Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20100107165101.GK8609@ngolde.de>
Date: Thu, 7 Jan 2010 17:51:01 +0100
From: Nico Golde <oss-security+ml@...lde.de>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request - pidgin MSN arbitrary file upload

Hi,
* Josh Bressers <bressers@...hat.com> [2010-01-07 16:19]:
> ----- "Paul Aurich" <paul@...krain42.org> wrote:
> > http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html
> > 
> > In Fabian's talk, he describes an issue where Pidgin's MSN prpl does not
> > validate the filename received in a request for Pidgin to upload a custom
> > emoticon to a third-party, allowing an attacker to download arbitrary
> > files on the system via directory traversal.
> > 
> > This is fixed in source, but no release yet:
> > http://d.pidgin.im/viewmtn/revision/info/c64a1adc8bda2b4aeaae1f273541afbc4f71b810
> 
> As this really needs an ID, please use CVE-2010-0013.

While everyone is talking about the file inclusion vulnerability which is 
really important, has anyone investigated the SLP memory corruption issue yet?
Page 24: http://events.ccc.de/congress/2009/Fahrplan/attachments/1483_26c3_ipv4_fuckups.pdf

I had no time to investigate this yet myself but both issues should be fixed 
probably at once ;)

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - nion@...ber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.