PGP key for vulnerability reports
Ethan Blanton
elb at pidgin.im
Wed Nov 13 21:56:10 EST 2013
Richard Johnson spake unto us the following wisdom:
> Please find some of the security bugs we found attached. I've included my
> public key exported to ascii as well. Let me know if you have any trouble
> reproducing or understanding the bugs.
Quick summary to the list; we'll have to figure out how to distribute
these privately, or whether we just want me to send the unencrypted
disclosures to the list.
The four bugs are:
1. A bug in libgadu that has probably been fixed by Tomasz by this
point, although he'll have to verify that, and it might not yet be
included upstream (I have no idea).
2. A NULL dereference in Mxit; they say it's remotely exploitable if
you can "allocate enough memory that the kernel maps the lowest
page" (paraphrased), which is bogus on Unix, but maybe Windows
sucks like that. Either way it's a remote crasher. Can only be
initiated by the server, but that's no excuse.
3. Our Windows URL sanitizing is totally broken and they showed an
example of why.
4. SIP SIMPLE can be caused to NULL dereference. I think this is
probably a more general logic bug, but it's a remote crasher either
way. They make the same claims as #2.
Ethan
More information about the security
mailing list