[Pidgin] #14571: Win32 installer uses insecure GTK+ version

Pidgin trac at pidgin.im
Wed Sep 14 16:17:42 EDT 2011


#14571: Win32 installer uses insecure GTK+ version
--------------------+-------------------------------------------------------
 Reporter:  sdierl  |        Owner:  datallah       
     Type:  defect  |       Status:  new            
Milestone:  3.0.0   |    Component:  winpidgin (gtk)
  Version:  2.10.0  |   Resolution:                 
 Keywords:          |  
--------------------+-------------------------------------------------------

Old description:

> Secunia PSI complains about the GTK+ libraries downloaded by the Pidgin
> Win32 installer. This GTK+ version apparently has a DLL loading
> vulnerablity, as described in [1] and [2].
>
> This can be fixed by using a recent GTK+ version.
>
> [1] http://secunia.com/advisories/45815/
>
> [2] http://jvn.jp/en/jp/JVN58019849/index.html

New description:

 Secunia PSI complains about the GTK+ libraries downloaded by the Pidgin
 Win32 installer. This GTK+ version apparently has a DLL loading
 vulnerablity, as described in [1] and [2].

 This can be fixed by using a recent GTK+ version.

 [1] http://secunia.com/advisories/45815/ [[BR]]
 [2] http://jvn.jp/en/jp/JVN58019849/index.html

--

Comment(by sdierl):

 The DLL search order is described by Microsoft in [1].

 As far as I can tell, the only critical case is a disabled
 !SafeDllSearchMode, in which application directory and PWD are searched
 before the system directory.

 The application directory is not critical, however, the PWD might be.

 Shell links ("shortcuts") [2] can specify a PWD to use for an application.
 A possible attack scenario could be: Place a malicious Wintab32.dll and a
 shell link to Pidgin on a machine. The shell link specifies a PWD
 containing the malicious Wintab32.dll. If the user launches the shell
 link, Pidgin is started and loads the malicious library.

 Still, this requires user cooperation and is a bit theoretical.

 [1] http://msdn.microsoft.com/en-us/library/ms682586%28v=vs.85%29.aspx
 [[BR]]
 [2] http://msdn.microsoft.com/en-us/library/bb776891%28v=vs.85%29.aspx

-- 
Ticket URL: <http://developer.pidgin.im/ticket/14571#comment:5>
Pidgin <http://pidgin.im>
Pidgin


More information about the Tracker mailing list