Cerulean Studios Trillian Multiple IRC Vulnerabilities

Started by Corrine, May 02, 2007, 01:25:17 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Corrine

I use Trillian for the convenience of an all-in-one chat program.  Knowing that, ETR alerted me to the IDefense Labs PUBLIC ADVISORY 04.30.07, copied in part below.
QuoteRemote exploitation of multiple vulnerabilities in the Internet Relay Chat (IRC) module of Cerulean Studios' Trillian could allow for the interception of private conversations or execution of code as the currently logged on user.

When handling long CTCP PING messages containing UTF-8 characters, it is possible to cause the Trillian IRC client to return a malformed response to the server. This malformed response is truncated and is missing the terminating newline character. This could allow the next line sent to the server to be improperly sent to an attacker.

When a user highlights a URL in an IRC message window Trillian copies the data to an internal buffer. If the URL contains a long string of UTF-8 characters, it is possible to overflow a heap based buffer corrupting memory in a way that could allow for code execution.

A heap overflow can be triggered remotely when the Trillian IRC module receives a message that contains a font face HTML tag with the face attribute set to a long UTF-8 string.
Upgrade ASAP to version 3.1.5.0 of Trillian which addresses these vulnerabilities.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Corrine

Whew!  It took me a while to get the latest version.  The link at Download.com resulted in two corrupt files downloaded.  In trying to locate a safe download site, I selected BetaNews.  The problem was that they were serving up 3.1 from the Cerulean cache.  I got smart and changed the file name and was able to get the correct version from http://cerulean.cachenetworks.com/trillian-v3.1.5.1.exe

Note:  Watch the install.  Since 3.1, they have added an optional weather add-on as well as the Ask.com toolbar.  I opted out of both, thank you very much. 


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.