Skype Multiple Buffer Overflow Vulnerabilities

Secunia reports a highly critical vulnerability in Skype clients (Advisory SA17305, CVE-2005-3265 2005-10-25).

These buffer overflows can lead to DoS and even system compromise. These versions are vulnerable:

• Skype for Linux 0.x
  
• Skype for Linux 1.x
  
• Skype for Mac OS X 0.x
  
• Skype for Mac OS X 1.x
  
• Skype for Pocket PC 1.x
  
• Skype for Windows 1.x

Secunia reports several vulnerabilities:

• A boundary error exists when handling Skype-specific URI types e.g. "callto://" and "skype://". This can be exploited to cause a buffer overflow and allows arbitrary code execution when the user clicks on a specially-crafted Skype-specific URL.
  
• A boundary error exists in the handling of VCARD imports. This can be exploited to cause a buffer overflow and allows arbitrary code execution when the user imports a specially-crafted VCARD.
  

  These two vulnerabilities haves been reported in Skype for Windows Release 1.1..0 through 1.4..83.
  

• A boundary error exists in the handling of certain unspecified Skype client network traffic. This can be exploited to cause a heap-based buffer overflow. Successful exploitation crashes the Skype client.
  

  This vulnerability has been reported in the following versions:
  

  • Skype for Windows Release 1.4..83 and prior
    
  • Skype for Mac OS X Release 1.3..16 and prior
    
  • Skype for Linux Release 1.2..17 and prior
    
  • Skype for Pocket PC Release 1.1..6 and prior

The solution is to update to the fixed version (see URLs below).

[These are potentially very serious vulnerabilities because the closed Skype client is more or less the same on all platforms, so this vulnerability could provide opportunities to release malware, e.g. worms, that could penetrate other systems than those normally hit. Sysadmins need to make sure they protect themselves. Skype VoIP uses a range of ports dynamically and is very good at jumping through firewalls.

Here's a bit of free advice:

• Read the Secunia advisory and follow the steps perscribed in it, including upgrading your Spype clients.
  
• For the time being limit roll-out where possible
  
• Introduce suitable client protection
  
• Introduce appropriate policies

--Ed].

Related links: (Open in a new window.)
www.skype.com/download/
secunia.com/advisories/17305/

Taken from Information Security Bulletin.