 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.1.10.2014.0034 |
| Categoría: | Mageia Linux Local Security Checks |
| Título: | Mageia: Security Advisory (MGASA-2014-0034) |
| Resumen: | The remote host is missing an update for the 'pidgin' package(s) announced via the MGASA-2014-0034 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'pidgin' package(s) announced via the MGASA-2014-0034 advisory. Vulnerability Insight: Many places in the Yahoo! protocol plugin assumed incoming strings were UTF-8 and failed to transcode from non-UTF-8 encodings. This can lead to a crash when receiving strings that aren't UTF-8 (CVE-2012-6152). A remote XMPP user can trigger a crash on some systems by sending a message with a timestamp in the distant future (CVE-2013-6477). libX11 forcefully exits causing a crash when Pidgin tries to create an exceptionally wide tooltip window when hovering the pointer over a long URL (CVE-2013-6478). A malicious server or man-in-the-middle could send a malformed HTTP response that could lead to a crash (CVE-2013-6479). The Yahoo! protocol plugin failed to validate a length field before trying to read from a buffer, which could result in reading past the end of the buffer which could cause a crash when reading a P2P message (CVE-2013-6481). NULL pointer dereferences in the MSN protocol plugin due to a malformed Content-Length header, or a malicious server or man-in-the-middle sending a specially crafted OIM data XML response or SOAP response (CVE-2013-6482). The XMPP protocol plugin failed to ensure that iq replies came from the person they were sent to. A remote user could send a spoofed iq reply and attempt to guess the iq id. This could allow an attacker to inject fake data or trigger a null pointer dereference (CVE-2013-6483). Incorrect error handling when reading the response from a STUN server could lead to a crash (CVE-2013-6484). A malicious server or man-in-the-middle could cause a buffer overflow by sending a malformed HTTP response with chunked Transfer-Encoding with invalid chunk sizes (CVE-2013-6485). A malicious server or man-in-the-middle could send a large value for Content-Length and cause an integer overflow which could lead to a buffer overflow in Gadu-Gadu HTTP parsing (CVE-2013-6487). A specially crafted emoticon value could cause an integer overflow which could lead to a buffer overflow in MXit emoticon parsing (CVE-2013-6489). A Content-Length of -1 could lead to a buffer overflow in SIMPLE header parsing (CVE-2013-6490). A malicious server or man-in-the-middle could trigger a crash in IRC argument parsing in libpurple by sending a message with fewer than expected arguments (CVE-2014-0020). Affected Software/OS: 'pidgin' package(s) on Mageia 3. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2012-6152 RedHat Security Advisories: RHSA-2014:0139 https://rhn.redhat.com/errata/RHSA-2014-0139.html SuSE Security Announcement: openSUSE-SU-2014:0239 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html SuSE Security Announcement: openSUSE-SU-2014:0326 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html http://www.ubuntu.com/usn/USN-2100-1 Common Vulnerability Exposure (CVE) ID: CVE-2013-6477 Debian Security Information: DSA-2859 (Google Search) http://www.debian.org/security/2014/dsa-2859 Common Vulnerability Exposure (CVE) ID: CVE-2013-6478 http://pidgin.im/pipermail/support/2013-March/012980.html http://pidgin.im/pipermail/support/2013-March/012981.html Common Vulnerability Exposure (CVE) ID: CVE-2013-6479 Common Vulnerability Exposure (CVE) ID: CVE-2013-6481 Common Vulnerability Exposure (CVE) ID: CVE-2013-6482 Common Vulnerability Exposure (CVE) ID: CVE-2013-6483 Common Vulnerability Exposure (CVE) ID: CVE-2013-6484 Common Vulnerability Exposure (CVE) ID: CVE-2013-6485 BugTraq ID: 65243 http://www.securityfocus.com/bid/65243 Common Vulnerability Exposure (CVE) ID: CVE-2013-6487 BugTraq ID: 65188 http://www.securityfocus.com/bid/65188 Debian Security Information: DSA-2852 (Google Search) http://www.debian.org/security/2014/dsa-2852 http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128277.html https://security.gentoo.org/glsa/201508-02 http://www.mandriva.com/security/advisories?name=MDVSA-2014:039 http://libgadu.net/releases/1.11.3.html http://vrt-blog.snort.org/2014/01/vrt-2013-1001-cve-2013-6487-buffer.html http://www.ubuntu.com/usn/USN-2101-1 Common Vulnerability Exposure (CVE) ID: CVE-2013-6489 BugTraq ID: 65192 http://www.securityfocus.com/bid/65192 http://hg.pidgin.im/pidgin/main/rev/4c897372b5a4 Common Vulnerability Exposure (CVE) ID: CVE-2013-6490 BugTraq ID: 65195 http://www.securityfocus.com/bid/65195 Common Vulnerability Exposure (CVE) ID: CVE-2014-0020 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |