Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.64038
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 1805-1 (pidgin)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to pidgin
announced via advisory DSA 1805-1.

Several vulnerabilities have been discovered in Pidgin, a graphical
multi-protocol instant messaging client. The Common Vulnerabilities and
Exposures project identifies the following problems:

CVE-2009-1373

A buffer overflow in the Jabber file transfer code may lead to
denial of service or the execution of arbitrary code.

CVE-2009-1375

Memory corruption in an internal library may lead to denial of
service.

CVE-2009-1376

The patch provided for the security issue tracked as CVE-2008-2927
- integer overflows in the MSN protocol handler - was found to be
incomplete.

The old stable distribution (etch) is affected under the source package
name gaim. However, due to build problems the updated packages couldn't
be released along with the stable version. It will be released once the
build problem is resolved.

For the stable distribution (lenny), these problems have been fixed in
version 2.4.3-4lenny2.

For the unstable distribution (sid), these problems have been fixed in
version 2.5.6-1.

We recommend that you upgrade your pidgin packages.

Solution:
http://www.securityspace.com/smysecure/catid.html?in=DSA%201805-1

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-1373
BugTraq ID: 35067
http://www.securityfocus.com/bid/35067
Debian Security Information: DSA-1805 (Google Search)
http://debian.org/security/2009/dsa-1805
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html
http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:140
http://www.mandriva.com/security/advisories?name=MDVSA-2009:173
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17722
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9005
http://www.redhat.com/support/errata/RHSA-2009-1059.html
http://www.redhat.com/support/errata/RHSA-2009-1060.html
http://secunia.com/advisories/35188
http://secunia.com/advisories/35194
http://secunia.com/advisories/35202
http://secunia.com/advisories/35215
http://secunia.com/advisories/35294
http://secunia.com/advisories/35329
http://secunia.com/advisories/35330
http://www.ubuntu.com/usn/USN-781-1
http://www.ubuntu.com/usn/USN-781-2
http://www.vupen.com/english/advisories/2009/1396
XForce ISS Database: pidgin-xmppsocks5-bo(50682)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50682
Common Vulnerability Exposure (CVE) ID: CVE-2009-1375
http://osvdb.org/54649
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10829
XForce ISS Database: pidgin-purplecircbuffer-dos(50683)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50683
Common Vulnerability Exposure (CVE) ID: CVE-2009-1376
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10476
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18432
http://secunia.com/advisories/37071
XForce ISS Database: pidgin-msn-slp-bo(50680)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50680
Common Vulnerability Exposure (CVE) ID: CVE-2008-2927
BugTraq ID: 29956
http://www.securityfocus.com/bid/29956
Bugtraq: 20080625 Pidgin 2.4.1 Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/493682
Bugtraq: 20080806 rPSA-2008-0246-1 gaim (Google Search)
http://www.securityfocus.com/archive/1/495165/100/0/threaded
Bugtraq: 20080828 ZDI-08-054: Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/495818/100/0/threaded
Debian Security Information: DSA-1610 (Google Search)
http://www.debian.org/security/2008/dsa-1610
http://www.mandriva.com/security/advisories?name=MDVSA-2008:143
http://www.mandriva.com/security/advisories?name=MDVSA-2009:127
http://www.zerodayinitiative.com/advisories/ZDI-08-054
http://www.openwall.com/lists/oss-security/2008/07/04/1
http://www.openwall.com/lists/oss-security/2008/07/03/6
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11695
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17972
http://www.redhat.com/support/errata/RHSA-2008-0584.html
http://www.securitytracker.com/id?1020451
http://secunia.com/advisories/30971
http://secunia.com/advisories/31016
http://secunia.com/advisories/31105
http://secunia.com/advisories/31387
http://secunia.com/advisories/31642
http://secunia.com/advisories/32859
http://secunia.com/advisories/32861
http://www.ubuntu.com/usn/USN-675-1
http://www.ubuntu.com/usn/USN-675-2
http://www.vupen.com/english/advisories/2008/2032/references
XForce ISS Database: adium-msnprotocol-code-execution(44774)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44774
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.