Colloquy INVITE Request Format String

2007-01-16T02:18:49
ID OSVDB:32688
Type osvdb
Reporter LMH(lmh@info-pull.com), Kevin Finisterre(kf@digitalmunition.com)
Modified 2007-01-16T02:18:49

Description

Vulnerability Description

A remote format string flaw exists in Colloquy. It fails to validate INVITE requests resulting in a format string vulnerability. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Technical Description

Although this flaw is exploitable, %n support is currently broken in CoreFoundation, making exploitation more difficult.

Solution Description

Upgrade to version 2.1 (2007-01-17) or higher, as it has been reported to fix this vulnerability. Note that this flaw was fixed in the 2007-01-17 release without a change in version number. An upgrade is required as there are no known workarounds.

Short Description

A remote format string flaw exists in Colloquy. It fails to validate INVITE requests resulting in a format string vulnerability. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://colloquy.info/ Vendor Specific News/Changelog Entry: http://colloquy.info/project/changeset/3558 Secunia Advisory ID:23801 Other Advisory URL: http://projects.info-pull.com/moab/MOAB-16-01-2007.html Generic Exploit URL: http://www.milw0rm.com/exploits/3139 FrSIRT Advisory: ADV-2007-0238 CVE-2007-0344 Bugtraq ID: 22086