Test ID:	1.3.6.1.4.1.25623.1.0.802331
Category:	Denial of Service
Title:	Pidgin Libpurple Protocol Plugins Denial of Service Vulnerabilities - Windows
Summary:	Pidgin is prone to denial of service vulnerabilities.
Description:	Summary: Pidgin is prone to denial of service vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - An error in the IRC protocol plugin in libpurple when handling WHO responses with special characters in the nicknames. - An error in the MSN protocol plugin when handling HTTP 100 responses. - Improper handling of 'file:// URI', allows to execute the file when user clicks on a file:// URI in a received IM. Vulnerability Impact: Successful exploitation allows remote attackers to execute arbitrary code, obtain sensitive information or cause a denial of service. Affected Software/OS: Pidgin versions prior to 2.10.0 Solution: Upgrade to Pidgin version 2.10.0 or later. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2943 1025961 http://securitytracker.com/id?1025961 45663 http://secunia.com/advisories/45663 45916 http://secunia.com/advisories/45916 49268 http://www.securityfocus.com/bid/49268 [oss-security] 20110820 CVE request: Pidgin crash http://www.openwall.com/lists/oss-security/2011/08/20/2 [oss-security] 20110822 Re: CVE request: Pidgin crash http://www.openwall.com/lists/oss-security/2011/08/22/2 http://developer.pidgin.im/viewmtn/revision/diff/5749f9193063800d27bef75c2388f6f9cc2f7f37/with/5c2dba4a7e2e76b76e7f472b88953a4316706d43/libpurple/protocols/irc/msgs.c http://developer.pidgin.im/viewmtn/revision/info/5c2dba4a7e2e76b76e7f472b88953a4316706d43 http://pidgin.im/news/security/?id=53 https://bugzilla.redhat.com/show_bug.cgi?id=722939 oval:org.mitre.oval:def:18005 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18005 pidgin-irc-protocol-dos(69340) https://exchange.xforce.ibmcloud.com/vulnerabilities/69340 Common Vulnerability Exposure (CVE) ID: CVE-2011-3184 FEDORA-2011-11544 http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064943.html FEDORA-2011-11595 http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065190.html http://www.openwall.com/lists/oss-security/2011/08/22/10 http://www.openwall.com/lists/oss-security/2011/08/22/12 http://www.openwall.com/lists/oss-security/2011/08/22/4 http://www.openwall.com/lists/oss-security/2011/08/22/7 http://developer.pidgin.im/viewmtn/revision/diff/5c2dba4a7e2e76b76e7f472b88953a4316706d43/with/16af0661899a978b4fedc1c165965b85009013d1/libpurple/protocols/msn/httpconn.c http://developer.pidgin.im/viewmtn/revision/info/16af0661899a978b4fedc1c165965b85009013d1 http://pidgin.im/news/security/?id=54 https://bugzilla.redhat.com/show_bug.cgi?id=732405 oval:org.mitre.oval:def:18284 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18284 pidgin-msn-protocol-dos(69341) https://exchange.xforce.ibmcloud.com/vulnerabilities/69341 Common Vulnerability Exposure (CVE) ID: CVE-2011-3185 BugTraq ID: 49268 Bugtraq: 20110822 Insomnia : ISVA-110822.1 - Pidgin IM Insecure URL Handling Remote Code Execution (Google Search) http://www.securityfocus.com/archive/1/519391/100/0/threaded http://www.insomniasec.com/advisories/ISVA-110822.1.htm http://www.openwall.com/lists/oss-security/2011/08/22/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18324 XForce ISS Database: pidgin-uri-code-execution(69342) https://exchange.xforce.ibmcloud.com/vulnerabilities/69342
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.