Test Kennung:	1.3.6.1.4.1.25623.1.0.64753
Kategorie:	Debian Local Security Checks
Titel:	Debian Security Advisory DSA 1870-1 (pidgin)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to pidgin announced via advisory DSA 1870-1. Federico Muttis discovered that libpurple, the shared library that adds support for various instant messaging networks to the pidgin IM client, is vulnerable to a heap-based buffer overflow. This issue exists because of an incomplete fix for CVE-2008-2927 and CVE-2009-1376. An attacker can exploit this by sending two consecutive SLP packets to a victim via MSN. The first packet is used to create an SLP message object with an offset of zero, the second packet then contains a crafted offset which hits the vulnerable code originally fixed in CVE-2008-2927 and CVE-2009-1376 and allows an attacker to execute arbitrary code. Note: Users with the Allow only the users below setting are not vulnerable to this attack. If you can't install the below updates you may want to set this via Tools->Privacy. For the stable distribution (lenny), this problem has been fixed in version 2.4.3-4lenny3. For the testing distribution (squeeze), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 2.5.9-1. We recommend that you upgrade your pidgin packages. Solution: http://www.securityspace.com/smysecure/catid.html?in=DSA%201870-1 CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2694 Debian Security Information: DSA-1870 (Google Search) http://www.debian.org/security/2009/dsa-1870 http://www.exploit-db.com/exploits/9615 http://www.coresecurity.com/content/libpurple-arbitrary-write https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10319 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6320 RedHat Security Advisories: RHSA-2009:1218 https://rhn.redhat.com/errata/RHSA-2009-1218.html http://secunia.com/advisories/36384 http://secunia.com/advisories/36392 http://secunia.com/advisories/36401 http://secunia.com/advisories/36402 http://secunia.com/advisories/36708 http://secunia.com/advisories/37071 http://sunsolve.sun.com/search/document.do?assetkey=1-66-266908-1 http://www.vupen.com/english/advisories/2009/2303 http://www.vupen.com/english/advisories/2009/2663 Common Vulnerability Exposure (CVE) ID: CVE-2008-2927 BugTraq ID: 29956 http://www.securityfocus.com/bid/29956 Bugtraq: 20080625 Pidgin 2.4.1 Vulnerability (Google Search) http://www.securityfocus.com/archive/1/493682 Bugtraq: 20080806 rPSA-2008-0246-1 gaim (Google Search) http://www.securityfocus.com/archive/1/495165/100/0/threaded Bugtraq: 20080828 ZDI-08-054: Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/495818/100/0/threaded Debian Security Information: DSA-1610 (Google Search) http://www.debian.org/security/2008/dsa-1610 http://www.mandriva.com/security/advisories?name=MDVSA-2008:143 http://www.mandriva.com/security/advisories?name=MDVSA-2009:127 http://www.zerodayinitiative.com/advisories/ZDI-08-054 http://www.openwall.com/lists/oss-security/2008/07/04/1 http://www.openwall.com/lists/oss-security/2008/07/03/6 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11695 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17972 http://www.redhat.com/support/errata/RHSA-2008-0584.html http://www.securitytracker.com/id?1020451 http://secunia.com/advisories/30971 http://secunia.com/advisories/31016 http://secunia.com/advisories/31105 http://secunia.com/advisories/31387 http://secunia.com/advisories/31642 http://secunia.com/advisories/32859 http://secunia.com/advisories/32861 http://www.ubuntu.com/usn/USN-675-1 http://www.ubuntu.com/usn/USN-675-2 http://www.vupen.com/english/advisories/2008/2032/references XForce ISS Database: adium-msnprotocol-code-execution(44774) https://exchange.xforce.ibmcloud.com/vulnerabilities/44774 Common Vulnerability Exposure (CVE) ID: CVE-2009-1376 BugTraq ID: 35067 http://www.securityfocus.com/bid/35067 Debian Security Information: DSA-1805 (Google Search) http://debian.org/security/2009/dsa-1805 https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:140 http://www.mandriva.com/security/advisories?name=MDVSA-2009:173 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10476 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18432 http://www.redhat.com/support/errata/RHSA-2009-1059.html http://www.redhat.com/support/errata/RHSA-2009-1060.html http://secunia.com/advisories/35188 http://secunia.com/advisories/35194 http://secunia.com/advisories/35202 http://secunia.com/advisories/35215 http://secunia.com/advisories/35294 http://secunia.com/advisories/35329 http://secunia.com/advisories/35330 http://www.ubuntu.com/usn/USN-781-1 http://www.ubuntu.com/usn/USN-781-2 http://www.vupen.com/english/advisories/2009/1396 XForce ISS Database: pidgin-msn-slp-bo(50680) https://exchange.xforce.ibmcloud.com/vulnerabilities/50680
Copyright	Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.