Threat Level: green Handler on Duty: Pedro Bueno

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Vulnerability in Pidgin, patch!

Published: 2009-08-20
Last Updated: 2009-08-20 13:12:37 UTC
by Joel Esler (Version: 1)
0 comment(s)

Time for your daily patch.

CORE security technologies published a vulnerability in libpurple.  Libpurple is the backend frame work to many Instant Messenger clients.

Pidgin, Finch, Adium, Meebo, and Gaim among others.  Although CORE only specifically mentions GAIM, Libpurple, Pidgin, and Adium specifically, the other libpurple based ones may be vulnerable as well.

Versions of Libpurple <= 2.5.8 (Pidgin <=2.5.8 and Adium <=1.3.5) are vulnerable.  The vulnerability is an exploit in the function msn_slplink_process_msg() which handles instant messages from the MSN network. 

All it takes to exploit this vulnerability is to receive a message from another MSN user.  They do not have to be on your buddy list.  Unless your buddy list states that you only allow specific users to contact you, it's the only mitigation step.  (Other than patching or logging off of the MSN network.)

Solution:

Upgrade to a version of your respective IM client that is based off of pidgin.  Non vulnerable versions of Libpurple are >=2.5.9.

-- Joel Esler | http://blog.joelesler.net | http://twitter.com/joelesler

Keywords:
0 comment(s)
Diary Archives