Denial of Service : Pidgin XMPP And SILC Protocols Denial of Service Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.902650

Categoría: Denial of Service

Título: Pidgin XMPP And SILC Protocols Denial of Service Vulnerabilities - Windows

Resumen: Pidgin is prone to denial of service vulnerabilities.

Descripción: Summary:
Pidgin is prone to denial of service vulnerabilities.

Vulnerability Insight:
Multiplw flaws are due to

- An error in the silc_channel_message function in ops.c in the SILC
protocol plugin in libpurple, which fails to validate that a piece of text
was UTF-8 when receiving various incoming messages.

- An error in the XMPP protocol plugin in libpurple, which fails to ensure
that the incoming message contained all required fields when receiving
various stanzas related to voice and video chat.

- An error in the family_feedbag.c in the oscar protocol plugin, which fails
to validate that a piece of text was UTF-8 when receiving various incoming
messages.

Vulnerability Impact:
Successful exploitation will allow remote attackers to cause the application
to crash, denying service to legitimate users.

Affected Software/OS:
Pidgin versions prior to 2.10.1

Solution:
Upgrade to Pidgin version 2.10.1 or later.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-4602
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18420
http://www.redhat.com/support/errata/RHSA-2011-1820.html
http://www.redhat.com/support/errata/RHSA-2011-1821.html
http://secunia.com/advisories/47219
http://secunia.com/advisories/47234
SuSE Security Announcement: openSUSE-SU-2012:0066 (Google Search)
https://hermes.opensuse.org/messages/13195955
Common Vulnerability Exposure (CVE) ID: CVE-2011-4603
BugTraq ID: 51074
http://www.securityfocus.com/bid/51074
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18303
Common Vulnerability Exposure (CVE) ID: CVE-2011-4601
BugTraq ID: 51010
http://www.securityfocus.com/bid/51010
http://www.mandriva.com/security/advisories?name=MDVSA-2011:183
http://www.openwall.com/lists/oss-security/2011/12/10/1
http://www.openwall.com/lists/oss-security/2011/12/10/2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18408

Copyright Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.902650
Categoría:	Denial of Service
Título:	Pidgin XMPP And SILC Protocols Denial of Service Vulnerabilities - Windows
Resumen:	Pidgin is prone to denial of service vulnerabilities.
Descripción:	Summary: Pidgin is prone to denial of service vulnerabilities. Vulnerability Insight: Multiplw flaws are due to - An error in the silc_channel_message function in ops.c in the SILC protocol plugin in libpurple, which fails to validate that a piece of text was UTF-8 when receiving various incoming messages. - An error in the XMPP protocol plugin in libpurple, which fails to ensure that the incoming message contained all required fields when receiving various stanzas related to voice and video chat. - An error in the family_feedbag.c in the oscar protocol plugin, which fails to validate that a piece of text was UTF-8 when receiving various incoming messages. Vulnerability Impact: Successful exploitation will allow remote attackers to cause the application to crash, denying service to legitimate users. Affected Software/OS: Pidgin versions prior to 2.10.1 Solution: Upgrade to Pidgin version 2.10.1 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-4602 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18420 http://www.redhat.com/support/errata/RHSA-2011-1820.html http://www.redhat.com/support/errata/RHSA-2011-1821.html http://secunia.com/advisories/47219 http://secunia.com/advisories/47234 SuSE Security Announcement: openSUSE-SU-2012:0066 (Google Search) https://hermes.opensuse.org/messages/13195955 Common Vulnerability Exposure (CVE) ID: CVE-2011-4603 BugTraq ID: 51074 http://www.securityfocus.com/bid/51074 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18303 Common Vulnerability Exposure (CVE) ID: CVE-2011-4601 BugTraq ID: 51010 http://www.securityfocus.com/bid/51010 http://www.mandriva.com/security/advisories?name=MDVSA-2011:183 http://www.openwall.com/lists/oss-security/2011/12/10/1 http://www.openwall.com/lists/oss-security/2011/12/10/2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18408
Copyright	Copyright (C) 2011 Greenbone AG