[CVE-2007-4999] pidgin HTML Processing Denial of Service

Bug #158400 reported by Matti Lindell on 2007-10-29
294
Affects Status Importance Assigned to Milestone
pidgin (Ubuntu)
Undecided
Stephan Ruegamer
Gutsy
Undecided
Kees Cook

Bug Description

Binary package hint: pidgin

from http://secunia.com/advisories/27372/
---

Description:
A weakness has been reported in Pidgin, which can be exploited by malicious people to cause a DoS (Denial of Service). The weakness is caused due to a NULL-pointer dereference error when processing messages with invalid HTML code and can be exploited to cause libpurple to crash. Successful exploitation may require that HTML logging is used.

Solution:
Update to version 2.2.2.

CVE References

Sebastien Bacher (seb128) wrote :

Thank you for your bug. The patch is easy enough and doesn't justify a version update

ubuntu_demon (ubuntu-demon) wrote :
Changed in pidgin:
status: New → Confirmed
Stephan Ruegamer (sadig) on 2007-11-26
Changed in pidgin:
assignee: nobody → shermann
status: Confirmed → In Progress
ubuntu_demon (ubuntu-demon) wrote :

the fix can probably be found somewhere in here : http://developer.pidgin.im/viewmtn/branch/changes/im.pidgin.pidgin.2.2.2

Stephan Ruegamer (sadig) wrote :
Matti Lindell (mlind) wrote :

Bug #160670 is also a duplicate according to CVE entry it links to, but it's private and I cannot its status.

Kees Cook (kees) wrote :

Thanks for the debdiff, I'll get this uploaded and published shortly. (Looks like Hardy has 2.2.2 already, so I'll mark that as fix-released)

Changed in pidgin:
status: In Progress → Fix Released
assignee: nobody → keescook
status: New → Fix Committed
Stephan Ruegamer (sadig) wrote :

pidgin (1:2.2.1-1ubuntu4.1) gutsy-security; urgency=low

  * SECURITY UPDATE: (LP: #158400)
    + CVE-2007-4999: libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML
      logging, allows remote attackers to cause a denial of service (NULL
      dereference and application crash) via a message that contains invalid HTML
      data, a different vector than CVE-2007-4996.
  * debian/patches/99_CVE-2007-4999.patch:
    - Applied patch by upstream
    - Link: http://developer.pidgin.im/viewmtn/revision/diff/0810c68ce97a8213a5edbf5ffe7c1418915d3dfe/with/aff089bc73ecc6fe8ebbeac670db8be13511fcf4
  * References:
    CVE-2007-4999
    http://developer.pidgin.im/ticket/3436

 -- Stephan Hermann <email address hidden> Mon, 26 Nov 2007 16:32:57 +0100

Changed in pidgin:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.