English | Deutsch | Español | Português
 ID de Usuario:
 Contraseña:
Nuevo usuario
 Acerca de:   Dedicada | Avanzada | Estándar | Periódica | Sin Riesgo | Escritorio | Básica | Individual | Sello | FAQ
  Resumen de Precio/Funciones | Ordenar  | Nuevas Vulnerabilidades | Confidencialidad | Búsqueda de Vulnerabilidad
 Búsqueda de    
Vulnerabilidad   
    Buscar 75803 Descripciones CVE y
40037 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.67317
Categoría:Mandrake Local Security Checks
Título:Mandriva Security Advisory MDVSA-2010:085 (pidgin)
Resumen:Mandriva Security Advisory MDVSA-2010:085 (pidgin)
Descripción:The remote host is missing an update to pidgin
announced via advisory MDVSA-2010:085.

Security vulnerabilities has been identified and fixed in pidgin:

The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium
before 1.3.7 allows remote attackers to cause a denial of service
(application crash) via crafted contact-list data for (1) ICQ and
possibly (2) AIM, as demonstrated by the SIM IM client (CVE-2009-3615).

Directory traversal vulnerability in slp.c in the MSN protocol
plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows
remote attackers to read arbitrary files via a .. (dot dot) in an
application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request,
a related issue to CVE-2004-0122. NOTE: it could be argued that
this is resultant from a vulnerability in which an emoticon download
request is processed even without a preceding text/x-mms-emoticon
message that announced availability of the emoticon (CVE-2010-0013).

Directory traversal vulnerability in slp.c in the MSN protocol
plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows
remote attackers to read arbitrary files via a .. (dot dot) in an
application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request,
a related issue to CVE-2004-0122. NOTE: it could be argued that
this is resultant from a vulnerability in which an emoticon download
request is processed even without a preceding text/x-mms-emoticon
message that announced availability of the emoticon (CVE-2010-0013).

Certain malformed SLP messages can trigger a crash because the MSN
protocol plugin fails to check that all pieces of the message are
set correctly (CVE-2010-0277).

In a user in a multi-user chat room has a nickname containing '
'
then libpurple ends up having two users with username ' ' in the room,
and Finch crashes in this situation. We do not believe there is a
possibility of remote code execution (CVE-2010-0420).

oCERT notified us about a problem in Pidgin, where a large amount of
processing time will be used when inserting many smileys into an IM
or chat window. This should not cause a crash, but Pidgin can become
unusable slow (CVE-2010-0423).

Packages for 2009.0 are provided due to the Extended Maintenance
Program.

This update provides pidgin 2.6.6, which is not vulnerable to these
issues.

Affected: 2009.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:085
http://pidgin.im/news/security/

Risk factor : Medium
Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-3615
http://www.mandriva.com/security/advisories?name=MDVSA-2010:085
BugTraq ID: 36719
http://www.securityfocus.com/bid/36719
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9414
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:18388
http://secunia.com/advisories/37017
http://secunia.com/advisories/37072
http://www.vupen.com/english/advisories/2009/2949
http://www.vupen.com/english/advisories/2009/2951
http://www.vupen.com/english/advisories/2010/1020
XForce ISS Database: pidgin-oscar-protocol-dos(53807)
http://xforce.iss.net/xforce/xfdb/53807
Common Vulnerability Exposure (CVE) ID: CVE-2004-0122
Microsoft Security Bulletin: MS04-010
http://www.microsoft.com/technet/security/bulletin/ms04-010.asp
CERT/CC vulnerability note: VU#688094
http://www.kb.cert.org/vuls/id/688094
BugTraq ID: 9828
http://www.securityfocus.com/bid/9828
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:844
XForce ISS Database: msn-ms04010-patch(15427)
http://xforce.iss.net/xforce/xfdb/15427
XForce ISS Database: msn-request-view-files(15415)
http://xforce.iss.net/xforce/xfdb/15415
Common Vulnerability Exposure (CVE) ID: CVE-2010-0013
http://www.openwall.com/lists/oss-security/2010/01/02/1
http://www.openwall.com/lists/oss-security/2010/01/07/1
http://www.openwall.com/lists/oss-security/2010/01/07/2
http://d.pidgin.im/viewmtn/revision/info/3d02401cf232459fc80c0837d31e05fae7ae5467
http://d.pidgin.im/viewmtn/revision/info/4be2df4f72bd8a55cdae7f2554b73342a497c92f
http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033771.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033848.html
http://sunsolve.sun.com/search/document.do?assetkey=1-66-277450-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1022203.1-1
SuSE Security Announcement: SUSE-SR:2010:006 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10333
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:17620
http://secunia.com/advisories/37953
http://secunia.com/advisories/37954
http://secunia.com/advisories/38915
http://secunia.com/advisories/37961
http://www.vupen.com/english/advisories/2009/3662
http://www.vupen.com/english/advisories/2009/3663
Common Vulnerability Exposure (CVE) ID: CVE-2010-0277
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035332.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035409.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035347.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:041
RedHat Security Advisories: RHSA-2010:0115
https://rhn.redhat.com/errata/RHSA-2010-0115.html
http://www.ubuntu.com/usn/USN-902-1
BugTraq ID: 38294
http://www.securityfocus.com/bid/38294
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9421
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:18348
http://secunia.com/advisories/38563
http://secunia.com/advisories/38640
http://secunia.com/advisories/38658
http://secunia.com/advisories/38712
http://secunia.com/advisories/41868
http://www.vupen.com/english/advisories/2010/0413
http://www.vupen.com/english/advisories/2010/2693
Common Vulnerability Exposure (CVE) ID: CVE-2010-0420
Debian Security Information: DSA-2038 (Google Search)
http://www.debian.org/security/2010/dsa-2038
http://www.osvdb.org/62439
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11485
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:18230
http://secunia.com/advisories/39509
http://www.vupen.com/english/advisories/2010/0914
XForce ISS Database: pidgin-xmpp-nickname-dos(56399)
http://xforce.iss.net/xforce/xfdb/56399
Common Vulnerability Exposure (CVE) ID: CVE-2010-0423
http://www.osvdb.org/62440
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9842
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:17554
XForce ISS Database: pidgin-smileys-dos(56394)
http://xforce.iss.net/xforce/xfdb/56394
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 40037 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

Registro de Nuevo Usuario
Email:
Usuario:
Contraseña:
Envíeme por email sus boletines mensuales, informándome los últimos servicios, mejoras y encuestas.
Por favor envíeme por email un anuncio de prueba de vulnerabilidades siempre que se agregue una nueva prueba.
   Privacidad
Ingreso de Usuario Registrado
 
Usuario:   
Contraseña:  

 ¿Olvidó su usuario o contraseña??
Email/ID de Usario:




Principal | Acerca de Nosotros | Contáctenos | Programas de Asociado | Developer APIs | Privacidad | Listas de Correo | Abuso
Auditorías de Seguridad | DNS Administrado | Monitoreo de Red | Analizador de Sitio | Informes de Investigación de Internet
Prueba de Web | Whois

© 1998-2014 E-Soft Inc. Todos los derechos reservados.