ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2016.0236
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2016-0236)
Resumen:	The remote host is missing an update for the 'pidgin' package(s) announced via the MGASA-2016-0236 advisory.
Descripción:	Summary: The remote host is missing an update for the 'pidgin' package(s) announced via the MGASA-2016-0236 advisory. Vulnerability Insight: A buffer overflows vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in arbitrary code execution. A malicious server or an attacker who intercepts the network traffic can send an invalid size for a packet which will trigger a buffer overflow (CVE-2016-2376). A buffer vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent by the server could potentially result in an out of bounds write of one byte. A malicious server can send a negative content-length in response to a HTTP request triggering the vulnerability (CVE-2016-2377). A buffer overflow vulnerability exists in the handling of the MXIT protocol Pidgin. Specially crafted data sent via the server could potentially result in a buffer overflow, potentially resulting in memory corruption. A malicious server or an unfiltered malicious user can send negative length values to trigger this vulnerability (CVE-2016-2378). An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent to the server could potentially result in an out of bounds read. A user could be convinced to enter a particular string which would then get converted incorrectly and could lead to a potential out-of-bounds read (CVE-2016-2380). A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can provide an invalid filename for a splash image triggering the vulnerability (CVE-2016-4323). A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a null pointer dereference. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this vulnerability and cause a crash (CVE-2016-2365). A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this vulnerability and cause a crash (CVE-2016-2366). An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out of bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for an avatar which will trigger an out-of-bounds read vulnerability. This could result in a denial of service or copy data from memory to the file, resulting in an information leak if the avatar is sent to another user (CVE-2016-2367). Multiple memory corruption vulnerabilities ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'pidgin' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-2365 BugTraq ID: 91335 http://www.securityfocus.com/bid/91335 Debian Security Information: DSA-3620 (Google Search) http://www.debian.org/security/2016/dsa-3620 https://security.gentoo.org/glsa/201701-38 http://www.talosintelligence.com/reports/TALOS-2016-0133/ http://www.ubuntu.com/usn/USN-3031-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-2366 http://www.talosintelligence.com/reports/TALOS-2016-0134/ Common Vulnerability Exposure (CVE) ID: CVE-2016-2367 http://www.talosintelligence.com/reports/TALOS-2016-0135/ Common Vulnerability Exposure (CVE) ID: CVE-2016-2368 http://www.talosintelligence.com/reports/TALOS-2016-0136/ Common Vulnerability Exposure (CVE) ID: CVE-2016-2369 http://www.talosintelligence.com/reports/TALOS-2016-0137/ Common Vulnerability Exposure (CVE) ID: CVE-2016-2370 http://www.talosintelligence.com/reports/TALOS-2016-0138/ Common Vulnerability Exposure (CVE) ID: CVE-2016-2371 http://www.talosintelligence.com/reports/TALOS-2016-0139/ Common Vulnerability Exposure (CVE) ID: CVE-2016-2372 http://www.talosintelligence.com/reports/TALOS-2016-0140/ Common Vulnerability Exposure (CVE) ID: CVE-2016-2373 http://www.talosintelligence.com/reports/TALOS-2016-0141/ Common Vulnerability Exposure (CVE) ID: CVE-2016-2374 http://www.talosintelligence.com/reports/TALOS-2016-0142/ Common Vulnerability Exposure (CVE) ID: CVE-2016-2375 http://www.talosintelligence.com/reports/TALOS-2016-0143/ Common Vulnerability Exposure (CVE) ID: CVE-2016-2376 http://www.talosintelligence.com/reports/TALOS-2016-0118/ Common Vulnerability Exposure (CVE) ID: CVE-2016-2377 http://www.talosintelligence.com/reports/TALOS-2016-0119/ Common Vulnerability Exposure (CVE) ID: CVE-2016-2378 http://www.talosintelligence.com/reports/TALOS-2016-0120/ Common Vulnerability Exposure (CVE) ID: CVE-2016-2380 http://www.talosintelligence.com/reports/TALOS-2016-0123/ Common Vulnerability Exposure (CVE) ID: CVE-2016-4323 http://www.talosintelligence.com/reports/TALOS-2016-0128/
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.