Cerulean Studios Trillian Multiple Remote HTTP Response Buffer Overflow Vulnerabilities
BID:12890
Info
Cerulean Studios Trillian Multiple Remote HTTP Response Buffer Overflow Vulnerabilities
| Bugtraq ID: | 12890 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2005-0874 CVE-2005-0875 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 23 2005 12:00AM |
| Updated: | Jul 12 2009 11:56AM |
| Credit: | Ralph Massaro <[email protected]> discovered these vulnerabilities. |
| Vulnerable: |
Cerulean Studios Trillian Pro 3.1 Cerulean Studios Trillian Pro 3.0 Cerulean Studios Trillian Pro 2.1 Cerulean Studios Trillian Pro 2.0 Cerulean Studios Trillian Pro 1.0 Cerulean Studios Trillian Pro 2.01 Cerulean Studios Trillian 3.1 Cerulean Studios Trillian 3.0 Cerulean Studios Trillian 2.1 Cerulean Studios Trillian 2.0 Cerulean Studios Trillian 1.0 Cerulean Studios Trillian 0.6351 Cerulean Studios Trillian 0.725 Cerulean Studios Trillian 0.74 i Cerulean Studios Trillian 0.74 Cerulean Studios Trillian 0.73 Cerulean Studios Trillian 0.71 |
| Not Vulnerable: | |
Discussion
Cerulean Studios Trillian Multiple Remote HTTP Response Buffer Overflow Vulnerabilities
It is reported that Trillian is susceptible to multiple remote HTTP response buffer overflow vulnerabilities. These issues are due to a failure of the application to properly bounds check user-supplied data prior to copying it into fixed-sized memory buffers.
It is reported that multiple Trillian modules likely share the same code for making HTTP requests, and therefore multiple modules are vulnerable to the same attack.
Remote attackers may exploit these vulnerabilities to execute arbitrary machine code in the context of vulnerable Trillian clients.
Several of these vulnerabilities are reportedly fixed in version 3.0 of Trillian. Versions 3.0 and 3.1 remain affected by multiple issues in its Yahoo! component. Versions 2.0 up to, but not including 3.0 are reported to be affected in multiple components.
It is reported that Trillian is susceptible to multiple remote HTTP response buffer overflow vulnerabilities. These issues are due to a failure of the application to properly bounds check user-supplied data prior to copying it into fixed-sized memory buffers.
It is reported that multiple Trillian modules likely share the same code for making HTTP requests, and therefore multiple modules are vulnerable to the same attack.
Remote attackers may exploit these vulnerabilities to execute arbitrary machine code in the context of vulnerable Trillian clients.
Several of these vulnerabilities are reportedly fixed in version 3.0 of Trillian. Versions 3.0 and 3.1 remain affected by multiple issues in its Yahoo! component. Versions 2.0 up to, but not including 3.0 are reported to be affected in multiple components.
Exploit / POC
Cerulean Studios Trillian Multiple Remote HTTP Response Buffer Overflow Vulnerabilities
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Cerulean Studios Trillian Multiple Remote HTTP Response Buffer Overflow Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Cerulean Studios Trillian Multiple Remote HTTP Response Buffer Overflow Vulnerabilities
References:
References:
- Trillian Homepage (Cerulean Studios)