MXit security flaws
Andrew.Victor at mxit.com
Tue Jan 29 16:56:00 EST 2013
>>>>> CID 732105:
>>>>> * Copy into fixed size buffer. In mxit_encrypt_password: A source
>>>>> buffer of statically unknown size is copied into a fixed-size
>>>>> destination buffer
>>> This wasn't a security problem, right? As in, it wasn't possible for
>>> a remote user or remote server to cause this field to overflow, right?
>> This looks like a potential buffer overflow if the user entered a too long
>> (> 57 character) password.
> Right, so a Pidgin user could crash himself, but there's no danger of
> a remote-user triggering this crash in a local Pidgin instance.
Yes, it can only be triggered by the local user entering a too long password.
Either by entering it in the account details form, or by trying to change their password.
It cannot be triggered remotely.
> > When do you plan to make the 2.10.7 release?
> I'm thinking maybe 2 weeks from now? We still need to fix another
> issue, then notify Linux distributions and give them time to build
> patched packages.
All the necessary MXit fixes are now applied to release-2.x.y (except the http security patch one).
This fix <http://hg.pidgin.im/pidgin/main/rev/f7b7a6c58ad3> should also be applied to 2.10.7. Without it Pidgin occasionally crashes or freezes when closing the conversation window.
There is also what I am guessing is a GTK issue with drop-down lists(purple_request_field_list).
If you look at the attached screenshot, the "Your Country" and "Your Language" should display a list for the user to select an option - but the list element is being drawn with a 0-pixel (or very very small) height.
This happens on Ubuntu 12.04 (GTK 2.24.10), but not Ubuntu 10.04 (GTK 2.20.1)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 26095 bytes
More information about the security