Bug 372021 (CVE-2008-1227)

Summary: CVE-2008-1227 Logging into silc account crashes pidgin
Product: [Fedora] Fedora Reporter: Nathan G. Grennan <redhat-bugzilla>
Component: libsilcAssignee: Stu Tomlinson <stu>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: 8CC: lkundrak, lvilla, stu, wtogami
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 1.0.2-5.fc8 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-02-28 21:35:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Backtrace with debuginfo none

Description Nathan G. Grennan 2007-11-09 01:51:23 UTC 
Description of problem:
pidgin crashes on login to a silc account. I tried setting it up fresh, and from
old setup. Both caused the crash.

Version-Release number of selected component (if applicable):
pidgin-2.2.2-1.fc8.x86_64

How reproducible:
Everytime

Steps to Reproduce:
1. Install pidgin
2. Run pidgin
3. Setup silc account
  
Actual results:
Crash

Expected results:
Runs normally

Additional info:
If run from a terminal window it mentions a buffer overflow.
Comment 1 luca villa 2007-11-26 21:40:18 UTC 
I can confirm this odd behavior that happens just with silc accounts.
A workaround for this problem is to downgrade to libsilc-1.0.2-2.fc6, the one
installed by default under fedora 7. 
This suggest to me that the problem could be in libsilc itself but I didn't
investigate deeper.
Comment 2 Stu Tomlinson 2008-01-04 03:04:16 UTC 
I think we'll need a backtrace with both pidgin-debuginfo and libsilc-debuginfo
installed to be able to get anywhere with this.
Comment 3 luca villa 2008-01-06 15:07:58 UTC 
Created attachment 290915 [details]
Backtrace with debuginfo
Comment 4 Stu Tomlinson 2008-01-06 18:13:35 UTC 
This appears to be a libsilc problem, could you please try this libsilc package
to see if the crash is fixed, and if you are now able to log in to silc?
http://koji.fedoraproject.org/scratch/nosnilmot/task_328484/
Comment 5 luca villa 2008-01-06 21:56:19 UTC 
This seems to solve the problem for me. Now I can log in to silc without
crashing pidgin anymore.
Comment 6 Fedora Update System 2008-01-26 15:42:54 UTC 
libsilc-1.0.2-5.fc7 has been submitted as an update for Fedora 7
Comment 7 Fedora Update System 2008-01-26 15:42:57 UTC 
libsilc-1.0.2-5.fc8 has been submitted as an update for Fedora 8
Comment 8 Fedora Update System 2008-01-27 07:14:10 UTC 
libsilc-1.0.2-5.fc8 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update libsilc'.  You can provide feedback for this update here: http://admin.fedoraproject.org/F8/FEDORA-2008-1041
Comment 9 Fedora Update System 2008-02-28 21:35:52 UTC 
libsilc-1.0.2-5.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2008-02-28 21:46:11 UTC 
libsilc-1.0.2-5.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 11 Lubomir Kundrak 2008-03-11 21:01:54 UTC 
I'm not convinced the contents of the buffer are in attacker's control; did
anyone conduct some investigation?
Comment 12 Stu Tomlinson 2008-03-20 16:41:16 UTC 
(In reply to comment #11)
> I'm not convinced the contents of the buffer are in attacker's control; did
> anyone conduct some investigation?

I asked this of upstream and the reply was:
> I'm not sure but I think this wasn't so serious.  I never got it crash myself.