Denial of Service : Pidgin Libpurple 'purple_base64_decode()' DoS Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.801536

Categoría: Denial of Service

Título: Pidgin Libpurple 'purple_base64_decode()' DoS Vulnerabilities - Windows

Resumen: Pidgin is prone to denial of service (DoS) vulnerabilities.

Descripción: Summary:
Pidgin is prone to denial of service (DoS) vulnerabilities.

Vulnerability Insight:
The issues are caused by errors in 'libpurple' that does not validate the return
value from 'purple_base64_decode()' function when processing malformed Yahoo!,
MSN, MySpaceIM, XMPP or NTLM data.

Vulnerability Impact:
Attackers can exploit this issue to crash an affected application.

Affected Software/OS:
Pidgin version prior to 2.7.4 on Windows.

Solution:
Upgrade to Pidgin version 2.7.4 or later.

CVSS Score:
4.0

CVSS Vector:
AV:N/AC:L/Au:S/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-3711
1024623
http://securitytracker.com/id?1024623
41893
http://secunia.com/advisories/41893
41899
http://secunia.com/advisories/41899
42075
http://secunia.com/advisories/42075
42294
http://secunia.com/advisories/42294
44283
http://www.securityfocus.com/bid/44283
68773
http://www.osvdb.org/68773
ADV-2010-2753
http://www.vupen.com/english/advisories/2010/2753
ADV-2010-2754
http://www.vupen.com/english/advisories/2010/2754
ADV-2010-2755
http://www.vupen.com/english/advisories/2010/2755
ADV-2010-2847
http://www.vupen.com/english/advisories/2010/2847
ADV-2010-2851
http://www.vupen.com/english/advisories/2010/2851
ADV-2010-2870
http://www.vupen.com/english/advisories/2010/2870
FEDORA-2010-16629
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050227.html
FEDORA-2010-16876
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050133.html
FEDORA-2010-17130
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050695.html
MDVSA-2010:208
http://www.mandriva.com/security/advisories?name=MDVSA-2010:208
RHSA-2010:0788
http://www.redhat.com/support/errata/RHSA-2010-0788.html
RHSA-2010:0890
http://www.redhat.com/support/errata/RHSA-2010-0890.html
SSA:2010-305-02
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.462352
USN-1014-1
http://www.ubuntu.com/usn/USN-1014-1
http://developer.pidgin.im/viewmtn/revision/info/b01c6a1f7fe4d86b83f5f10917b3cb713989cfcc
http://pidgin.im/news/security/?id=48
https://bugzilla.redhat.com/show_bug.cgi?id=641921
oval:org.mitre.oval:def:18506
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18506
pidgin-purplebase64decode-dos(62708)
https://exchange.xforce.ibmcloud.com/vulnerabilities/62708

Copyright Copyright (C) 2010 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.801536
Categoría:	Denial of Service
Título:	Pidgin Libpurple 'purple_base64_decode()' DoS Vulnerabilities - Windows
Resumen:	Pidgin is prone to denial of service (DoS) vulnerabilities.
Descripción:	Summary: Pidgin is prone to denial of service (DoS) vulnerabilities. Vulnerability Insight: The issues are caused by errors in 'libpurple' that does not validate the return value from 'purple_base64_decode()' function when processing malformed Yahoo!, MSN, MySpaceIM, XMPP or NTLM data. Vulnerability Impact: Attackers can exploit this issue to crash an affected application. Affected Software/OS: Pidgin version prior to 2.7.4 on Windows. Solution: Upgrade to Pidgin version 2.7.4 or later. CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3711 1024623 http://securitytracker.com/id?1024623 41893 http://secunia.com/advisories/41893 41899 http://secunia.com/advisories/41899 42075 http://secunia.com/advisories/42075 42294 http://secunia.com/advisories/42294 44283 http://www.securityfocus.com/bid/44283 68773 http://www.osvdb.org/68773 ADV-2010-2753 http://www.vupen.com/english/advisories/2010/2753 ADV-2010-2754 http://www.vupen.com/english/advisories/2010/2754 ADV-2010-2755 http://www.vupen.com/english/advisories/2010/2755 ADV-2010-2847 http://www.vupen.com/english/advisories/2010/2847 ADV-2010-2851 http://www.vupen.com/english/advisories/2010/2851 ADV-2010-2870 http://www.vupen.com/english/advisories/2010/2870 FEDORA-2010-16629 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050227.html FEDORA-2010-16876 http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050133.html FEDORA-2010-17130 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050695.html MDVSA-2010:208 http://www.mandriva.com/security/advisories?name=MDVSA-2010:208 RHSA-2010:0788 http://www.redhat.com/support/errata/RHSA-2010-0788.html RHSA-2010:0890 http://www.redhat.com/support/errata/RHSA-2010-0890.html SSA:2010-305-02 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.462352 USN-1014-1 http://www.ubuntu.com/usn/USN-1014-1 http://developer.pidgin.im/viewmtn/revision/info/b01c6a1f7fe4d86b83f5f10917b3cb713989cfcc http://pidgin.im/news/security/?id=48 https://bugzilla.redhat.com/show_bug.cgi?id=641921 oval:org.mitre.oval:def:18506 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18506 pidgin-purplebase64decode-dos(62708) https://exchange.xforce.ibmcloud.com/vulnerabilities/62708
Copyright	Copyright (C) 2010 Greenbone AG