Test ID:	1.3.6.1.4.1.25623.1.0.900940
Category:	Denial of Service
Title:	Pidgin Multiple Denial Of Service Vulnerabilities (Win)
Summary:	Check for the version of Pidgin
Description:	Description: Overview: This host has Pidgin installed and is prone to multiple Denial of Service vulnerabilities. Vulnerabilities Insight: - An error in libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple can trigger a NULL-pointer dereference when processing TOPIC messages which lack a topic string. - An error in the 'msn_slp_sip_recv' function in libpurple/protocols/msn/slp.c in the MSN protocol can trigger a NULL-pointer dereference via an SLP invite message missing expected fields. - An error in the 'msn_slp_process_msg' function in libpurple/protocols/msn/ slpcall.c in the MSN protocol when converting the encoding of a handwritten message can be exploited by improper utilisation of uninitialised variables. - An error in the XMPP protocol plugin in libpurple is fails to handle an error IQ stanza during an attempted fetch of a custom smiley is processed via XHTML-IM content with cid: images. Impact: Attackers can exploit this issue to execute arbitrary code, corrupt memory and cause the application to crash. Impact Level: System/Application Affected Software/OS: Pidgin version prior to 2.6.2 on Windows. Fix: Upgrade to Pidgin version 2.6.2 http://pidgin.im/download References: http://secunia.com/advisories/36601 http://developer.pidgin.im/ticket/10159 http://www.pidgin.im/news/security/?id=37 http://www.pidgin.im/news/security/?id=38 http://www.pidgin.im/news/security/?id=39 http://www.pidgin.im/news/security/?id=40 CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	BugTraq ID: 36277 Common Vulnerability Exposure (CVE) ID: CVE-2009-2703 http://www.securityfocus.com/bid/36277 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11379 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6435 http://secunia.com/advisories/36601 Common Vulnerability Exposure (CVE) ID: CVE-2009-3083 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11852 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6322 Common Vulnerability Exposure (CVE) ID: CVE-2009-3084 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6338 Common Vulnerability Exposure (CVE) ID: CVE-2009-3085 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11223 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6434
Copyright	Copyright (C) 2009 SecPod

This is only one of 58962 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: