Multiple flaws in Trillian chat program

Attackers could access sensitive information and run malicious code by exploiting multiple flaws in Trillian, a chat program popular in many enterprises.

Cerulean Studios has fixed multiple security flaws attackers could exploit in its popular Trillian chat program to intercept private conversations or run malicious code on targeted machines.

Trillian is a chat application that supports the IRC, ICQ, AIM and MSN protocols. It is popular among enterprise IT shops that see it as a cleaner, more secure alternative to other, more commercial IM applications.

IM security:
Quiz: Secure instant messaging: A five-question multiple choice quiz to test your understanding of the content presented in the Secure instant messaging lesson of SearchSecurity.com's Messaging Security School.

IM too critical a business app to ban: Despite reported security risks, companies shouldn't ban employees from using instant messaging (even if they could).

How to selectively block instant messages: Monitoring instant messaging traffic isn't easy, especially when constantly evolving IM applications are designed to exploit firewall vulnerabilities. SearchSecurity.com's application security expert Michael Cobb reviews the best methods to secure against IM threats.

VeriSign Inc.'s iDefense Labs unit warned in an advisory that Trillian's Internet Relay Chat (IRC) module includes several flaws attackers could exploit to access private chats and do other forms of damage.

"When handling long CTCP PING messages containing "UTF-8" characters, it is possible to cause the Trillian IRC client to return a malformed response to the server," iDefense said. "This malformed response is truncated and is missing the terminating newline character. This could allow the next line sent to the server to be improperly sent to an attacker."

Another problem is that when a user highlights a URL in an IRC message window, Trillian copies the data to an internal buffer. If the URL contains a long string of "UTF-8" characters, it is possible to overflow a heap-based buffer, corrupting memory in a way that could allow for code execution, iDefense said.

Meanwhile, the organization said, attackers can trigger a heap overflow remotely when the Trillian IRC module receives a message that contains a font face HTML tag with the face attribute set to a long "UTF-8 string."

The vulnerabilities were found in version 3.1, and iDefense said Cerulean Studios has addressed the flaws in Trillian 3.1.5.0.

Danish vulnerability clearinghouse Secunia rated the flaws highly critical because they are remotely exploitable and could lead to data exposure.

This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close