Bug 641921 (CVE-2010-3711) - CVE-2010-3711 Pidgin (libpurple): Multiple DoS (crash) flaws by processing of unsanitized Base64 decoder values
Summary: CVE-2010-3711 Pidgin (libpurple): Multiple DoS (crash) flaws by processing of...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2010-3711
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 644153 644155 644157 644158 645297 645410 645413 833967
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-10-11 14:38 UTC by Jan Lieskovsky
Modified: 2019-09-29 12:39 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-11-16 20:22:45 UTC


Attachments (Terms of Use)
Revised patch for 2.6.6 (7.65 KB, patch)
2010-10-19 21:46 UTC, Matthew Barnes
no flags Details | Diff


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2010:0788 normal SHIPPED_LIVE Moderate: pidgin security update 2010-10-21 16:52:02 UTC
Red Hat Product Errata RHSA-2010:0890 normal SHIPPED_LIVE Moderate: pidgin security update 2010-11-16 17:36:21 UTC

Description Jan Lieskovsky 2010-10-11 14:38:07 UTC
Pidgin did not sanitize output of Base64 decode operation prior its further 
processing. A remote attacker, valid Pidgin user, could use this flaw to cause:

a, NULL pointer dereference (pidgin daemon crash) by transfering of a
   specially-crafted buddy icon via the Yahoo protocol plugin

b, NULL pointer dereference (pidgin deamon crash) by providing a
   specially-crafted IP address value for peer-to-peer connection
   in the Yahoo protocol plugin

c, NULL pointer dereference (pidgin daemon crash) by providing a
   specially-crafted transfer header in the MSN protocol plugin

d, NULL pointer dereference (pidgin daemon crash) by providing a
   specially-crafted login challenge value in the MySpace protocol
   plugin

e, NULL pointer dereference (pidgin daemon crash) by providing a
   specially-crafted Digest-MD5 authentication challenge in the
   XMPP protocol plugin

   Note: This crash can happen only when Cyrus SASL is not available
         or does not provide Digest-MD5 support

f, NULL pointer dereference (pidgin daemon crash) by providing a
   specially-crafted Type 2 message by authentication via the NTLM
   protocol


Acknowledgements: 

Red Hat would like to thank the Pidgin project for reporting these issues. Upstream acknowledges Daniel Atallah as the original reporter.

Comment 5 Jan Lieskovsky 2010-10-11 15:18:34 UTC
These issues affect the versions of the pidgin package, as shipped
with Red Hat Enterprise Linux 3, 4, and 5.

--

These issues affect the versions of the pidgin package, as shipped
with Fedora release of 12 and 13.

Comment 7 Jan Lieskovsky 2010-10-11 15:33:01 UTC
CVE identifier of CVE-2010-3711 has been assigned to these issues.

Comment 20 Huzaifa S. Sidhpurwala 2010-10-21 07:09:29 UTC
Public via:
[1] http://pidgin.im/news/security/?id=48

Upstream changeset:
[2] http://developer.pidgin.im/viewmtn/revision/info/b01c6a1f7fe4d86b83f5f10917b3cb713989cfcc

Comment 21 Huzaifa S. Sidhpurwala 2010-10-21 09:23:37 UTC
Created pidgin tracking bugs for this issue

Affects: fedora-all [bug 645297]

Comment 23 errata-xmlrpc 2010-10-21 16:52:14 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 5

Via RHSA-2010:0788 https://rhn.redhat.com/errata/RHSA-2010-0788.html

Comment 24 Matthew Barnes 2010-10-21 17:25:17 UTC
Am I correct that only f12 and f13 need patched, and f14 and f15 will be fixed by rebasing to Pidgin 2.7.4?

Comment 25 errata-xmlrpc 2010-11-16 17:36:34 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2010:0890 https://rhn.redhat.com/errata/RHSA-2010-0890.html


Note You need to log in before you can comment on or make changes to this bug.