Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2009:1453
The remote host is missing updates announced in
advisory RHSA-2009:1453.

Pidgin is an instant messaging program which can log in to multiple
accounts on multiple instant messaging networks simultaneously. Info/Query
(IQ) is an Extensible Messaging and Presence Protocol (XMPP) specific
request-response mechanism.

A NULL pointer dereference flaw was found in the way the Pidgin XMPP
protocol plug-in processes IQ error responses when trying to fetch a custom
smiley. A remote client could send a specially-crafted IQ error response
that would crash Pidgin. (CVE-2009-3085)

A NULL pointer dereference flaw was found in the way the Pidgin IRC
protocol plug-in handles IRC topics. A malicious IRC server could send a
specially-crafted IRC TOPIC message, which once received by Pidgin, would
lead to a denial of service (Pidgin crash). (CVE-2009-2703)

It was discovered that, when connecting to certain, very old Jabber servers
via XMPP, Pidgin may ignore the Require SSL/TLS setting. In these
situations, a non-encrypted connection is established rather than the
connection failing, causing the user to believe they are using an encrypted
connection when they are not, leading to sensitive information disclosure
(session sniffing). (CVE-2009-3026)

A NULL pointer dereference flaw was found in the way the Pidgin MSN
protocol plug-in handles improper MSNSLP invitations. A remote attacker
could send a specially-crafted MSNSLP invitation request, which once
accepted by a valid Pidgin user, would lead to a denial of service (Pidgin
crash). (CVE-2009-3083)

These packages upgrade Pidgin to version 2.6.2. Refer to the Pidgin release
notes for a full list of changes:

All Pidgin users should upgrade to these updated packages, which correct
these issues. Pidgin must be restarted for this update to take effect.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-2703
BugTraq ID: 36277
Common Vulnerability Exposure (CVE) ID: CVE-2009-3026
BugTraq ID: 36368
XForce ISS Database: pidgin-libpurple-weak-security(53000)
Common Vulnerability Exposure (CVE) ID: CVE-2009-3083
Common Vulnerability Exposure (CVE) ID: CVE-2009-3085
CopyrightCopyright (c) 2009 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.