Pidgin 特殊字符拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117288 漏洞类型 输入验证
发布时间 2009-01-26 更新时间 2010-01-18
CVE编号 CVE-2008-2955 CNNVD-ID CNNVD-200807-010
漏洞平台 Linux CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/32749
https://www.securityfocus.com/bid/33414
https://cxsecurity.com/issue/WLB-2008060072
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200807-010
|漏洞详情
Pidgin(前称Gaim)是一个跨平台的即时通信客户端,使用GNU通用公共许可证发布。这款软件支持多个现时常用的即时通信协议,让用户可以用同一个软件登录不同的即时通信服务。Pidgin存在特殊字符拒绝服务漏洞。远程攻击者构造一个包含特殊字符的文件名,使得MSN触发msn_slplink_process_msg函数错误。
|漏洞EXP
source: http://www.securityfocus.com/bid/33414/info

Pidgin is prone to a denial-of-service vulnerability because it fails to properly sanitize user-supplied input.

Successful exploits will cause the affected application to crash, effectively denying service to legitimate users.

Pidgin 2.4.1 is vulnerable; other versions may also be affected.

NOTE: This issue was previously thought to be a subset of the vulnerability documented in BID 29956 (Pidgin 'msn_slplink_process_msg()' Multiple Integer Overflow Vulnerabilities), but has been given its own record to properly document the vulnerability. 

Sending a filename that contains the maximum number of allowable characters and that includes the characters defined by the hex data below will crash the application.

'26 23 38 32 32 37 3b 20 26 23 38 32 32 38 3b 20 26 23 38 32 32 39 3b 20 85'
|受影响的产品
Ubuntu Ubuntu Linux 9.10 sparc Ubuntu Ubuntu Linux 9.10 powerpc Ubuntu Ubuntu Linux 9.10 lpia Ubuntu Ubuntu Linux 9.10 i386 Ubuntu Ubuntu Linux 9.10 amd64 Ubuntu Ubuntu L
|参考资料

来源:BID
名称:29985
链接:http://www.securityfocus.com/bid/29985
来源:BUGTRAQ
名称:20080626Pidgin2.4.1Vulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/493682/100/0/threaded
来源:REDHAT
名称:RHSA-2008:1023
链接:http://www.redhat.com/support/errata/RHSA-2008-1023.html
来源:MANDRIVA
名称:MDVSA-2009:025
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2009:025
来源:VUPEN
名称:ADV-2008-1947
链接:http://www.frsirt.com/english/advisories/2008/1947
来源:support.avaya.com
链接:http://support.avaya.com/elmodocs2/security/ASA-2008-493.htm
来源:SREASON
名称:3966
链接:http://securityreason.com/securityalert/3966
来源:SECUNIA
名称:33102
链接:http://secunia.com/advisories/33102
来源:SECUNIA
名称:30881
链接:http://secunia.com/advisories/30881