Test ID:	1.3.6.1.4.1.25623.1.0.61254
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2008:0584
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2008:0584. Pidgin is a multi-protocol Internet Messaging client. An integer overflow flaw was found in Pidgin's MSN protocol handler. If a user received a malicious MSN message, it was possible to execute arbitrary code with the permissions of the user running Pidgin. (CVE-2008-2927) Note: the default Pidgin privacy setting only allows messages from users in the buddy list. This prevents arbitrary MSN users from exploiting this flaw. This update also addresses the following bug: * when attempting to connect to the ICQ network, Pidgin would fail to connect, present an alert saying the The client version you are using is too old, and de-activate the ICQ account. This update restores Pidgin's ability to connect to the ICQ network. All Pidgin users should upgrade to these updated packages, which contain backported patches to resolve these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2008-0584.html http://www.redhat.com/security/updates/classification/#important Risk factor : High CVSS Score: 6.8
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2927 1020451 http://www.securitytracker.com/id?1020451 20080625 Pidgin 2.4.1 Vulnerability http://www.securityfocus.com/archive/1/493682 20080806 rPSA-2008-0246-1 gaim http://www.securityfocus.com/archive/1/495165/100/0/threaded 20080828 ZDI-08-054: Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability http://www.securityfocus.com/archive/1/495818/100/0/threaded 29956 http://www.securityfocus.com/bid/29956 30971 http://secunia.com/advisories/30971 31016 http://secunia.com/advisories/31016 31105 http://secunia.com/advisories/31105 31387 http://secunia.com/advisories/31387 31642 http://secunia.com/advisories/31642 32859 http://secunia.com/advisories/32859 32861 http://secunia.com/advisories/32861 ADV-2008-2032 http://www.vupen.com/english/advisories/2008/2032/references DSA-1610 http://www.debian.org/security/2008/dsa-1610 MDVSA-2008:143 http://www.mandriva.com/security/advisories?name=MDVSA-2008:143 MDVSA-2009:127 http://www.mandriva.com/security/advisories?name=MDVSA-2009:127 RHSA-2008:0584 http://www.redhat.com/support/errata/RHSA-2008-0584.html USN-675-1 http://www.ubuntu.com/usn/USN-675-1 USN-675-2 http://www.ubuntu.com/usn/USN-675-2 [oss-security] 20080703 Re: Re: CVE Request (pidgin) http://www.openwall.com/lists/oss-security/2008/07/04/1 [oss-security] 20080704 Re: Re: CVE Request (pidgin) http://www.openwall.com/lists/oss-security/2008/07/03/6 adium-msnprotocol-code-execution(44774) https://exchange.xforce.ibmcloud.com/vulnerabilities/44774 http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msn/slplink.c http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msnp9/slplink.c http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246 http://www.pidgin.im/news/security/?id=25 http://www.zerodayinitiative.com/advisories/ZDI-08-054 https://bugzilla.redhat.com/show_bug.cgi?id=453764 https://issues.rpath.com/browse/RPL-2647 oval:org.mitre.oval:def:11695 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11695 oval:org.mitre.oval:def:17972 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17972
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.