Image
Interordi Menu
Page
: 1
Mega X.exe
Forum Ghost
Offline
6444 posts
27 October 2005 at 4:06
Quote

Skype has patched three security holes in its software, rated \'highly critical\' by vulnerability testing organisation Secunia.

The flaws include a buffer overflow that could be used to direct users to a specially crafted URL, a flaw in the handling of VCARD information that could allow a system takeover, and a heap-based buffer overflow that could be used to crash the VoIP application.

British security testing specialist Pentest said that the flaws took a week to fix. Its researchers found the flaws on 18 October and reported it to Skype, which released an upgrade last night.

The flaws affect all versions of Skype prior to version 1.4.83 and affect the Windows, Linux, Mac and Pocket PC platform code.

The patched version of Skype is available for download here

Morphman
Niz-Da
Offline
2647 posts
29 October 2005 at 15:27
Quote

Now, people who have the old Skype should get the new one, definately, and others will probably get the new one more soon than the old.

Discription of the flaws:

Quote:
Some vulnerabilities have been reported in Skype, which can be exploited by malicious people to cause a DoS or to compromise a user\'s system.

1) A boundary error exists when handling Skype-specific URI types e.g. \"callto://\" and \"skype://\". This can be exploited to cause a buffer overflow and allows arbitrary code execution when the user clicks on a specially-crafted Skype-specific URL.

The vulnerability is related to:
SA13191

2) A boundary error exists in the handling of VCARD imports. This can be exploited to cause a buffer overflow and allows arbitrary code execution when the user imports a specially-crafted VCARD.

Vulnerability #1 and #2 has been reported in Skype for Windows Release 1.1.*.0 through 1.4.*.83.

3) An integer overflow error exists when allocating memory in response to certain received Skype client network UDP packet. This can be exploited to cause a heap-based buffer overflow via a specially-crafted UDP packet.

Successful exploitation crashes the Skype client. It has been reported that the vulnerability is also exploitable via TCP and allows arbitrary code execution via overwritten function pointers on the heap.

The vulnerability has been reported in the following versions:
* Skype for Windows Release 1.4.*.83 and prior.
* Skype for Mac OS X Release 1.3.*.16 and prior.
* Skype for Linux Release 1.2.*.17 and prior.
* Skype for Pocket PC Release 1.1.*.6 and prior.

Image
All hail the Supreme Comrade Cossack!

 
Page
: 1