News Release: Buffer Iteration Overflow Could Make Systems Susceptible to Attack
LogicLibrary(R), the leading provider of software development asset management tools, today announced it has uncovered a potential security vulnerability in the Trillian instant messaging client, produced by Cerulean Studios. The consequences of this vulnerability could range from an inconvenient program shut-down to a malicious hacker being able to gain control of a computer’s operating system.

Trillian is a popular all-in-one instant messaging client used by over a million people on Windows operating systems. Supporting AIM, ICQ, MSN, Yahoo Messenger and IRC, Trillian allows users to be on several instant message and chat networks at the same time, using just a single client. Its extensible plug-in system, for services such as AIM, Yahoo, MSN and RSS, connects to an external Web server at various points. LogicLibrary’s BugScan, an automated application security analysis solution, discovered a buffer iteration overflow in Trillian’s handling of HTTP 1.1 response headers in several of these plug-in components.

{Trillian}

The vulnerability originally appeared in Trillian 2.0. It was compounded because the same vulnerable code was included in several different components and locations. Although many instances of the bug were addressed in Trillian 3.0, at least two vulnerabilities persisted in the Yahoo IM component. These exploitable unbounded buffer iteration problems remain in the current product version, Trillian 3.1. There are at least two exploitable yahoo.dll buffer iteration bugs–one is at 0×520296c6 and the other is at 0×5201a05f.

Buffer overflows can result in arbitrary malicious code being executed on a vulnerable computer. An attacker can potentially gain control over the system being attacked, putting items such as private documents, sensitive financial information and e-mails at risk. BugScan has contacted Cerulean Studios about these issues on a number of occasions over the past 18 months, with the most recent correspondence taking place on February 23, 2005.

“In order to build trust and confidence in the quality of today’s software, LogicLibrary believes it’s crucial that vendors work closely together to fix problems and provide the public with as much information as possible,” said Ralph Massaro, general manager, content products, LogicLibrary. “BugScan’s ability to find the precise location of real, exploitable software bugs without needing access to source code can make an important contribution toward identifying and resolving possible problems before they cause harm.”

It is recommended that Trillian users update their version to the latest 3.1 release and avoid using the Yahoo IM component until Trillian issues a patch.

As an adopter of the Organization for Internet Safety’s (OIS) Guidelines for Security Vulnerability Reporting and Response, LogicLibrary summarized its findings in a Vulnerability Summary Report (VSR). This document was sent to Cerulean Studios for their consideration and action. The VSR can be viewed at: http://www.logiclibrary.com/trillian_vsr.pdf.

Recent Entries

• Yahoo! offers phone via instant messaging
• FaceTime Secures Instant Messaging For Distance Learning University
• Yahoo Messenger Integrates VOIP
• Mobile IM for Skype
• New Botnets Utilizing Instant Messaging
• Secure Developers Portal for Instant Messaging Bots
• ScanSafe Intros IM Security Management
• SIP Unified Communications Is All the Buzz
• Akonix Rolls Comprehensive Instant Messaging Security Bundle
• Microsoft Messenger for Mac 5.1

This entry was posted on Monday, March 28th, 2005 at 12:36 pm and is filed under Trillian. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.