 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.841705 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu: Security Advisory (USN-2100-1) |
| Summary: | The remote host is missing an update for the 'pidgin' package(s) announced via the USN-2100-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'pidgin' package(s) announced via the USN-2100-1 advisory. Vulnerability Insight: Thijs Alkemade and Robert Vehse discovered that Pidgin incorrectly handled the Yahoo! protocol. A remote attacker could use this issue to cause Pidgin to crash, resulting in a denial of service. (CVE-2012-6152) Jaime Breva Ribes discovered that Pidgin incorrectly handled the XMPP protocol. A remote attacker could use this issue to cause Pidgin to crash, resulting in a denial of service. (CVE-2013-6477) It was discovered that Pidgin incorrectly handled long URLs. A remote attacker could use this issue to cause Pidgin to crash, resulting in a denial of service. (CVE-2013-6478) Jacob Appelbaum discovered that Pidgin incorrectly handled certain HTTP responses. A malicious remote server or a machine-in-the-middle could use this issue to cause Pidgin to crash, resulting in a denial of service. (CVE-2013-6479) Daniel Atallah discovered that Pidgin incorrectly handled the Yahoo! protocol. A remote attacker could use this issue to cause Pidgin to crash, resulting in a denial of service. (CVE-2013-6481) Fabian Yamaguchi and Christian Wressnegger discovered that Pidgin incorrectly handled the MSN protocol. A remote attacker could use this issue to cause Pidgin to crash, resulting in a denial of service. (CVE-2013-6482) Fabian Yamaguchi and Christian Wressnegger discovered that Pidgin incorrectly handled XMPP iq replies. A remote attacker could use this issue to spoof messages. (CVE-2013-6483) It was discovered that Pidgin incorrectly handled STUN server responses. A remote attacker could use this issue to cause Pidgin to crash, resulting in a denial of service. (CVE-2013-6484) Matt Jones discovered that Pidgin incorrectly handled certain chunked HTTP responses. A malicious remote server or a machine-in-the-middle could use this issue to cause Pidgin to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2013-6485) Yves Younan and Ryan Pentney discovered that Pidgin incorrectly handled certain Gadu-Gadu HTTP messages. A malicious remote server or a machine-in-the-middle could use this issue to cause Pidgin to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2013-6487) Yves Younan and Pawel Janic discovered that Pidgin incorrectly handled MXit emoticons. A remote attacker could use this issue to cause Pidgin to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2013-6489) Yves Younan discovered that Pidgin incorrectly handled SIMPLE headers. A remote attacker could use this issue to cause Pidgin to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2013-6490) Daniel Atallah discovered that Pidgin incorrectly handled IRC argument parsing. A malicious remote server or a machine-in-the-middle could use this issue to cause Pidgin to crash, resulting in a denial of service. (CVE-2014-0020) Affected Software/OS: 'pidgin' package(s) on Ubuntu 12.04, Ubuntu 12.10, Ubuntu 13.10. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2012-6152 RedHat Security Advisories: RHSA-2014:0139 https://rhn.redhat.com/errata/RHSA-2014-0139.html SuSE Security Announcement: openSUSE-SU-2014:0239 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html SuSE Security Announcement: openSUSE-SU-2014:0326 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html http://www.ubuntu.com/usn/USN-2100-1 Common Vulnerability Exposure (CVE) ID: CVE-2013-6477 Debian Security Information: DSA-2859 (Google Search) http://www.debian.org/security/2014/dsa-2859 Common Vulnerability Exposure (CVE) ID: CVE-2013-6478 http://pidgin.im/pipermail/support/2013-March/012980.html http://pidgin.im/pipermail/support/2013-March/012981.html Common Vulnerability Exposure (CVE) ID: CVE-2013-6479 Common Vulnerability Exposure (CVE) ID: CVE-2013-6481 Common Vulnerability Exposure (CVE) ID: CVE-2013-6482 Common Vulnerability Exposure (CVE) ID: CVE-2013-6483 Common Vulnerability Exposure (CVE) ID: CVE-2013-6484 Common Vulnerability Exposure (CVE) ID: CVE-2013-6485 BugTraq ID: 65243 http://www.securityfocus.com/bid/65243 Common Vulnerability Exposure (CVE) ID: CVE-2013-6487 BugTraq ID: 65188 http://www.securityfocus.com/bid/65188 Debian Security Information: DSA-2852 (Google Search) http://www.debian.org/security/2014/dsa-2852 http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128277.html https://security.gentoo.org/glsa/201508-02 http://www.mandriva.com/security/advisories?name=MDVSA-2014:039 http://libgadu.net/releases/1.11.3.html http://vrt-blog.snort.org/2014/01/vrt-2013-1001-cve-2013-6487-buffer.html http://www.ubuntu.com/usn/USN-2101-1 Common Vulnerability Exposure (CVE) ID: CVE-2013-6489 BugTraq ID: 65192 http://www.securityfocus.com/bid/65192 http://hg.pidgin.im/pidgin/main/rev/4c897372b5a4 Common Vulnerability Exposure (CVE) ID: CVE-2013-6490 BugTraq ID: 65195 http://www.securityfocus.com/bid/65195 Common Vulnerability Exposure (CVE) ID: CVE-2014-0020 |
| Copyright | Copyright (C) 2014 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |