台灣
RSS
Outpost 個人防火牆 - Buffer Overflow & Heap Overflow Vulnerabilities in Skype Software
Agnitum Security Advisories
ASA-10-0510-4: Buffer Overflow & Heap Overflow Vulnerabilities in Skype Software
Vulnerability summary:
|
Severity rating:
|
Critical
|
|
|
Date Published:
|
October 25, 2005
|
|
|
Software Vendor:
|
Skype
|
|
|
Affected Software:
|
Skype VoIP client
|
|
|
Affected OS:
|
Windows XP (all), Windows 2000 (all), Linux, Mac OS X, Windows Pocket PC 2003
|
|
|
Unaffected with:
|
-
|
|
|
Vulnerability class:
|
DoS, Remote Code Execution
|
|
|
Status:
|
Partially fixed
|
Vulnerability details:
Tech brief 1:
Some vulnerabilities have been reported in Skype software, which can be exploited with malicious intent to cause a denial of service or to compromise a user's system. Skype telephony service enables users to international computer-to-telephone and computer-to-computer calls over the VoIP protocol. Skype is a very popular application with millions of registered users.
Here's the roundup of the found vulnerabilities:
1) A boundary error exists when handling Skype-specific URI types e.g. "callto://" and "skype://". This can be exploited to cause a buffer overflow and allows arbitrary code to be executed when the user clicks on a specially-crafted Skype-specific URL.
2) A boundary error exists in the handling of VCARD imports. This can be exploited to cause a buffer overflow and allows arbitrary code execution when the user imports a specially-crafted VCARD.
Affected software for these two vulnerabilities:
Skype for Windows, Releases 1.1.*.0 through 1.4.*.83
Vendor reference information 1:
Vendor details pertaining to the vulnerabilities 1 and 2 are available here:
http://www.skype.com/security/skype-sb-2005-02.html
Tech brief 2:
3) A boundary error exists in the handling of certain unspecified Skype client network traffic. This can be exploited to cause a heap-based buffer overflow and crash the Skype client. Potentially, the vulnerability could lead to the execution of arbitrary code on the affected system, but this could not be confirmed in the course of simulated attacks.
Vendor reference information 2:
Vendor details pertaining to the vulnerability number 3 are available here:
http://www.skype.com/security/skype-sb-2005-03.html
General Mitigating Recommendations:
Install the latest versions of software that have been fixed by the vendor available at: http://www.skype.com/download.
!!!Note to Pocket PC 2003 users: as of date of the report, no update for Skype for Pocket PC 2003 has been released yet; this version is STILL VULNERABLE to Heap Overflow problem. Agnitum recommends refraining from using the software until the vendor fixes the bug.!!!
Disclaimer:
Information in the present advisory is believed to be accurate as to the time of publishing based on currently available information. Use of the information signifies acceptance for use in an AS IS condition. There are no warranties with regard to this information. Agnitum Ltd. doesn't accept any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
關於Version 2 Limited
Version 2 Limited 是亞洲其中一間最有活力的IT公司,公司發展及代理各種不同的互聯網及IP-Based 網絡IT產品,當中包括通訊系統、保安、網絡及媒體產品。透過公司龐大的網絡、銷售點、分銷商及合作顆伴,Version 2 Limited 便可提供廣被市場讚賞的產品及服務。Version 2 Limited 客戶來自各行各業,包括全球1000大跨國企業、上市公司、公用機構、政府部門、無數成功的中小企及來自亞洲各城市的客戶。
如對產品有興趣,可瀏覽以下網址:
http://www.version-2.com/op
http://www.version-2.com/nod32op
