English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.64038
Category:Debian Local Security Checks
Title:Debian: Security Advisory (DSA-1805-1)
Summary:The remote host is missing an update for the Debian 'pidgin' package(s) announced via the DSA-1805-1 advisory.
Description:Summary:
The remote host is missing an update for the Debian 'pidgin' package(s) announced via the DSA-1805-1 advisory.

Vulnerability Insight:
Several vulnerabilities have been discovered in Pidgin, a graphical multi-protocol instant messaging client. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2009-1373

A buffer overflow in the Jabber file transfer code may lead to denial of service or the execution of arbitrary code.

CVE-2009-1375

Memory corruption in an internal library may lead to denial of service.

CVE-2009-1376

The patch provided for the security issue tracked as CVE-2008-2927 - integer overflows in the MSN protocol handler - was found to be incomplete.

The old stable distribution (etch) is affected under the source package name gaim. However, due to build problems the updated packages couldn't be released along with the stable version. It will be released once the build problem is resolved.

For the stable distribution (lenny), these problems have been fixed in version 2.4.3-4lenny2.

For the unstable distribution (sid), these problems have been fixed in version 2.5.6-1.

We recommend that you upgrade your pidgin packages.

Affected Software/OS:
'pidgin' package(s) on Debian 5.

Solution:
Please install the updated package(s).

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-2927
1020451
http://www.securitytracker.com/id?1020451
20080625 Pidgin 2.4.1 Vulnerability
http://www.securityfocus.com/archive/1/493682
20080806 rPSA-2008-0246-1 gaim
http://www.securityfocus.com/archive/1/495165/100/0/threaded
20080828 ZDI-08-054: Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability
http://www.securityfocus.com/archive/1/495818/100/0/threaded
29956
http://www.securityfocus.com/bid/29956
30971
http://secunia.com/advisories/30971
31016
http://secunia.com/advisories/31016
31105
http://secunia.com/advisories/31105
31387
http://secunia.com/advisories/31387
31642
http://secunia.com/advisories/31642
32859
http://secunia.com/advisories/32859
32861
http://secunia.com/advisories/32861
ADV-2008-2032
http://www.vupen.com/english/advisories/2008/2032/references
DSA-1610
http://www.debian.org/security/2008/dsa-1610
MDVSA-2008:143
http://www.mandriva.com/security/advisories?name=MDVSA-2008:143
MDVSA-2009:127
http://www.mandriva.com/security/advisories?name=MDVSA-2009:127
RHSA-2008:0584
http://www.redhat.com/support/errata/RHSA-2008-0584.html
USN-675-1
http://www.ubuntu.com/usn/USN-675-1
USN-675-2
http://www.ubuntu.com/usn/USN-675-2
[oss-security] 20080703 Re: Re: CVE Request (pidgin)
http://www.openwall.com/lists/oss-security/2008/07/04/1
[oss-security] 20080704 Re: Re: CVE Request (pidgin)
http://www.openwall.com/lists/oss-security/2008/07/03/6
adium-msnprotocol-code-execution(44774)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44774
http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msn/slplink.c
http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msnp9/slplink.c
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246
http://www.pidgin.im/news/security/?id=25
http://www.zerodayinitiative.com/advisories/ZDI-08-054
https://bugzilla.redhat.com/show_bug.cgi?id=453764
https://issues.rpath.com/browse/RPL-2647
oval:org.mitre.oval:def:11695
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11695
oval:org.mitre.oval:def:17972
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17972
Common Vulnerability Exposure (CVE) ID: CVE-2009-1373
35067
http://www.securityfocus.com/bid/35067
35188
http://secunia.com/advisories/35188
35194
http://secunia.com/advisories/35194
35202
http://secunia.com/advisories/35202
35215
http://secunia.com/advisories/35215
35294
http://secunia.com/advisories/35294
35329
http://secunia.com/advisories/35329
35330
http://secunia.com/advisories/35330
ADV-2009-1396
http://www.vupen.com/english/advisories/2009/1396
DSA-1805
http://debian.org/security/2009/dsa-1805
FEDORA-2009-5552
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html
FEDORA-2009-5583
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html
FEDORA-2009-5597
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html
GLSA-200905-07
http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml
MDVSA-2009:140
http://www.mandriva.com/security/advisories?name=MDVSA-2009:140
MDVSA-2009:173
http://www.mandriva.com/security/advisories?name=MDVSA-2009:173
RHSA-2009:1059
http://www.redhat.com/support/errata/RHSA-2009-1059.html
RHSA-2009:1060
http://www.redhat.com/support/errata/RHSA-2009-1060.html
USN-781-1
http://www.ubuntu.com/usn/USN-781-1
USN-781-2
http://www.ubuntu.com/usn/USN-781-2
http://www.pidgin.im/news/security/?id=29
https://bugzilla.redhat.com/show_bug.cgi?id=500488
oval:org.mitre.oval:def:17722
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17722
oval:org.mitre.oval:def:9005
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9005
pidgin-xmppsocks5-bo(50682)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50682
Common Vulnerability Exposure (CVE) ID: CVE-2009-1375
54649
http://osvdb.org/54649
http://www.pidgin.im/news/security/?id=31
https://bugzilla.redhat.com/show_bug.cgi?id=500491
oval:org.mitre.oval:def:10829
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10829
pidgin-purplecircbuffer-dos(50683)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50683
Common Vulnerability Exposure (CVE) ID: CVE-2009-1376
37071
http://secunia.com/advisories/37071
http://www.pidgin.im/news/security/?id=32
https://bugzilla.redhat.com/show_bug.cgi?id=500493
oval:org.mitre.oval:def:10476
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10476
oval:org.mitre.oval:def:18432
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18432
pidgin-msn-slp-bo(50680)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50680
CopyrightCopyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.