Subject: Re: Pidgin MSN memory corruption issue
> 
> Hey Paul,
> 
> I've assembled some information for you to reproduce the issue. The
> attached tarball includes a proof of concept exploit, two packet-logs,
> one from the attacker to the server and another from the server to the
> attacked host, and a backtrace obtained from gdb.
> 
> To run the code, you'll need the newest SVN-snapshot of the java MSN
> Library, which you can find at: http://jml.blathersource.org/.
> 
> Hope this helps you guys fix the issue.
> 
> Fabian
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pidginMemoryCorruption.tar.gz
Type: application/x-compressed-tar
Size: 27632 bytes
Desc: not available
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20100117/4f6b4c45/attachment-0001.bin>
-------------- next part --------------
> 




More information about the security mailing list