Denial of Service : Pidgin OSCAR Protocol Denial Of Service Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.800823

Categoría: Denial of Service

Título: Pidgin OSCAR Protocol Denial Of Service Vulnerability - Windows

Resumen: Pidgin is prone to a denial of service (DoS); vulnerability.

Descripción: Summary:
Pidgin is prone to a denial of service (DoS)
vulnerability.

Vulnerability Insight:
Error in OSCAR protocol implementation leads to the application misinterpreting
the ICQWebMessage message type as ICQSMS message type via a crafted ICQ web
message that triggers allocation of a large amount of memory.

Vulnerability Impact:
Successful exploitation will allow attacker to cause an application crash.

Affected Software/OS:
Pidgin version prior to 2.5.8 on Windows

Solution:
Upgrade to Pidgin version 2.5.8.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-1889
35530
http://www.securityfocus.com/bid/35530
35693
http://secunia.com/advisories/35693
35697
http://secunia.com/advisories/35697
35706
http://secunia.com/advisories/35706
37071
http://secunia.com/advisories/37071
ADV-2009-1749
http://www.vupen.com/english/advisories/2009/1749
FEDORA-2009-7359
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00162.html
FEDORA-2009-7370
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00176.html
FEDORA-2009-7415
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00228.html
RHSA-2009:1139
http://www.redhat.com/support/errata/RHSA-2009-1139.html
USN-796-1
http://www.ubuntu.com/usn/USN-796-1
[devel] 20090528 [patch] libpurple/protocols/oscar: OOM and die on misparsed ICQWebMessage as ICQSMS
http://pidgin.im/pipermail/devel/2009-May/008227.html
http://developer.pidgin.im/ticket/9483
https://bugzilla.redhat.com/show_bug.cgi?id=508738
oval:org.mitre.oval:def:10004
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10004
pidgin-oscar-dos(51448)
https://exchange.xforce.ibmcloud.com/vulnerabilities/51448

Copyright Copyright (C) 2009 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.800823
Categoría:	Denial of Service
Título:	Pidgin OSCAR Protocol Denial Of Service Vulnerability - Windows
Resumen:	Pidgin is prone to a denial of service (DoS); vulnerability.
Descripción:	Summary: Pidgin is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: Error in OSCAR protocol implementation leads to the application misinterpreting the ICQWebMessage message type as ICQSMS message type via a crafted ICQ web message that triggers allocation of a large amount of memory. Vulnerability Impact: Successful exploitation will allow attacker to cause an application crash. Affected Software/OS: Pidgin version prior to 2.5.8 on Windows Solution: Upgrade to Pidgin version 2.5.8. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1889 35530 http://www.securityfocus.com/bid/35530 35693 http://secunia.com/advisories/35693 35697 http://secunia.com/advisories/35697 35706 http://secunia.com/advisories/35706 37071 http://secunia.com/advisories/37071 ADV-2009-1749 http://www.vupen.com/english/advisories/2009/1749 FEDORA-2009-7359 https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00162.html FEDORA-2009-7370 https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00176.html FEDORA-2009-7415 https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00228.html RHSA-2009:1139 http://www.redhat.com/support/errata/RHSA-2009-1139.html USN-796-1 http://www.ubuntu.com/usn/USN-796-1 [devel] 20090528 [patch] libpurple/protocols/oscar: OOM and die on misparsed ICQWebMessage as ICQSMS http://pidgin.im/pipermail/devel/2009-May/008227.html http://developer.pidgin.im/ticket/9483 https://bugzilla.redhat.com/show_bug.cgi?id=508738 oval:org.mitre.oval:def:10004 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10004 pidgin-oscar-dos(51448) https://exchange.xforce.ibmcloud.com/vulnerabilities/51448
Copyright	Copyright (C) 2009 Greenbone AG