Welcome Guest | Login
Multiple vulnerabilities in pidgin
Date:
09/13/2008 Severity:
Low (Denial of Service)Affected Systems:
Known vulnerable: pidgin 2.0.0
Probably vulnerable: Gaim 2.0.0 beta versions
Known fixed: none
Summary:
Pidgin contains a memory leak in its XML parser when parsing malformed XML. Untrusted XML documents are exchanged in the UPnP and Jabber protocols. Furthermore, the UPnP implementation does not limit the size of the http download. Since the download can be triggered with a UDP packet containing an arbitrary URL, this allows an attacker to
cause Pidgin to download a document of arbitrary size from an any website.
Both vulnerabilities only occur under limited circumstances. Specifically, the UPnP vulnerabilitiy can only be exploited during a small time window during Pidgin's startup sequence. The XML memory leak requires the user to connect to a Jabber server that is either malicious itself or fails to check for malformed XML during forwarding.
Impact:
Attackers can use the first vulnerability to cause Pidgin to leak memory. As a result, vulnerable versions can be crashed by malicious Jabber servers. Furthermore, Jabber servers that forward malformed XML expose their clients to remote exploits by other users.
The second vulnerability allows an attacker to cause Pidgin to download arbitrary documents from the web, resulting in potentially large memory allocations and bandwidth consumption.
Patches:
Patches for both vulnerabilities are attached to the original advisory.| Attachment | Size |
|---|---|
| pidgin-2.0.0-upnp-limit-download.diff | 4.06 KB |
| pidgin-2.0.0-xmlnode-pool-leak.diff | 2.67 KB |
- Login to post comments