English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.880708
Category:CentOS Local Security Checks
Title:CentOS Update for finch CESA-2009:1060 centos5 i386
Summary:The remote host is missing an update for the 'finch'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'finch'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Pidgin is an instant messaging program which can log in to multiple
accounts on multiple instant messaging networks simultaneously.

A buffer overflow flaw was found in the way Pidgin initiates file transfers
when using the Extensible Messaging and Presence Protocol (XMPP). If a
Pidgin client initiates a file transfer, and the remote target sends a
malformed response, it could cause Pidgin to crash or, potentially, execute
arbitrary code with the permissions of the user running Pidgin. This flaw
only affects accounts using XMPP, such as Jabber and Google Talk.
(CVE-2009-1373)

A denial of service flaw was found in Pidgin's QQ protocol decryption
handler. When the QQ protocol decrypts packet information, heap data can be
overwritten, possibly causing Pidgin to crash. (CVE-2009-1374)

A flaw was found in the way Pidgin's PurpleCircBuffer object is expanded.
If the buffer is full when more data arrives, the data stored in this
buffer becomes corrupted. This corrupted data could result in confusing or
misleading data being presented to the user, or possibly crash Pidgin.
(CVE-2009-1375)

It was discovered that on 32-bit platforms, the Red Hat Security Advisory
RHSA-2008:0584 provided an incomplete fix for the integer overflow flaw
affecting Pidgin's MSN protocol handler. If a Pidgin client receives a
specially-crafted MSN message, it may be possible to execute arbitrary code
with the permissions of the user running Pidgin. (CVE-2009-1376)

Note: By default, when using an MSN account, only users on your buddy list
can send you messages. This prevents arbitrary MSN users from exploiting
this flaw.

All Pidgin users should upgrade to these updated packages, which contain
backported patches to resolve these issues. Pidgin must be restarted for
this update to take effect.

Affected Software/OS:
finch on CentOS 5

Solution:
Please install the updated packages.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-1373
35067
http://www.securityfocus.com/bid/35067
35188
http://secunia.com/advisories/35188
35194
http://secunia.com/advisories/35194
35202
http://secunia.com/advisories/35202
35215
http://secunia.com/advisories/35215
35294
http://secunia.com/advisories/35294
35329
http://secunia.com/advisories/35329
35330
http://secunia.com/advisories/35330
ADV-2009-1396
http://www.vupen.com/english/advisories/2009/1396
DSA-1805
http://debian.org/security/2009/dsa-1805
FEDORA-2009-5552
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html
FEDORA-2009-5583
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html
FEDORA-2009-5597
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html
GLSA-200905-07
http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml
MDVSA-2009:140
http://www.mandriva.com/security/advisories?name=MDVSA-2009:140
MDVSA-2009:173
http://www.mandriva.com/security/advisories?name=MDVSA-2009:173
RHSA-2009:1059
http://www.redhat.com/support/errata/RHSA-2009-1059.html
RHSA-2009:1060
http://www.redhat.com/support/errata/RHSA-2009-1060.html
USN-781-1
http://www.ubuntu.com/usn/USN-781-1
USN-781-2
http://www.ubuntu.com/usn/USN-781-2
http://www.pidgin.im/news/security/?id=29
https://bugzilla.redhat.com/show_bug.cgi?id=500488
oval:org.mitre.oval:def:17722
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17722
oval:org.mitre.oval:def:9005
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9005
pidgin-xmppsocks5-bo(50682)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50682
Common Vulnerability Exposure (CVE) ID: CVE-2009-1374
http://www.pidgin.im/news/security/?id=30
https://bugzilla.redhat.com/show_bug.cgi?id=500490
oval:org.mitre.oval:def:11654
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11654
oval:org.mitre.oval:def:18201
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18201
pidgin-decryptout-bo(50684)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50684
Common Vulnerability Exposure (CVE) ID: CVE-2009-1375
54649
http://osvdb.org/54649
http://www.pidgin.im/news/security/?id=31
https://bugzilla.redhat.com/show_bug.cgi?id=500491
oval:org.mitre.oval:def:10829
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10829
pidgin-purplecircbuffer-dos(50683)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50683
Common Vulnerability Exposure (CVE) ID: CVE-2009-1376
37071
http://secunia.com/advisories/37071
http://www.pidgin.im/news/security/?id=32
https://bugzilla.redhat.com/show_bug.cgi?id=500493
oval:org.mitre.oval:def:10476
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10476
oval:org.mitre.oval:def:18432
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18432
pidgin-msn-slp-bo(50680)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50680
Common Vulnerability Exposure (CVE) ID: CVE-2008-2927
1020451
http://www.securitytracker.com/id?1020451
20080625 Pidgin 2.4.1 Vulnerability
http://www.securityfocus.com/archive/1/493682
20080806 rPSA-2008-0246-1 gaim
http://www.securityfocus.com/archive/1/495165/100/0/threaded
20080828 ZDI-08-054: Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability
http://www.securityfocus.com/archive/1/495818/100/0/threaded
29956
http://www.securityfocus.com/bid/29956
30971
http://secunia.com/advisories/30971
31016
http://secunia.com/advisories/31016
31105
http://secunia.com/advisories/31105
31387
http://secunia.com/advisories/31387
31642
http://secunia.com/advisories/31642
32859
http://secunia.com/advisories/32859
32861
http://secunia.com/advisories/32861
ADV-2008-2032
http://www.vupen.com/english/advisories/2008/2032/references
DSA-1610
http://www.debian.org/security/2008/dsa-1610
MDVSA-2008:143
http://www.mandriva.com/security/advisories?name=MDVSA-2008:143
MDVSA-2009:127
http://www.mandriva.com/security/advisories?name=MDVSA-2009:127
RHSA-2008:0584
http://www.redhat.com/support/errata/RHSA-2008-0584.html
USN-675-1
http://www.ubuntu.com/usn/USN-675-1
USN-675-2
http://www.ubuntu.com/usn/USN-675-2
[oss-security] 20080703 Re: Re: CVE Request (pidgin)
http://www.openwall.com/lists/oss-security/2008/07/04/1
[oss-security] 20080704 Re: Re: CVE Request (pidgin)
http://www.openwall.com/lists/oss-security/2008/07/03/6
adium-msnprotocol-code-execution(44774)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44774
http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msn/slplink.c
http://developer.pidgin.im/viewmtn/revision/diff/6eb1949a96fa80a4c744fc749c2562abc4cc9ed6/with/c3831c9181f4f61b747321240086ee79e4a08fd8/libpurple/protocols/msnp9/slplink.c
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246
http://www.pidgin.im/news/security/?id=25
http://www.zerodayinitiative.com/advisories/ZDI-08-054
https://bugzilla.redhat.com/show_bug.cgi?id=453764
https://issues.rpath.com/browse/RPL-2647
oval:org.mitre.oval:def:11695
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11695
oval:org.mitre.oval:def:17972
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17972
CopyrightCopyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.