Multiple flaws in Trillian chat program

By Bill Brenner, Senior News Writer 01 May 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Trillian is a chat application that supports the IRC, ICQ, AIM and MSN protocols. It is popular among enterprise IT shops that see it as a cleaner, more secure alternative to other, more commercial IM applications.

IM security: Quiz: Secure instant messaging: A five-question multiple choice quiz to test your understanding of the content presented in the Secure instant messaging lesson of SearchSecurity.com's Messaging Security School. IM too critical a business app to ban: Despite reported security risks, companies shouldn't ban employees from using instant messaging (even if they could). How to selectively block instant messages: Monitoring instant messaging traffic isn't easy, especially when constantly evolving IM applications are designed to exploit firewall vulnerabilities. SearchSecurity.com's application security expert Michael Cobb reviews the best methods to secure against IM threats.

VeriSign Inc.'s iDefense Labs unit warned in an advisory that Trillian's Internet Relay Chat (IRC) module includes several flaws attackers could exploit to access private chats and do other forms of damage.

"When handling long CTCP PING messages containing "UTF-8" characters, it is possible to cause the Trillian IRC client to return a malformed response to the server," iDefense said. "This malformed response is truncated and is missing the terminating newline character. This could allow the next line sent to the server to be improperly sent to an attacker."

Another problem is that when a user highlights a URL in an IRC message window, Trillian copies the data to an internal buffer. If the URL contains a long string of "UTF-8" characters, it is possible to overflow a heap-based buffer, corrupting memory in a way that could allow for code execution, iDefense said.

Meanwhile, the organization said, attackers can trigger a heap overflow remotely when the Trillian IRC module receives a message that contains a font face HTML tag with the face attribute set to a long "UTF-8 string."

The vulnerabilities were found in version 3.1, and iDefense said Cerulean Studios has addressed the flaws in Trillian 3.1.5.0.

Danish vulnerability clearinghouse Secunia rated the flaws highly critical because they are remotely exploitable and could lead to data exposure.

Tags: IM Security Issues, Risks and Tools,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT IM Security Issues, Risks and Tools What are effective ways to stop instant messaging (IM) spam? Secure messaging complications result in limited protection Is it possible to ban chat programs on an enterprise LAN? How to lock down instant messaging in the enterprise AOL closes AIM attack vector, but risks remain Researcher says AIM still vulnerable, AOL insists it's fixed Serious security flaw in AOL Instant Messenger Security flaws found in AOL, Yahoo IM programs Flaw found in MSN Messenger AOL, Yahoo, Trillian IM applications under threat

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary greynet  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary