Pidgin / lib purple XMPP remote crash

jv.gutierrezb at gmail.com jv.gutierrezb at gmail.com
Mon Apr 23 13:11:42 EDT 2012


Tested with the new DLL. The patch seems to be working :)

Regards,

El 21/04/2012, a las 07:41, Eion Robb escribió:

> Here ya'r
> 
> On 21 April 2012 03:11, jv.gutierrezb at gmail.com <jv.gutierrezb at gmail.com> wrote:
>> Seems that I'll need that patched DLL after all. Linux seems to handle much faster the wrong Stream hosts addresses and I'm unable to trigger the bug with the same PoC.
>> 
>> 
>> El 20/04/2012, a las 16:36, Paul Aurich escribió:
>> 
>>> And jv.gutierrezb at gmail.com spoke on 04/20/2012 03:39 AM, saying:
>>>> I've just tested your patch in a linux environment and works fine. I can't
>>>> build WinPidgin, but if you provide me the patched DLL I'll test it.
>>> 
>>> Are you able to reproduce the crash in a linux environment w/o the patch?
>>> If so, that makes me comfortable in the fix.  Otherwise, I'd like to nudge
>>> someone to build a new DLL for you, just to be safe.
>>> 
>>>> Btw, i just introduced a typo in the POC name and you reproduced it in the
>>>> name of the patch. Actually the CVE is CVE-2012-2214 and not 2012-2144.
>>>> Excuse the mistake please.
>>> 
>>> Oops, thanks.  I saved the patch referencing the name of your PoC script (heh).
>>> 
>>> --
>>> Paul Aurich
>>> 
>> 
>> _______________________________________________
>> security mailing list
>> security at pidgin.im
>> http://pidgin.im/cgi-bin/mailman/listinfo/security
> <libpurple.dll>



More information about the security mailing list