Date: Thu, 7 Jan 2010 17:51:01 +0100 From: Nico Golde <oss-security+ml@...lde.de> To: oss-security@...ts.openwall.com Subject: Re: CVE request - pidgin MSN arbitrary file upload Hi, * Josh Bressers <bressers@...hat.com> [2010-01-07 16:19]: > ----- "Paul Aurich" <paul@...krain42.org> wrote: > > http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html > > > > In Fabian's talk, he describes an issue where Pidgin's MSN prpl does not > > validate the filename received in a request for Pidgin to upload a custom > > emoticon to a third-party, allowing an attacker to download arbitrary > > files on the system via directory traversal. > > > > This is fixed in source, but no release yet: > > http://d.pidgin.im/viewmtn/revision/info/c64a1adc8bda2b4aeaae1f273541afbc4f71b810 > > As this really needs an ID, please use CVE-2010-0013. While everyone is talking about the file inclusion vulnerability which is really important, has anyone investigated the SLP memory corruption issue yet? Page 24: http://events.ccc.de/congress/2009/Fahrplan/attachments/1483_26c3_ipv4_fuckups.pdf I had no time to investigate this yet myself but both issues should be fixed probably at once ;) Cheers Nico -- Nico Golde - http://www.ngolde.de - nion@...ber.ccc.de - GPG: 0xA0A0AAAA For security reasons, all text in this mail is double-rot13 encrypted. Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.