Hi there,
I would like to know if the following vulnerability is patched in the last versions of Adium:
http://lists.cypherpunks.ca/pipermail/o ... 00026.html
"
Off-the-Record Messaging (OTR) Security Advisory 2012-01
Format string security flaw in pidgin-otr
Versions 3.2.0 and earlier of the pidgin-otr plugin contain a format
string security flaw. This flaw could potentially be exploited by
a remote attacker to cause arbitrary code to be executed on the user's
machine.
The flaw is in pidgin-otr, not in libotr. Other applications which use
libotr are not affected.
CVE-2012-2369 has been assigned to this issue.
"
I couldnt find any information about it.
Best
CVE-2012-236 - Format string security flaw in pidgin-otr
Re: CVE-2012-236 - Format string security flaw in pidgin-otr
The flaw is in pidgin-otr, not in libotr. Other applications that use libotr are not affected.
http://www.cypherpunks.ca/otr/
Re: CVE-2012-236 - Format string security flaw in pidgin-otr
I'm asking because i didnt know. I think adium is based on pidgin. So are you sure?
Thanks
Thanks
Re: CVE-2012-236 - Format string security flaw in pidgin-otr
Both Adium and Pidgin are based on libpurple.
Adium uses the libotr library for its OTR support and no further plugin is required whereas Pidgin doesn't come with OTR support out of the box. This particular security issue was with the plugin for Pidgin.
Adium uses the libotr library for its OTR support and no further plugin is required whereas Pidgin doesn't come with OTR support out of the box. This particular security issue was with the plugin for Pidgin.
Re: CVE-2012-236 - Format string security flaw in pidgin-otr
Thanks really clear!
Best
Best