English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 75516 CVE descriptions
and 39786 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.64942
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2009:1453
Summary:Redhat Security Advisory RHSA-2009:1453
Description:The remote host is missing updates announced in
advisory RHSA-2009:1453.

Pidgin is an instant messaging program which can log in to multiple
accounts on multiple instant messaging networks simultaneously. Info/Query
(IQ) is an Extensible Messaging and Presence Protocol (XMPP) specific
request-response mechanism.

A NULL pointer dereference flaw was found in the way the Pidgin XMPP
protocol plug-in processes IQ error responses when trying to fetch a custom
smiley. A remote client could send a specially-crafted IQ error response
that would crash Pidgin. (CVE-2009-3085)

A NULL pointer dereference flaw was found in the way the Pidgin IRC
protocol plug-in handles IRC topics. A malicious IRC server could send a
specially-crafted IRC TOPIC message, which once received by Pidgin, would
lead to a denial of service (Pidgin crash). (CVE-2009-2703)

It was discovered that, when connecting to certain, very old Jabber servers
via XMPP, Pidgin may ignore the Require SSL/TLS setting. In these
situations, a non-encrypted connection is established rather than the
connection failing, causing the user to believe they are using an encrypted
connection when they are not, leading to sensitive information disclosure
(session sniffing). (CVE-2009-3026)

A NULL pointer dereference flaw was found in the way the Pidgin MSN
protocol plug-in handles improper MSNSLP invitations. A remote attacker
could send a specially-crafted MSNSLP invitation request, which once
accepted by a valid Pidgin user, would lead to a denial of service (Pidgin
crash). (CVE-2009-3083)

These packages upgrade Pidgin to version 2.6.2. Refer to the Pidgin release
notes for a full list of changes: http://developer.pidgin.im/wiki/ChangeLog

All Pidgin users should upgrade to these updated packages, which correct
these issues. Pidgin must be restarted for this update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2009-1453.html
http://www.redhat.com/security/updates/classification/#moderate
http://xmpp.org/rfcs/rfc3920.html#stanzas-semantics-iq
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-2703
BugTraq ID: 36277
http://www.securityfocus.com/bid/36277
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11379
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6435
http://secunia.com/advisories/36601
Common Vulnerability Exposure (CVE) ID: CVE-2009-3026
http://www.openwall.com/lists/oss-security/2009/08/24/2
BugTraq ID: 36368
http://www.securityfocus.com/bid/36368
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11070
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5757
http://secunia.com/advisories/37071
XForce ISS Database: pidgin-libpurple-weak-security(53000)
http://xforce.iss.net/xforce/xfdb/53000
Common Vulnerability Exposure (CVE) ID: CVE-2009-3083
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11852
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6322
Common Vulnerability Exposure (CVE) ID: CVE-2009-3085
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11223
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6434
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 39786 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.