Trillian Protocol Handling Buffer Overflow Vulnerabilities
SECUNIA ADVISORY ID:
SA10973
VERIFY ADVISORY:
http://secunia.com/advisories/10973/
CRITICAL:
Moderately critical
IMPACT:
System access
WHERE:
From remote
SOFTWARE:
Trillian Pro 2.x
Trillian 0.x
Trillian Pro 1.x
DESCRIPTION:
Stefan Esser has discovered two vulnerabilities in Trillian, which can be exploited by malicious people to compromise a user's system.
An integer overflow exists in the handling of the AIM/Oscar Protocol when allocating memory for DirectIM packets. This can be exploited to corrupt the heap by sending a specially crafted DirectIM packet to a user's system.
A boundary error when parsing Yahoo packets can result in a buffer overflow. This can be exploited by sending a specially crafted YMSG packet with an overly long key name to a vulnerable system. Exploitation of this issue requires the ability to conduct a MitM attack (Man-in-the-Middle).
Successful exploitation of the vulnerabilities may allow execution of arbitrary code on a vulnerable system with the user's privileges.
The vulnerabilities have been reported in the following versions:
- Trillian 0.71 through 0.74F
- Trillian Pro 1.0
- Trillian Pro 2.0
- Trillian Pro 2.01
SOLUTION:
Update to Trillian 0.74G, Trillian Pro 2.011, or apply patches.
http://www.trillian.cc/downloads/
PROVIDED AND/OR DISCOVERED BY:
Stefan Esser
ORIGINAL ADVISORY:
http://security.e-matters.de/advisories/022004.html
For further details and links please click here to see the actual Secunia Advisory: http://secunia.com/advisories/10973/