oss-sec mailing list archives
Re: Re: CVE Request (pidgin)
From: Nico Golde <oss-security+ml () ngolde de>
Date: Thu, 3 Jul 2008 17:29:47 +0200
Hi Steven, * Steven M. Christey <coley () linus mitre org> [2008-07-01 23:40]:
Name: CVE-2008-2955 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2955 Reference: BUGTRAQ:20080626 Pidgin 2.4.1 Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/archive/1/493682/100/0/threaded Reference: FRSIRT:ADV-2008-1947 Reference: URL:http://www.frsirt.com/english/advisories/2008/1947 Reference: SECUNIA:30881 Reference: URL:http://secunia.com/advisories/30881 Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function.
Did anyone try if this can be done by some random user without authorization and if the victim needs to accept the file first to trigger this? Kind regards Nico -- Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
_bin
Description:
Current thread:
- Re: CVE Request (pidgin) Steven M. Christey (Jul 01)
- Re: Re: CVE Request (pidgin) Nico Golde (Jul 03)
- Re: Re: CVE Request (pidgin) Josh Bressers (Jul 03)
- Re: Re: CVE Request (pidgin) Robert Buchholz (Jul 03)
- Re: Re: CVE Request (pidgin) Josh Bressers (Jul 03)
- Re: Re: CVE Request (pidgin) Josh Bressers (Jul 03)
- Re: Re: CVE Request (pidgin) Nico Golde (Jul 03)
- Re: Re: CVE Request (pidgin) Vincent Danen (Jul 03)
- Re: Re: CVE Request (pidgin) Nico Golde (Jul 05)
- Re: Re: CVE Request (pidgin) Vincent Danen (Jul 08)
- Re: Re: CVE Request (pidgin) Nico Golde (Jul 05)
- <Possible follow-ups>
- CVE Request (pidgin) Josh Bressers (Aug 05)
- Re: CVE Request (pidgin) Steven M. Christey (Aug 07)