|
Test ID: | 1.3.6.1.4.1.25623.1.0.900940 |
Category: | Denial of Service |
Title: | Pidgin Multiple Denial Of Service Vulnerabilities (Win) |
Summary: | Check for the version of Pidgin |
Description: | Description: Overview: This host has Pidgin installed and is prone to multiple Denial of Service vulnerabilities. Vulnerabilities Insight: - An error in libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple can trigger a NULL-pointer dereference when processing TOPIC messages which lack a topic string. - An error in the 'msn_slp_sip_recv' function in libpurple/protocols/msn/slp.c in the MSN protocol can trigger a NULL-pointer dereference via an SLP invite message missing expected fields. - An error in the 'msn_slp_process_msg' function in libpurple/protocols/msn/ slpcall.c in the MSN protocol when converting the encoding of a handwritten message can be exploited by improper utilisation of uninitialised variables. - An error in the XMPP protocol plugin in libpurple is fails to handle an error IQ stanza during an attempted fetch of a custom smiley is processed via XHTML-IM content with cid: images. Impact: Attackers can exploit this issue to execute arbitrary code, corrupt memory and cause the application to crash. Impact Level: System/Application Affected Software/OS: Pidgin version prior to 2.6.2 on Windows. Fix: Upgrade to Pidgin version 2.6.2 http://pidgin.im/download References: http://secunia.com/advisories/36601 http://developer.pidgin.im/ticket/10159 http://www.pidgin.im/news/security/?id=37 http://www.pidgin.im/news/security/?id=38 http://www.pidgin.im/news/security/?id=39 http://www.pidgin.im/news/security/?id=40 CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P |
Cross-Ref: |
BugTraq ID: 36277 Common Vulnerability Exposure (CVE) ID: CVE-2009-2703 http://www.securityfocus.com/bid/36277 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11379 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6435 http://secunia.com/advisories/36601 Common Vulnerability Exposure (CVE) ID: CVE-2009-3083 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11852 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6322 Common Vulnerability Exposure (CVE) ID: CVE-2009-3084 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6338 Common Vulnerability Exposure (CVE) ID: CVE-2009-3085 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11223 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6434 |
Copyright | Copyright (C) 2009 SecPod |
This is only one of 58962 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |
|