You are here

U-062: Pidgin SILC (Secure Internet Live Conferencing) Protocol Denial of Service Vulnerability

December 15, 2011 - 8:00am

Addthis

PROBLEM:

Pidgin SILC (Secure Internet Live Conferencing) Protocol Denial of Service Vulnerability.

PLATFORM:

Versions Prior to Pidgin 2.10.1
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux Optional Productivity Application 5 server
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux Desktop Workstation 5 client
RedHat Enterprise Linux Desktop version 4
Red Hat Enterprise Linux Desktop 5 client
Red Hat Enterprise Linux AS 4

ABSTRACT:

An attacker can exploit these issues by constructing and submitting a specially crafted SILC message. Successful exploits will cause the affected application to crash.

referenceĀ  LINKS:

Pidgin Security Advisory
Red Hat BugzillaBug 766446
Red Hat Advisory: RHSA-2011:1820-1
CVE-2011-4603

IMPACT ASSESSMENT:

Medium

Discussion:

Pidgin is prone to a denial-of-service vulnerability. When receiving various incoming messages, the SILC protocol plugin failed to validate that a piece of text was UTF-8. In some cases invalid UTF-8 data would lead to a crash,effectively denying service to legitimate users. Due to the nature of this issue, remote code execution may be possible; this has not been confirmed.

Impact:

An attacker can exploit these issues by constructing and submitting a specially crafted SILC message. Successful exploits will cause the affected application to crash.

Solution:

Updates are available. Download Pidgin 2.10.1.

Addthis