ID de Prueba:	1.3.6.1.4.1.25623.1.0.64266
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: pidgin, libpurple, finch
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: pidgin libpurple finch CVE-2009-1373 Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information. CVE-2009-1374 Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet. CVE-2009-1375 The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime protocol. CVE-2009-1376 Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1373 35067 http://www.securityfocus.com/bid/35067 35188 http://secunia.com/advisories/35188 35194 http://secunia.com/advisories/35194 35202 http://secunia.com/advisories/35202 35215 http://secunia.com/advisories/35215 35294 http://secunia.com/advisories/35294 35329 http://secunia.com/advisories/35329 35330 http://secunia.com/advisories/35330 ADV-2009-1396 http://www.vupen.com/english/advisories/2009/1396 DSA-1805 http://debian.org/security/2009/dsa-1805 FEDORA-2009-5552 https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html FEDORA-2009-5583 https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html FEDORA-2009-5597 https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html GLSA-200905-07 http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml MDVSA-2009:140 http://www.mandriva.com/security/advisories?name=MDVSA-2009:140 MDVSA-2009:173 http://www.mandriva.com/security/advisories?name=MDVSA-2009:173 RHSA-2009:1059 http://www.redhat.com/support/errata/RHSA-2009-1059.html RHSA-2009:1060 http://www.redhat.com/support/errata/RHSA-2009-1060.html USN-781-1 http://www.ubuntu.com/usn/USN-781-1 USN-781-2 http://www.ubuntu.com/usn/USN-781-2 http://www.pidgin.im/news/security/?id=29 https://bugzilla.redhat.com/show_bug.cgi?id=500488 oval:org.mitre.oval:def:17722 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17722 oval:org.mitre.oval:def:9005 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9005 pidgin-xmppsocks5-bo(50682) https://exchange.xforce.ibmcloud.com/vulnerabilities/50682 Common Vulnerability Exposure (CVE) ID: CVE-2009-1374 http://www.pidgin.im/news/security/?id=30 https://bugzilla.redhat.com/show_bug.cgi?id=500490 oval:org.mitre.oval:def:11654 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11654 oval:org.mitre.oval:def:18201 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18201 pidgin-decryptout-bo(50684) https://exchange.xforce.ibmcloud.com/vulnerabilities/50684 Common Vulnerability Exposure (CVE) ID: CVE-2009-1375 54649 http://osvdb.org/54649 http://www.pidgin.im/news/security/?id=31 https://bugzilla.redhat.com/show_bug.cgi?id=500491 oval:org.mitre.oval:def:10829 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10829 pidgin-purplecircbuffer-dos(50683) https://exchange.xforce.ibmcloud.com/vulnerabilities/50683 Common Vulnerability Exposure (CVE) ID: CVE-2009-1376 37071 http://secunia.com/advisories/37071 http://www.pidgin.im/news/security/?id=32 https://bugzilla.redhat.com/show_bug.cgi?id=500493 oval:org.mitre.oval:def:10476 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10476 oval:org.mitre.oval:def:18432 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18432 pidgin-msn-slp-bo(50680) https://exchange.xforce.ibmcloud.com/vulnerabilities/50680
Copyright	Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.