Lots of crashes (exploitable?) reported in Fedora
Vincent Danen
vdanen at redhat.com
Tue Apr 17 15:09:19 EDT 2012
* [2012-04-13 14:19:51 -0400] Ethan Blanton wrote:
>Vincent Danen spake unto us the following wisdom:
>> Hi folks. I'm not sure whether this should be considered
>> security-sensitive or not, but we've had a number of crashes reported on
>> pidgin in Fedora:
>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=720781
>
>Are the extra threads created by the crash-reporting process, or is
>Fedora doing something stupid with plugins? I see at least some of
>those include third-party plugins, some of which I do not recognize.
Sorry for not getting back to this sooner.
I don't believe abrt would be adding anything to those calls, but I'm
not 100% familiar with it. They could very well be third-party plugins
causing this (I suspect users can download and install their own plugins
outside of what we provide in Fedora).
>The threads seem to be using different glib contexts, so they may be
>safe, but ...
>
>> The bug is public as these were all sent by abrt collecting info on
>> Pidgin crashes and they seem to be all over the place. I have not much
>> experience with Pidgin or trying to determine whether or not these might
>> be considered security flaws, but could you take a look at the bug and
>> see if might be?
>>
>> Again, the bug is public but I wanted to give you a heads-up. I don't
>> believe these are more than crashes, but at least one user in the bug
>> seems to think these should be security-relevant.
>
>The crash-on-demand from a jabber call is indeed concerning.
I'm cc'ing Jonathan who maintains pidgin on RHEL, as he may have more
insight into this than I, and Stu who is the Fedora maintainer of
pidgin.
>From what I understand of abrt, if the hash is the same (which it should
be since all these reports keep getting added to this one bug), then the
issue is being triggered in the same place (if it were triggered
somewhere else, my understanding is that the abrt hash would change).
So it looks like the underlying problem might be the same across the
board, but it just shows up in different ways or circumstances?
--
Vincent Danen / Red Hat Security Response Team
More information about the security
mailing list