Vulnerability Update [VU#825121]
daniel.atallah at gmail.com
Wed Feb 28 17:37:47 EST 2007
On 2/28/07, Luke Schierer <lschiere at pidgin.im> wrote:
> - --- Begin report - Not for public distribution ----------
> There is a function whose prototype is :
> void gaim_debug(GaimDebugLevel level, const char *category, const
> char *format, ...);
> declared in my /usr/include/gaim/debug.h header.
> Now, if you look at the source file in <somepath>/gaim-1.5.0/
> you'll find this function missused in 3 places :
> line 204: gaim_debug(level, category, string);
> line 220:Â gaim_debug(GAIM_DEBUG_MISC, category, string);
> line 237:Â gaim_debug(GAIM_DEBUG_INFO, category, string);
> In those 3 places, the "string" variable can allow an attacker to
> inject its own format string, and therefore,
> read or write anywhere in the process's memory, potentially allowing
> arbitrary execution.
> - --- End Report - Not for public distribution -----------
Has anyone actually verified that this is actually exploitable remotely?
These are just in the Perl bindings - a malicious perl plugin could
certainly do bad things with them, but the ability of a plugin to do
bad things is hardly a vulnerability.
More information about the Cabal