Bug 641921 - (CVE-2010-3711) CVE-2010-3711 Pidgin (libpurple): Multiple DoS (crash) flaws by processing of unsanitized Base64 decoder values
CVE-2010-3711 Pidgin (libpurple): Multiple DoS (crash) flaws by processing of...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
public=20101020,reported=20101010,sou...
: Security
Depends On: 644153 644155 644157 644158 645297 645410 645413 833967
Blocks:
  Show dependency treegraph
 
Reported: 2010-10-11 10:38 EDT by Jan Lieskovsky
Modified: 2012-06-20 10:33 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-11-16 15:22:45 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Revised patch for 2.6.6 (7.65 KB, patch)
2010-10-19 17:46 EDT, Matthew Barnes
no flags Details | Diff

  None (edit)
Description Jan Lieskovsky 2010-10-11 10:38:07 EDT
Pidgin did not sanitize output of Base64 decode operation prior its further 
processing. A remote attacker, valid Pidgin user, could use this flaw to cause:

a, NULL pointer dereference (pidgin daemon crash) by transfering of a
   specially-crafted buddy icon via the Yahoo protocol plugin

b, NULL pointer dereference (pidgin deamon crash) by providing a
   specially-crafted IP address value for peer-to-peer connection
   in the Yahoo protocol plugin

c, NULL pointer dereference (pidgin daemon crash) by providing a
   specially-crafted transfer header in the MSN protocol plugin

d, NULL pointer dereference (pidgin daemon crash) by providing a
   specially-crafted login challenge value in the MySpace protocol
   plugin

e, NULL pointer dereference (pidgin daemon crash) by providing a
   specially-crafted Digest-MD5 authentication challenge in the
   XMPP protocol plugin

   Note: This crash can happen only when Cyrus SASL is not available
         or does not provide Digest-MD5 support

f, NULL pointer dereference (pidgin daemon crash) by providing a
   specially-crafted Type 2 message by authentication via the NTLM
   protocol


Acknowledgements: 

Red Hat would like to thank the Pidgin project for reporting these issues. Upstream acknowledges Daniel Atallah as the original reporter.
Comment 5 Jan Lieskovsky 2010-10-11 11:18:34 EDT
These issues affect the versions of the pidgin package, as shipped
with Red Hat Enterprise Linux 3, 4, and 5.

--

These issues affect the versions of the pidgin package, as shipped
with Fedora release of 12 and 13.
Comment 7 Jan Lieskovsky 2010-10-11 11:33:01 EDT
CVE identifier of CVE-2010-3711 has been assigned to these issues.
Comment 20 Huzaifa S. Sidhpurwala 2010-10-21 03:09:29 EDT
Public via:
[1] http://pidgin.im/news/security/?id=48

Upstream changeset:
[2] http://developer.pidgin.im/viewmtn/revision/info/b01c6a1f7fe4d86b83f5f10917b3cb713989cfcc
Comment 21 Huzaifa S. Sidhpurwala 2010-10-21 05:23:37 EDT
Created pidgin tracking bugs for this issue

Affects: fedora-all [bug 645297]
Comment 23 errata-xmlrpc 2010-10-21 12:52:14 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 5

Via RHSA-2010:0788 https://rhn.redhat.com/errata/RHSA-2010-0788.html
Comment 24 Matthew Barnes 2010-10-21 13:25:17 EDT
Am I correct that only f12 and f13 need patched, and f14 and f15 will be fixed by rebasing to Pidgin 2.7.4?
Comment 25 errata-xmlrpc 2010-11-16 12:36:34 EST
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2010:0890 https://rhn.redhat.com/errata/RHSA-2010-0890.html

Note You need to log in before you can comment on or make changes to this bug.