Denial of Service : Pidgin Multiple Denial of Service Vulnerabilities (Feb 2013)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.803308

Categoría: Denial of Service

Título: Pidgin Multiple Denial of Service Vulnerabilities (Feb 2013) - Windows

Resumen: Pidgin is prone to multiple denial of service vulnerabilities.

Descripción: Summary:
Pidgin is prone to multiple denial of service vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to:

- MXit protocol in libpurple saves an image to local disk using a filename.

- Buffer overflow in http.c via HTTP header.

- Does not properly terminate long user IDs, in sametime.c in libpurple.

- upnp.c in libpurple fails to null-terminate strings in UPnP responses.

Vulnerability Impact:
Successful exploitation allows remote attackers to execute arbitrary code,
overwrite arbitrary local files or cause a denial of service.

Affected Software/OS:
Pidgin versions prior to 2.10.7

Solution:
Upgrade to Pidgin version 2.10.7 or later.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-0271
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18386
SuSE Security Announcement: SUSE-SU-2013:0388 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00003.html
SuSE Security Announcement: openSUSE-SU-2013:0405 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00006.html
http://www.ubuntu.com/usn/USN-1746-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-0272
BugTraq ID: 57951
http://www.securityfocus.com/bid/57951
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17474
SuSE Security Announcement: openSUSE-SU-2013:0407 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00007.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-0273
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18340
Common Vulnerability Exposure (CVE) ID: CVE-2013-0274
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18221

Copyright Copyright (C) 2013 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.803308
Categoría:	Denial of Service
Título:	Pidgin Multiple Denial of Service Vulnerabilities (Feb 2013) - Windows
Resumen:	Pidgin is prone to multiple denial of service vulnerabilities.
Descripción:	Summary: Pidgin is prone to multiple denial of service vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - MXit protocol in libpurple saves an image to local disk using a filename. - Buffer overflow in http.c via HTTP header. - Does not properly terminate long user IDs, in sametime.c in libpurple. - upnp.c in libpurple fails to null-terminate strings in UPnP responses. Vulnerability Impact: Successful exploitation allows remote attackers to execute arbitrary code, overwrite arbitrary local files or cause a denial of service. Affected Software/OS: Pidgin versions prior to 2.10.7 Solution: Upgrade to Pidgin version 2.10.7 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-0271 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18386 SuSE Security Announcement: SUSE-SU-2013:0388 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00003.html SuSE Security Announcement: openSUSE-SU-2013:0405 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00006.html http://www.ubuntu.com/usn/USN-1746-1 Common Vulnerability Exposure (CVE) ID: CVE-2013-0272 BugTraq ID: 57951 http://www.securityfocus.com/bid/57951 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17474 SuSE Security Announcement: openSUSE-SU-2013:0407 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00007.html Common Vulnerability Exposure (CVE) ID: CVE-2013-0273 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18340 Common Vulnerability Exposure (CVE) ID: CVE-2013-0274 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18221
Copyright	Copyright (C) 2013 Greenbone AG