Additional Security issues

Daniel Atallah daniel.atallah at gmail.com
Tue Feb 5 17:11:10 EST 2013


Folks,

There are a number of additional issues that I'm aware of (and have
something of a patch to address).

I think I had eluded to these in my previous email about the coverity analysis.

 * CID 732103 - Fix non-NUL terminated buffer during oscar direct
connection negotiation.
 ** I think this one is pretty severe - my patch is certainly not ideal
 * CID 731954, 731953, 731952, 731951, 731950 UPnP buffer overflows
 ** This is pretty severe too the particular concerning value here is
line 790 - setting the IP from the http response
 * CID 731949 - normalizing a really long sametime username overflows buffer
 ** Not sure if this is possible to trigger over the wire - I'm not
familiar enough with sametime

I meant to send these out a while ago, but didn't get to it.  Sorry about that.

-D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CID732103.patch
Type: application/octet-stream
Size: 1008 bytes
Desc: not available
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20130205/3c5ab934/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: UPnP.patch
Type: application/octet-stream
Size: 2471 bytes
Desc: not available
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20130205/3c5ab934/attachment-0001.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CID731949.patch
Type: application/octet-stream
Size: 637 bytes
Desc: not available
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20130205/3c5ab934/attachment-0002.obj>


More information about the security mailing list