[Adium-devl] Security Hole? Fwd: Adium Query
David Smith
catfish.man at gmail.com
Fri Feb 3 12:11:11 UTC 2006
Go for it. If it's a protocol vulnerability, we'll want to spread
the info around asap.
David
On Feb 3, 2006, at 4:09 AM, Augie Fackler wrote:
> Any objections to me forwarding this to Keith and asking him if he
> can think of anything in particular we should be looking for?
>
> Augie
>
> On Feb 3, 2006, at 5:00 AM, David Smith wrote:
>
>> I just received the following email. It seems like a fairly major
>> hole, if true. http://trac.adiumx.com/ticket/2952 was filed about it.
>>
>> David
>>
>> Begin forwarded message:
>>
>>> Recently whilst running the latest version of adium a friend of
>>> mine was
>>> able to do a massinvite, whereby all my private contacts where
>>> forced into a
>>> multi-user chat. I was told he used tirllian to do this.
>>
>> The original description on the ticket:
>>
>> Was in a group chat with 2 friends who are authorised contacts. One
>> of which executed a mass invite (somehow) at which point a good
>> majority of my contacts were forced into the same multiuser chat.
>> From chatting with 2 people, it ended up a chat environment with 35
>> odd clients.
>>
>> I WAS LIKE OMFG!...... Apparantely the code was executed using a
>> trillian plugin???????
>>
>>
>>
>>
>> _______________________________________________
>> Adium-devl mailing list
>> Adium-devl at adiumx.com
>> http://adiumx.com/mailman/listinfo/adium-devl_adiumx.com
>
More information about the devel
mailing list