Denial of Service : Pidgin Multiple Denial Of Service Vulnerabilities (Linux)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.900941

Kategorie: Denial of Service

Titel: Pidgin Multiple Denial Of Service Vulnerabilities (Linux)

Zusammenfassung: This host has Pidgin installed and is prone to multiple Denial of; Service vulnerabilities.

Beschreibung: Summary:
This host has Pidgin installed and is prone to multiple Denial of
Service vulnerabilities.

Vulnerability Insight:
- An error in libpurple/protocols/irc/msgs.c in the IRC protocol plugin in
libpurple can trigger a NULL-pointer dereference when processing TOPIC
messages which lack a topic string.

- An error in the 'msn_slp_sip_recv' function in libpurple/protocols/msn/slp.c
in the MSN protocol can trigger a NULL-pointer dereference via an SLP invite
message missing expected fields.

- An error in the 'msn_slp_process_msg' function in libpurple/protocols/msn/
slpcall.c in the MSN protocol when converting the encoding of a handwritten
message can be exploited by improper utilisation of uninitialised variables.

- An error in the XMPP protocol plugin in libpurple is fails to handle an
error IQ stanza during an attempted fetch of a custom smiley is processed
via XHTML-IM content with cid: images.

Vulnerability Impact:
Attackers can exploit this issue to execute arbitrary code, corrupt memory
and cause the application to crash.

Affected Software/OS:
Pidgin version prior to 2.6.2 on Linux.

Solution:
Upgrade to Pidgin version 2.6.2.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Querverweis: BugTraq ID: 36277
Common Vulnerability Exposure (CVE) ID: CVE-2009-2703
http://www.securityfocus.com/bid/36277
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11379
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6435
http://secunia.com/advisories/36601
Common Vulnerability Exposure (CVE) ID: CVE-2009-3083
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11852
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6322
Common Vulnerability Exposure (CVE) ID: CVE-2009-3084
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6338
Common Vulnerability Exposure (CVE) ID: CVE-2009-3085
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11223
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6434

Copyright Copyright (C) 2009 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.900941
Kategorie:	Denial of Service
Titel:	Pidgin Multiple Denial Of Service Vulnerabilities (Linux)
Zusammenfassung:	This host has Pidgin installed and is prone to multiple Denial of; Service vulnerabilities.
Beschreibung:	Summary: This host has Pidgin installed and is prone to multiple Denial of Service vulnerabilities. Vulnerability Insight: - An error in libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple can trigger a NULL-pointer dereference when processing TOPIC messages which lack a topic string. - An error in the 'msn_slp_sip_recv' function in libpurple/protocols/msn/slp.c in the MSN protocol can trigger a NULL-pointer dereference via an SLP invite message missing expected fields. - An error in the 'msn_slp_process_msg' function in libpurple/protocols/msn/ slpcall.c in the MSN protocol when converting the encoding of a handwritten message can be exploited by improper utilisation of uninitialised variables. - An error in the XMPP protocol plugin in libpurple is fails to handle an error IQ stanza during an attempted fetch of a custom smiley is processed via XHTML-IM content with cid: images. Vulnerability Impact: Attackers can exploit this issue to execute arbitrary code, corrupt memory and cause the application to crash. Affected Software/OS: Pidgin version prior to 2.6.2 on Linux. Solution: Upgrade to Pidgin version 2.6.2. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	BugTraq ID: 36277 Common Vulnerability Exposure (CVE) ID: CVE-2009-2703 http://www.securityfocus.com/bid/36277 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11379 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6435 http://secunia.com/advisories/36601 Common Vulnerability Exposure (CVE) ID: CVE-2009-3083 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11852 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6322 Common Vulnerability Exposure (CVE) ID: CVE-2009-3084 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6338 Common Vulnerability Exposure (CVE) ID: CVE-2009-3085 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11223 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6434
Copyright	Copyright (C) 2009 Greenbone Networks GmbH