ID de Prueba:	1.3.6.1.4.1.25623.1.0.802331
Categoría:	Denial of Service
Título:	Pidgin Libpurple Protocol Plugins Denial of Service Vulnerabilities - Windows
Resumen:	Pidgin is prone to denial of service vulnerabilities.
Descripción:	Summary: Pidgin is prone to denial of service vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - An error in the IRC protocol plugin in libpurple when handling WHO responses with special characters in the nicknames. - An error in the MSN protocol plugin when handling HTTP 100 responses. - Improper handling of 'file:// URI', allows to execute the file when user clicks on a file:// URI in a received IM. Vulnerability Impact: Successful exploitation allows remote attackers to execute arbitrary code, obtain sensitive information or cause a denial of service. Affected Software/OS: Pidgin versions prior to 2.10.0 Solution: Upgrade to Pidgin version 2.10.0 or later. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2943 1025961 http://securitytracker.com/id?1025961 45663 http://secunia.com/advisories/45663 45916 http://secunia.com/advisories/45916 49268 http://www.securityfocus.com/bid/49268 [oss-security] 20110820 CVE request: Pidgin crash http://www.openwall.com/lists/oss-security/2011/08/20/2 [oss-security] 20110822 Re: CVE request: Pidgin crash http://www.openwall.com/lists/oss-security/2011/08/22/2 http://developer.pidgin.im/viewmtn/revision/diff/5749f9193063800d27bef75c2388f6f9cc2f7f37/with/5c2dba4a7e2e76b76e7f472b88953a4316706d43/libpurple/protocols/irc/msgs.c http://developer.pidgin.im/viewmtn/revision/info/5c2dba4a7e2e76b76e7f472b88953a4316706d43 http://pidgin.im/news/security/?id=53 https://bugzilla.redhat.com/show_bug.cgi?id=722939 oval:org.mitre.oval:def:18005 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18005 pidgin-irc-protocol-dos(69340) https://exchange.xforce.ibmcloud.com/vulnerabilities/69340 Common Vulnerability Exposure (CVE) ID: CVE-2011-3184 FEDORA-2011-11544 http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064943.html FEDORA-2011-11595 http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065190.html http://www.openwall.com/lists/oss-security/2011/08/22/10 http://www.openwall.com/lists/oss-security/2011/08/22/12 http://www.openwall.com/lists/oss-security/2011/08/22/4 http://www.openwall.com/lists/oss-security/2011/08/22/7 http://developer.pidgin.im/viewmtn/revision/diff/5c2dba4a7e2e76b76e7f472b88953a4316706d43/with/16af0661899a978b4fedc1c165965b85009013d1/libpurple/protocols/msn/httpconn.c http://developer.pidgin.im/viewmtn/revision/info/16af0661899a978b4fedc1c165965b85009013d1 http://pidgin.im/news/security/?id=54 https://bugzilla.redhat.com/show_bug.cgi?id=732405 oval:org.mitre.oval:def:18284 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18284 pidgin-msn-protocol-dos(69341) https://exchange.xforce.ibmcloud.com/vulnerabilities/69341 Common Vulnerability Exposure (CVE) ID: CVE-2011-3185 BugTraq ID: 49268 Bugtraq: 20110822 Insomnia : ISVA-110822.1 - Pidgin IM Insecure URL Handling Remote Code Execution (Google Search) http://www.securityfocus.com/archive/1/519391/100/0/threaded http://www.insomniasec.com/advisories/ISVA-110822.1.htm http://www.openwall.com/lists/oss-security/2011/08/22/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18324 XForce ISS Database: pidgin-uri-code-execution(69342) https://exchange.xforce.ibmcloud.com/vulnerabilities/69342
Copyright	Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.