Note: This is an archival copy of Security Sun Alert 277450 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1022203.1.
Article ID : 1022203.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2010-05-20
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

A Security Vulnerability in Solaris Pidgin (see pidgin(1)) May Allow Remote Unprivileged Users to Access Arbitrary Files

Category
Security

Release Phase
Resolved

Bug Id
6913836

Product
OpenSolaris

Date of Resolved Release
19-Feb-2010

A Security Vulnerability in Solaris Pidgin (see pidgin(1)) May Allow Remote Unprivileged Users to Access Arbitrary Files

1. Impact

A vulnerability in the MSN protocol handler of libpurple(3), the shared library that adds support for various instant messaging networks to the pidgin(1) Instant Messaging client (previously known as Gaim), may allow remote unprivileged users to retrieve arbitrary files (readable by the targeted user) on the target's computer via a custom "smiley" request.

Additional information on this issue can be found in the following document:


2. Contributing Factors

This issue can occur in the following releases:

SPARC Platform
  • OpenSolaris based upon builds snv_99 through snv_131
x86 Platform
  • OpenSolaris based upon builds snv_99 through snv_131
Notes:

1. Solaris 8 and Solaris 9 do not ship Pidgin and therefore are not affected by this issue. Versions of Pidgin shipped with Solaris 10 and versions of Gaim shipped with Solaris 10 and OpenSolaris are not affected by this issue.

2. This issue affects only those systems which have the Pidgin IM client of a version later than 2.5.0 and prior to 2.6.5 installed.

To determine if Pidgin is installed on the system and to check the version of Pidgin installed, the following command may be run:
$ /usr/bin/pidgin -v || echo "Pidgin IM client not installed"
To determine the base build of OpenSolaris, the following command can be used:
$ uname -v
snv_86

3. Symptoms

There are no predictable symptoms that would indicate this issue has been exploited to access arbitrary files.

4. Workaround

To mitigate the impact of the described issue, remove the .purple/custom_smiley from user's home directory if it exists. This directory is not created by default, but is only created when custom "smileys" are first defined. This can be done by running the following command:
$ rm -r $HOME/.purple/custom_smiley/

5. Resolution

This issue is addressed in the following releases:

SPARC Platform
  • OpenSolaris based upon builds snv_132 or later
x86 Platform
  • OpenSolaris based upon builds snv_132 or later
For more information on Security Sun Alerts, see 1009886.1.










Attachments
This solution has no attachment