Trillian Yahoo Parser Packet Key Name Overflow

2004-02-24T00:00:00
ID OSVDB:4060
Type osvdb
Reporter OSVDB
Modified 2004-02-24T00:00:00

Description

Vulnerability Description

A remote overflow exists in Cerulean Studios' Trillian and Trillian Pro. The Yahoo Messenger packet parser fails to properly handle oversized packet key names resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of confidentiality, integrity, and availability.

Technical Description

Most recent advisory updates indicate that this vulnerability is no longer exploitable through Yahoo! servers due to suspected changes, however a man in the middle attack utilizing this attack vector is feasible. Updating the Trillian product is the only way to completely prevent exploitation of this issue.

This vulnerability was discovered via testing of exploit code for previously located similar GAIM vulnerabilities. It was determined that the same portion of the code is vulnerable to the same problems in the GAIM source code. Although proof-of-concept code has not been released, it is believed to exist privately.

Solution Description

Upgrade to Trillian version 0.74G or Trillian Pro version 2.011 or higher, as it has been reported to fix this vulnerability. Patches are also available. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in Cerulean Studios' Trillian and Trillian Pro. The Yahoo Messenger packet parser fails to properly handle oversized packet key names resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of confidentiality, integrity, and availability.

References:

Vendor URL: http://www.trillian.cc Secunia Advisory ID:10973 Related OSVDB ID: 4056 Other Advisory URL: http://security.e-matters.de/advisories/022004.html Other Advisory URL: http://security.e-matters.de/advisories/012004.html Nessus Plugin ID:12076 Keyword: trillian,overflow,yim,yahoo,instant messenger,packet parser,gaim ISS X-Force ID: 15304 CVE-2004-2370