[Pidgin] #11110: Pidgin appears to leak DNS for Jabber accounts

Pidgin trac at pidgin.im
Fri Jan 8 19:51:09 EST 2010 

#11110: Pidgin appears to leak DNS for Jabber accounts
-------------------------------------+--------------------------------------
 Reporter:  ioerror                  |        Owner:  deryni
     Type:  defect                   |       Status:  new   
Milestone:                           |    Component:  XMPP  
  Version:  2.6.4                    |   Resolution:        
 Keywords:  jabber security privacy  |  
-------------------------------------+--------------------------------------
Description changed by ioerror:

Old description:

> While sniffing my local network connection (wlan0) to debug a network
> failure, I found that when I start pidgin, it leaks DNS for two jabber
> accounts. Here's the text summary of a packet dump performed by
> Wireshark:
>
> 1       0.000000        192.168.1.35    89.150.129.4    DNS     Standard
> query SRV _xmpp-client._tcp.jabber.ccc.de
> 2       0.033425        89.150.129.4    192.168.1.35    DNS     Standard
> query response SRV 5 0 5222 jabberd.jabber.ccc.de
> 3       3.035413        192.168.1.35    89.150.129.4    DNS     Standard
> query AAAA stun.l.google.com
> 4       3.066871        89.150.129.4    192.168.1.35    DNS     Standard
> query response
> 5       3.066973        192.168.1.35    89.150.129.4    DNS     Standard
> query AAAA stun.l.google.com
> 6       3.098772        89.150.129.4    192.168.1.35    DNS     Standard
> query response
> 7       3.098836        192.168.1.35    89.150.129.4    DNS     Standard
> query A stun.l.google.com
> 8       3.131653        89.150.129.4    192.168.1.35    DNS     Standard
> query response A 209.85.229.126
> 9       6.186464        192.168.1.35    89.150.129.4    DNS     Standard
> query SRV _stun._udp.jabber.ccc.de
> 10      6.231383        89.150.129.4    192.168.1.35    DNS     Standard
> query response, No such name
>
> I use a different SOCKS5 proxy for each of my IM accounts; I have various
> protocols enabled and each of them appears to work perfectly
> (aim/yahoo/msn/jabber/etc). Each of my SOCKS5 proxies is a local proxy
> (ssh or other tunnels) listening on 127.0.0.1 on some specific port. I
> expect Pidgin to only speak to these proxies. I do not trust my local
> network not to forge DNS replies and I do not want people to know where I
> am connecting when I use a proxy (my proxies are encrypted tunnels).
>
> Specifically, I have two accounts configured as XMPP accounts; both of
> them are configured to talk to a specific SOCKS5 proxy on 127.0.0.1. Both
> google and the jabber.ccc.de server allow open registration and it should
> be trivial to reproduce this DNS leak.
>
> This is for Pidgin 2.6.4 (libpurple 2.6.4) -
> 3c54c32773c1f4469b35603025eb4516315aebf0

New description:

 While sniffing my local network connection (wlan0) to debug a network
 failure, I found that when I start pidgin, it leaks DNS for two jabber
 accounts. Here's the text summary of a packet dump performed by Wireshark:

 1       0.000000        192.168.1.35    89.150.129.4    DNS     Standard
 query SRV _xmpp-client._tcp.jabber.ccc.de

 2       0.033425        89.150.129.4    192.168.1.35    DNS     Standard
 query response SRV 5 0 5222 jabberd.jabber.ccc.de

 3       3.035413        192.168.1.35    89.150.129.4    DNS     Standard
 query AAAA stun.l.google.com

 4       3.066871        89.150.129.4    192.168.1.35    DNS     Standard
 query response

 5       3.066973        192.168.1.35    89.150.129.4    DNS Standard query
 AAAA stun.l.google.com

 6       3.098772        89.150.129.4    192.168.1.35    DNS     Standard
 query response

 7       3.098836        192.168.1.35    89.150.129.4    DNS     Standard
 query A stun.l.google.com

 8       3.131653        89.150.129.4    192.168.1.35    DNS     Standard
 query response A 209.85.229.126

 9       6.186464        192.168.1.35    89.150.129.4    DNS     Standard
 query SRV _stun._udp.jabber.ccc.de

 10      6.231383        89.150.129.4    192.168.1.35    DNS     Standard
 query response, No such name

 I use a different SOCKS5 proxy for each of my IM accounts; I have various
 protocols enabled and each of them appears to work perfectly
 (aim/yahoo/msn/jabber/etc). Each of my SOCKS5 proxies is a local proxy
 (ssh or other tunnels) listening on 127.0.0.1 on some specific port. I
 expect Pidgin to only speak to these proxies. I do not trust my local
 network not to forge DNS replies and I do not want people to know where I
 am connecting when I use a proxy (my proxies are encrypted tunnels).

 Specifically, I have two accounts configured as XMPP accounts; both of
 them are configured to talk to a specific SOCKS5 proxy on 127.0.0.1. Both
 google and the jabber.ccc.de server allow open registration and it should
 be trivial to reproduce this DNS leak.

 This is for Pidgin 2.6.4 (libpurple 2.6.4) -
 3c54c32773c1f4469b35603025eb4516315aebf0

--

-- 
Ticket URL: <http://developer.pidgin.im/ticket/11110#comment:1>
Pidgin <http://pidgin.im>
Pidgin

More information about the Tracker mailing list