<<< Date Index >>>     <<< Thread Index >>>

Pidgin 2.4.1 Vulnerability



Application: Pidgin 2.4.1 
OS: Linux - Ubuntu 8.04
------------------------------------------------------
1 - Description
2 - Vulnerability
3 - POC/EXPLOIT
------------------------------------------------------
Description

Pidgin is an instant messaging program with which you can use a number of 
protocols known as (MSN, ICQ, AIM).

While there is Pidgin 2.4.2 version which was not provided in this version so I 
could not say whether it was also vulnerable.

------------------------------------------------------
Vulnerability

The vulnerability works sending files with the protocol msn (I did not test at 
all protocols),
if a file is sent with a long name and special characters and this causes the 
program to break.

        
If we analyze the vulnerability with a debugger you can see a flaw in the 
following function


0xb62abaeb in msn_slplink_process_msg 


According with the characters used, the fault may vary in other functions.

------------------------------------------------------
POC/EXPLOIT

For proof of the concept you should create a file either (never mind the 
extension) with the maximum allowable characters, 
with the following characteristics.

ASCII = (&#8227; &#8228; &#8229; ? )

HEX = ( 26 23 38 32 32 37 3b 20 26 23 38 32 32 38 3b 20 26 23 38 32 32 39 3b 20 
85 )

------------------------------------------------------
Juan Pablo Lopez Yacubian