{"id": "CVE-2009-3615", "bulletinFamily": "NVD", "title": "CVE-2009-3615", "description": "The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client.", "published": "2009-10-20T17:30:00", "modified": "2017-09-19T01:29:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3615", "reporter": "cve@mitre.org", "references": ["http://developer.pidgin.im/ticket/10481", "http://developer.pidgin.im/viewmtn/revision/info/781682333aea0c801d280c3507ee25552a60bfc0", "http://www.securityfocus.com/bid/36719", "http://developer.pidgin.im/wiki/ChangeLog", "http://www.vupen.com/english/advisories/2009/2949", "http://www.pidgin.im/news/security/?id=41", "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18388", "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9414", "http://www.vupen.com/english/advisories/2009/2951", "https://exchange.xforce.ibmcloud.com/vulnerabilities/53807", "http://www.vupen.com/english/advisories/2010/1020", "http://secunia.com/advisories/37017", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:085", "http://secunia.com/advisories/37072"], "cvelist": ["CVE-2009-3615"], "type": "cve", "lastseen": "2020-12-09T19:31:22", "edition": 5, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:66212", "OPENVAS:1361412562310855831", "OPENVAS:136141256231066123", "OPENVAS:1361412562310801031", "OPENVAS:801030", "OPENVAS:136141256231066171", "OPENVAS:136141256231066212", "OPENVAS:1361412562310880745", "OPENVAS:855831", "OPENVAS:855851"]}, {"type": "slackware", "idList": ["SSA-2009-290-02"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:10386", "SECURITYVULNS:DOC:22761"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1932-1:72045", "DEBIAN:D852A94066010439EB29AE0FCCDAD42A:6D20F"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-1536", "ELSA-2009-1535"]}, {"type": "centos", "idList": ["CESA-2009:1535", "CESA-2009:1536"]}, {"type": "redhat", "idList": ["RHSA-2009:1535", "RHSA-2009:1536"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1932.NASL", "SLACKWARE_SSA_2009-290-02.NASL", "SOLARIS10_X86_143318.NASL", "REDHAT-RHSA-2009-1536.NASL", "CENTOS_RHSA-2009-1536.NASL", "ORACLELINUX_ELSA-2009-1535.NASL", "FEDORA_2009-10702.NASL", "ORACLELINUX_ELSA-2009-1536.NASL", "FEDORA_2009-10662.NASL", "MANDRIVA_MDVSA-2010-001.NASL"]}, {"type": "seebug", "idList": ["SSV:12496", "SSV:12493", "SSV:12604"]}, {"type": "fedora", "idList": ["FEDORA:EFAD110F871", "FEDORA:9B57D10F88E", "FEDORA:BE58011032B", "FEDORA:DCDD0111181", "FEDORA:55A0510FB02"]}, {"type": "ubuntu", "idList": ["USN-886-1"]}], "modified": "2020-12-09T19:31:22", "rev": 2}, "score": {"value": 5.3, "vector": "NONE", "modified": "2020-12-09T19:31:22", "rev": 2}, "vulnersScore": 5.3}, "cpe": ["cpe:/a:adium:adium:1.0", "cpe:/a:adium:adium:1.1.2", "cpe:/a:adium:adium:1.3.1", "cpe:/a:pidgin:pidgin:2.1.1", "cpe:/a:pidgin:pidgin:2.0.0", "cpe:/a:adium:adium:1.0.4", "cpe:/a:pidgin:pidgin:2.2.0", "cpe:/a:pidgin:pidgin:2.5.9", "cpe:/a:pidgin:pidgin:2.5.2", "cpe:/a:adium:adium:1.1.1", "cpe:/a:pidgin:pidgin:2.4.1", "cpe:/a:pidgin:pidgin:2.5.7", "cpe:/a:pidgin:pidgin:2.5.1", "cpe:/a:pidgin:pidgin:2.5.4", "cpe:/a:pidgin:pidgin:2.0.2", "cpe:/a:adium:adium:1.0.5", "cpe:/a:pidgin:pidgin:2.2.2", "cpe:/a:pidgin:pidgin:2.3.1", "cpe:/a:adium:adium:1.3.4", "cpe:/a:adium:adium:1.3.3", "cpe:/a:pidgin:pidgin:2.3.0", "cpe:/a:pidgin:pidgin:2.5.8", "cpe:/a:adium:adium:1.1", "cpe:/a:adium:adium:1.0.1", "cpe:/a:pidgin:pidgin:2.4.2", "cpe:/a:adium:adium:1.2.7", "cpe:/a:adium:adium:1.0.3", "cpe:/a:pidgin:pidgin:2.6.1", "cpe:/a:adium:adium:1.3.5", "cpe:/a:adium:adium:1.3.6", "cpe:/a:pidgin:pidgin:2.4.0", "cpe:/a:pidgin:pidgin:2.4.3", "cpe:/a:adium:adium:1.3", "cpe:/a:pidgin:pidgin:2.5.3", "cpe:/a:pidgin:pidgin:2.5.5", "cpe:/a:adium:adium:1.0.2", "cpe:/a:pidgin:pidgin:2.5.6", "cpe:/a:pidgin:pidgin:2.6.0", "cpe:/a:adium:adium:1.3.2", "cpe:/a:pidgin:pidgin:2.5.0", "cpe:/a:adium:adium:1.1.3", "cpe:/a:pidgin:pidgin:2.2.1", "cpe:/a:pidgin:pidgin:2.6.2", "cpe:/a:adium:adium:1.1.4", "cpe:/a:pidgin:pidgin:2.0.1", "cpe:/a:pidgin:pidgin:2.1.0"], "affectedSoftware": [{"cpeName": "adium:adium", "name": "adium", "operator": "eq", "version": "1.0.2"}, {"cpeName": "pidgin:pidgin", "name": "pidgin", "operator": "eq", "version": "2.4.3"}, {"cpeName": "pidgin:pidgin", "name": "pidgin", "operator": "eq", "version": "2.1.0"}, {"cpeName": "pidgin:pidgin", "name": "pidgin", "operator": "eq", "version": "2.0.0"}, {"cpeName": "pidgin:pidgin", "name": "pidgin", "operator": "eq", "version": "2.6.0"}, {"cpeName": "adium:adium", "name": "adium", "operator": "eq", "version": "1.3.1"}, {"cpeName": "pidgin:pidgin", "name": "pidgin", "operator": "eq", "version": "2.2.1"}, {"cpeName": "pidgin:pidgin", "name": "pidgin", "operator": "eq", "version": "2.3.1"}, {"cpeName": "pidgin:pidgin", "name": "pidgin", "operator": "eq", "version": "2.5.9"}, {"cpeName": "pidgin:pidgin", "name": "pidgin", "operator": "eq", "version": "2.3.0"}, {"cpeName": "adium:adium", "name": "adium", "operator": "eq", "version": "1.0.5"}, {"cpeName": "adium:adium", "name": "adium", "operator": "eq", "version": "1.0.3"}, {"cpeName": "adium:adium", "name": "adium", "operator": "eq", "version": "1.1"}, {"cpeName": "pidgin:pidgin", "name": "pidgin", "operator": "eq", "version": "2.5.7"}, {"cpeName": "adium:adium", "name": "adium", "operator": "eq", "version": "1.0.4"}, {"cpeName": "pidgin:pidgin", "name": "pidgin", "operator": "eq", "version": "2.0.2"}, {"cpeName": "pidgin:pidgin", "name": "pidgin", "operator": "eq", "version": "2.4.2"}, {"cpeName": "adium:adium", "name": "adium", "operator": "eq", "version": "1.1.4"}, {"cpeName": "adium:adium", "name": "adium", "operator": "eq", "version": "1.2.7"}, {"cpeName": "adium:adium", "name": "adium", "operator": "eq", "version": "1.0"}, {"cpeName": "adium:adium", "name": "adium", "operator": "eq", "version": "1.0.1"}, {"cpeName": "adium:adium", "name": "adium", "operator": "eq", "version": "1.3.2"}, {"cpeName": "adium:adium", "name": "adium", "operator": "eq", "version": "1.1.3"}, {"cpeName": "pidgin:pidgin", "name": "pidgin", "operator": "eq", "version": "2.5.4"}, {"cpeName": "pidgin:pidgin", "name": "pidgin", "operator": "eq", "version": "2.5.3"}, {"cpeName": "adium:adium", "name": "adium", "operator": "eq", "version": "1.3.3"}, {"cpeName": "pidgin:pidgin", "name": "pidgin", "operator": "eq", "version": "2.5.6"}, {"cpeName": "pidgin:pidgin", "name": "pidgin", "operator": "eq", "version": "2.5.8"}, {"cpeName": "pidgin:pidgin", "name": "pidgin", "operator": "eq", "version": "2.5.2"}, {"cpeName": "pidgin:pidgin", "name": "pidgin", "operator": "eq", "version": "2.5.0"}, {"cpeName": "adium:adium", "name": "adium", "operator": "eq", "version": "1.1.2"}, {"cpeName": "adium:adium", "name": "adium", "operator": "eq", "version": "1.3.4"}, {"cpeName": "pidgin:pidgin", "name": "pidgin", "operator": "eq", "version": "2.5.5"}, {"cpeName": "pidgin:pidgin", "name": "pidgin", "operator": "eq", "version": "2.4.1"}, {"cpeName": "pidgin:pidgin", "name": "pidgin", "operator": "eq", "version": "2.0.1"}, {"cpeName": "pidgin:pidgin", "name": "pidgin", "operator": "eq", "version": "2.5.1"}, {"cpeName": "adium:adium", "name": "adium", "operator": "le", "version": "1.3.6"}, {"cpeName": "pidgin:pidgin", "name": "pidgin", "operator": "eq", "version": "2.1.1"}, {"cpeName": "pidgin:pidgin", "name": "pidgin", "operator": "eq", "version": "2.2.0"}, {"cpeName": "pidgin:pidgin", "name": "pidgin", "operator": "eq", "version": "2.6.1"}, {"cpeName": "adium:adium", "name": "adium", "operator": "eq", "version": "1.3"}, {"cpeName": "pidgin:pidgin", "name": "pidgin", "operator": "eq", "version": "2.2.2"}, {"cpeName": "pidgin:pidgin", "name": "pidgin", "operator": "eq", "version": "2.4.0"}, {"cpeName": "adium:adium", "name": "adium", "operator": "eq", "version": "1.1.1"}, {"cpeName": "pidgin:pidgin", "name": "pidgin", "operator": "le", "version": "2.6.2"}, {"cpeName": "adium:adium", "name": "adium", "operator": "eq", "version": "1.3.5"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:adium:adium:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:adium:adium:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:adium:adium:1.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:adium:adium:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:adium:adium:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:adium:adium:1.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:adium:adium:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:adium:adium:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:adium:adium:1.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:adium:adium:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:adium:adium:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:adium:adium:1.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:adium:adium:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:adium:adium:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:adium:adium:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:adium:adium:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:adium:adium:1.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:adium:adium:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:adium:adium:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*"], "cwe": ["CWE-399"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adium:adium:1.0.2:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adium:adium:1.0.3:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adium:adium:1.1.1:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adium:adium:1.2.7:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adium:adium:1.3:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*", "versionEndIncluding": "2.6.2", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adium:adium:1.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adium:adium:1.1.4:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adium:adium:1.0.1:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adium:adium:1.0.4:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adium:adium:1.1.3:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adium:adium:1.3.2:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adium:adium:1.3.3:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adium:adium:1.1:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adium:adium:1.3.5:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adium:adium:1.3.1:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adium:adium:1.1.2:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adium:adium:1.0.5:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adium:adium:1.3.6:*:*:*:*:*:*:*", "versionEndIncluding": "1.3.6", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adium:adium:1.3.4:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}}

{"openvas": [{"lastseen": "2019-05-29T18:40:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3615"], "description": "This host has Pidgin installed and is prone to Denial of Service\n vulnerability.", "modified": "2018-12-05T00:00:00", "published": "2009-10-23T00:00:00", "id": "OPENVAS:1361412562310801031", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801031", "type": "openvas", "title": "Pidgin Oscar Protocol Denial of Service Vulnerability (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_pidgin_oscar_dos_vuln_oct09_lin.nasl 12670 2018-12-05 14:14:20Z cfischer $\n#\n# Pidgin Oscar Protocol Denial of Service Vulnerability (Linux)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/a:pidgin:pidgin';\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801031\");\n script_version(\"$Revision: 12670 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-05 15:14:20 +0100 (Wed, 05 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-23 16:18:41 +0200 (Fri, 23 Oct 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2009-3615\");\n script_bugtraq_id(36719);\n script_name(\"Pidgin Oscar Protocol Denial of Service Vulnerability (Linux)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/37072\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/53807\");\n script_xref(name:\"URL\", value:\"http://www.pidgin.im/news/security/?id=41\");\n script_xref(name:\"URL\", value:\"http://developer.pidgin.im/wiki/ChangeLog\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"secpod_pidgin_detect_lin.nasl\");\n script_mandatory_keys(\"Pidgin/Lin/Ver\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker to cause a Denial of Service.\");\n\n script_tag(name:\"affected\", value:\"Pidgin version prior to 2.6.3 on Linux.\");\n\n script_tag(name:\"insight\", value:\"This issue is caused by an error in the Oscar protocol plugin when processing\n malformed ICQ or AIM contacts sent by the SIM IM client, which could cause an\n invalid memory access leading to a crash.\");\n\n script_tag(name:\"summary\", value:\"This host has Pidgin installed and is prone to Denial of Service\n vulnerability.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Pidgin version 2.6.3.\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!ver = get_app_version(cpe:CPE)) exit(0);\n\nif(version_is_less(version:ver, test_version:\"2.6.3\")){\n report = report_fixed_ver(installed_version:ver, fixed_version:\"2.6.3\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-04-06T11:37:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3615"], "description": "The remote host is missing an update to pidgin\nannounced via advisory DSA 1932-1.", "modified": "2018-04-06T00:00:00", "published": "2009-11-11T00:00:00", "id": "OPENVAS:136141256231066212", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066212", "type": "openvas", "title": "Debian Security Advisory DSA 1932-1 (pidgin)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1932_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1932-1 (pidgin)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that incorrect pointer handling in the purple library,\nan internal component of the multi-protocol instant messaging client\nPidgin, could lead to denial of service or the execution of arbitrary\ncode through malformed contact requests.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.4.3-4lenny5.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.6.3-1.\n\nWe recommend that you upgrade your pidgin package.\";\ntag_summary = \"The remote host is missing an update to pidgin\nannounced via advisory DSA 1932-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201932-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66212\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2009-3615\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Debian Security Advisory DSA 1932-1 (pidgin)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"finch-dev\", ver:\"2.4.3-4lenny5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pidgin-data\", ver:\"2.4.3-4lenny5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pidgin-dev\", ver:\"2.4.3-4lenny5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpurple-dev\", ver:\"2.4.3-4lenny5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpurple-bin\", ver:\"2.4.3-4lenny5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpurple0\", ver:\"2.4.3-4lenny5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"finch\", ver:\"2.4.3-4lenny5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pidgin-dbg\", ver:\"2.4.3-4lenny5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pidgin\", ver:\"2.4.3-4lenny5\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:40:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3615"], "description": "The remote host is missing updates to pidgin announced in\nadvisory CESA-2009:1536.", "modified": "2018-04-06T00:00:00", "published": "2009-11-11T00:00:00", "id": "OPENVAS:136141256231066171", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066171", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1536 (pidgin)", "sourceData": "#CESA-2009:1536 66171 4\n# $Id: ovcesa2009_1536.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1536 (pidgin)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1536\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1536\nhttps://rhn.redhat.com/errata/RHSA-2009-1536.html\";\ntag_summary = \"The remote host is missing updates to pidgin announced in\nadvisory CESA-2009:1536.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66171\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2009-3615\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"CentOS Security Advisory CESA-2009:1536 (pidgin)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.6.3~2.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"finch-devel\", rpm:\"finch-devel~2.6.3~2.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple\", rpm:\"libpurple~2.6.3~2.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.6.3~2.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-perl\", rpm:\"libpurple-perl~2.6.3~2.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-tcl\", rpm:\"libpurple-tcl~2.6.3~2.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.6.3~2.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin-devel\", rpm:\"pidgin-devel~2.6.3~2.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.6.3~2.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.6.3~2.el4\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"finch-devel\", rpm:\"finch-devel~2.6.3~2.el4\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple\", rpm:\"libpurple~2.6.3~2.el4\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.6.3~2.el4\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-perl\", rpm:\"libpurple-perl~2.6.3~2.el4\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-tcl\", rpm:\"libpurple-tcl~2.6.3~2.el4\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.6.3~2.el4\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin-devel\", rpm:\"pidgin-devel~2.6.3~2.el4\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.6.3~2.el4\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3615"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:1361412562310880697", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880697", "type": "openvas", "title": "CentOS Update for finch CESA-2009:1536 centos5 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for finch CESA-2009:1536 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.880697\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"CESA\", value:\"2009:1536\");\n script_cve_id(\"CVE-2009-3615\");\n script_name(\"CentOS Update for finch CESA-2009:1536 centos5 i386\");\n\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-October/016266.html\");\n script_xref(name:\"URL\", value:\"http://developer.pidgin.im/wiki/ChangeLog\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'finch'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"finch on CentOS 5\");\n script_tag(name:\"insight\", value:\"Pidgin is an instant messaging program which can log in to multiple\n accounts on multiple instant messaging networks simultaneously. The AOL\n Open System for Communication in Realtime (OSCAR) protocol is used by the\n AOL ICQ and AIM instant messaging systems.\n\n An invalid pointer dereference bug was found in the way the Pidgin OSCAR\n protocol implementation processed lists of contacts. A remote attacker\n could send a specially-crafted contact list to a user running Pidgin,\n causing Pidgin to crash. (CVE-2009-3615)\n\n These packages upgrade Pidgin to version 2.6.3. Refer to the linked Pidgin release\n notes for a full list of changes.\n\n All Pidgin users should upgrade to these updated packages, which correct\n this issue. Pidgin must be restarted for this update to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.6.3~2.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"finch-devel\", rpm:\"finch-devel~2.6.3~2.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple\", rpm:\"libpurple~2.6.3~2.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.6.3~2.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-perl\", rpm:\"libpurple-perl~2.6.3~2.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-tcl\", rpm:\"libpurple-tcl~2.6.3~2.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.6.3~2.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-devel\", rpm:\"pidgin-devel~2.6.3~2.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.6.3~2.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:39:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3615"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:1361412562310880745", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880745", "type": "openvas", "title": "CentOS Update for finch CESA-2009:1536 centos4 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for finch CESA-2009:1536 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.880745\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"CESA\", value:\"2009:1536\");\n script_cve_id(\"CVE-2009-3615\");\n script_name(\"CentOS Update for finch CESA-2009:1536 centos4 i386\");\n\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-October/016292.html\");\n script_xref(name:\"URL\", value:\"http://developer.pidgin.im/wiki/ChangeLog\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'finch'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"finch on CentOS 4\");\n script_tag(name:\"insight\", value:\"Pidgin is an instant messaging program which can log in to multiple\n accounts on multiple instant messaging networks simultaneously. The AOL\n Open System for Communication in Realtime (OSCAR) protocol is used by the\n AOL ICQ and AIM instant messaging systems.\n\n An invalid pointer dereference bug was found in the way the Pidgin OSCAR\n protocol implementation processed lists of contacts. A remote attacker\n could send a specially-crafted contact list to a user running Pidgin,\n causing Pidgin to crash. (CVE-2009-3615)\n\n These packages upgrade Pidgin to version 2.6.3. Refer to the linked Pidgin release\n notes for a full list of changes.\n\n All Pidgin users should upgrade to these updated packages, which correct\n this issue. Pidgin must be restarted for this update to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.6.3~2.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"finch-devel\", rpm:\"finch-devel~2.6.3~2.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple\", rpm:\"libpurple~2.6.3~2.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.6.3~2.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-perl\", rpm:\"libpurple-perl~2.6.3~2.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-tcl\", rpm:\"libpurple-tcl~2.6.3~2.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.6.3~2.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-devel\", rpm:\"pidgin-devel~2.6.3~2.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.6.3~2.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-25T10:55:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3615"], "description": "Check for the Version of finch", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:880745", "href": "http://plugins.openvas.org/nasl.php?oid=880745", "type": "openvas", "title": "CentOS Update for finch CESA-2009:1536 centos4 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for finch CESA-2009:1536 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Pidgin is an instant messaging program which can log in to multiple\n accounts on multiple instant messaging networks simultaneously. The AOL\n Open System for Communication in Realtime (OSCAR) protocol is used by the\n AOL ICQ and AIM instant messaging systems.\n\n An invalid pointer dereference bug was found in the way the Pidgin OSCAR\n protocol implementation processed lists of contacts. A remote attacker\n could send a specially-crafted contact list to a user running Pidgin,\n causing Pidgin to crash. (CVE-2009-3615)\n \n These packages upgrade Pidgin to version 2.6.3. Refer to the Pidgin release\n notes for a full list of changes: http://developer.pidgin.im/wiki/ChangeLog\n \n All Pidgin users should upgrade to these updated packages, which correct\n this issue. Pidgin must be restarted for this update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"finch on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-October/016292.html\");\n script_id(880745);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2009:1536\");\n script_cve_id(\"CVE-2009-3615\");\n script_name(\"CentOS Update for finch CESA-2009:1536 centos4 i386\");\n\n script_summary(\"Check for the Version of finch\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.6.3~2.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"finch-devel\", rpm:\"finch-devel~2.6.3~2.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple\", rpm:\"libpurple~2.6.3~2.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.6.3~2.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-perl\", rpm:\"libpurple-perl~2.6.3~2.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-tcl\", rpm:\"libpurple-tcl~2.6.3~2.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.6.3~2.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-devel\", rpm:\"pidgin-devel~2.6.3~2.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.6.3~2.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:51:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3615"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2009-290-02.", "modified": "2017-07-07T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:66060", "href": "http://plugins.openvas.org/nasl.php?oid=66060", "type": "openvas", "title": "Slackware Advisory SSA:2009-290-02 pidgin ", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2009_290_02.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New pidgin packages are available for Slackware 12.0, 12.1, 12.2, 13.0,\nand -current to fix a security issue.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2009-290-02.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2009-290-02\";\n \nif(description)\n{\n script_id(66060);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2009-3615\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_version(\"$Revision: 6598 $\");\n script_name(\"Slackware Advisory SSA:2009-290-02 pidgin \");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"pidgin\", ver:\"2.6.3-i486-1_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"pidgin\", ver:\"2.6.3-i486-1_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"pidgin\", ver:\"2.6.3-i486-1_slack12.2\", rls:\"SLK12.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"pidgin\", ver:\"2.6.3-i486-1_slack13.0\", rls:\"SLK13.0\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-12-14T11:49:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3615"], "description": "Check for the Version of Instant Messaging", "modified": "2017-12-14T00:00:00", "published": "2010-02-03T00:00:00", "id": "OPENVAS:855851", "href": "http://plugins.openvas.org/nasl.php?oid=855851", "type": "openvas", "title": "Solaris Update for Instant Messaging 143318-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for Instant Messaging 143318-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"Instant Messaging on solaris_5.10_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n Instant Messaging\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855851);\n script_version(\"$Revision: 8109 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-14 07:31:15 +0100 (Thu, 14 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-03 13:24:57 +0100 (Wed, 03 Feb 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"SUNSolve\", value: \"143318-01\");\n script_cve_id(\"CVE-2009-3615\");\n script_name(\"Solaris Update for Instant Messaging 143318-01\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-143318-01-1\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of Instant Messaging\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"i386\", patch:\"143318-01\", package:\"SUNWgnome-im-client\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:14:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3615"], "description": "This host has Pidgin installed and is prone to Denial of Service\n vulnerability.", "modified": "2016-12-29T00:00:00", "published": "2009-10-23T00:00:00", "id": "OPENVAS:801030", "href": "http://plugins.openvas.org/nasl.php?oid=801030", "type": "openvas", "title": "Pidgin Oscar Protocol Denial of Service Vulnerability (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_pidgin_oscar_dos_vuln_oct09_win.nasl 4869 2016-12-29 11:01:45Z teissa $\n#\n# Pidgin Oscar Protocol Denial of Service Vulnerability (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow attacker to cause a Denial of Service.\n Impact Level: Application\";\ntag_affected = \"Pidgin version prior to 2.6.3 on Windows.\";\ntag_insight = \"This issue is caused by an error in the Oscar protocol plugin when processing\n malformed ICQ or AIM contacts sent by the SIM IM client, which could cause an\n invalid memory access leading to a crash.\";\ntag_solution = \"Upgrade to Pidgin version 2.6.3\n http://pidgin.im/download\";\ntag_summary = \"This host has Pidgin installed and is prone to Denial of Service\n vulnerability.\";\n\nif(description)\n{\n script_id(801030);\n script_version(\"$Revision: 4869 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-29 12:01:45 +0100 (Thu, 29 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-23 16:18:41 +0200 (Fri, 23 Oct 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2009-3615\");\n script_bugtraq_id(36719);\n script_name(\"Pidgin Oscar Protocol Denial of Service Vulnerability (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/37072\");\n script_xref(name : \"URL\" , value : \"http://xforce.iss.net/xforce/xfdb/53807\");\n script_xref(name : \"URL\" , value : \"http://www.pidgin.im/news/security/?id=41\");\n script_xref(name : \"URL\" , value : \"http://developer.pidgin.im/wiki/ChangeLog\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"secpod_pidgin_detect_win.nasl\");\n script_require_keys(\"Pidgin/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\npidginVer = get_kb_item(\"Pidgin/Win/Ver\");\nif(pidginVer != NULL)\n{\n if(version_is_less(version:pidginVer, test_version:\"2.6.3\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:57:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3615"], "description": "The remote host is missing updates to pidgin announced in\nadvisory CESA-2009:1536.", "modified": "2017-07-10T00:00:00", "published": "2009-11-11T00:00:00", "id": "OPENVAS:66171", "href": "http://plugins.openvas.org/nasl.php?oid=66171", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1536 (pidgin)", "sourceData": "#CESA-2009:1536 66171 4\n# $Id: ovcesa2009_1536.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1536 (pidgin)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1536\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1536\nhttps://rhn.redhat.com/errata/RHSA-2009-1536.html\";\ntag_summary = \"The remote host is missing updates to pidgin announced in\nadvisory CESA-2009:1536.\";\n\n\n\nif(description)\n{\n script_id(66171);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)\");\n script_cve_id(\"CVE-2009-3615\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"CentOS Security Advisory CESA-2009:1536 (pidgin)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.6.3~2.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"finch-devel\", rpm:\"finch-devel~2.6.3~2.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple\", rpm:\"libpurple~2.6.3~2.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.6.3~2.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-perl\", rpm:\"libpurple-perl~2.6.3~2.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-tcl\", rpm:\"libpurple-tcl~2.6.3~2.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.6.3~2.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin-devel\", rpm:\"pidgin-devel~2.6.3~2.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.6.3~2.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.6.3~2.el4\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"finch-devel\", rpm:\"finch-devel~2.6.3~2.el4\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple\", rpm:\"libpurple~2.6.3~2.el4\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.6.3~2.el4\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-perl\", rpm:\"libpurple-perl~2.6.3~2.el4\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-tcl\", rpm:\"libpurple-tcl~2.6.3~2.el4\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.6.3~2.el4\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin-devel\", rpm:\"pidgin-devel~2.6.3~2.el4\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.6.3~2.el4\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "seebug": [{"lastseen": "2017-11-19T18:33:53", "description": "Bugraq ID: 36719\r\nCVE ID\uff1aCVE-2009-3615\r\n\r\nPidgin\u662f\u4e00\u6b3e\u591a\u534f\u8bae\u5373\u65f6\u901a\u4fe1\u8f6f\u4ef6\u3002\r\nPidgin oscar\u534f\u8bae\u63d2\u4ef6\u5904\u7406\u7279\u6b8a\u6784\u5efa\u7684\u6d88\u606f(\u5982ICQ\u6d88\u606f)\u5b58\u5728\u95ee\u9898\uff0c\u53ef\u5bfc\u81f4\u4e0d\u6b63\u786e\u5185\u5b58\u8bbf\u95ee\u800c\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u3002\r\n\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\n\nPidgin Pidgin 2.6.1\r\nPidgin Pidgin 2.6\r\nPidgin Pidgin 2.5.9\r\nPidgin Pidgin 2.5.8\r\nPidgin Pidgin 2.5.7\r\nPidgin Pidgin 2.5.6\r\nPidgin Pidgin 2.5.6\r\nPidgin Pidgin 2.5.5\r\nPidgin Pidgin 2.4.3\r\nPidgin Pidgin 2.4.3\r\nPidgin Pidgin 2.4.2\r\nPidgin Pidgin 2.4.1\r\nPidgin Pidgin 2.4\r\nPidgin Pidgin 2.2.2\r\nPidgin Pidgin 2.2.1\r\nPidgin Pidgin 2.2\r\nPidgin Pidgin 2.1\r\nPidgin Pidgin 2.0.2\r\nPidgin Pidgin 2.0\n\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u6700\u65b0\u7248\u672c\u7684\u7a0b\u5e8f\uff1a\r\nPidgin Pidgin 2.0\r\nPidgin pidgin-2.6.3.tar.bz2\r\nhttp://sourceforge.net/projects/pidgin/files/Pidgin/pidgin-2.6.3.tar.bz2\r\nPidgin Pidgin 2.0.2\r\nPidgin pidgin-2.6.3.tar.bz2\r\nhttp://sourceforge.net/projects/pidgin/files/Pidgin/pidgin-2.6.3.tar.bz2\r\nPidgin Pidgin 2.1\r\nPidgin pidgin-2.6.3.tar.bz2\r\nhttp://sourceforge.net/projects/pidgin/files/Pidgin/pidgin-2.6.3.tar.bz2\r\nPidgin Pidgin 2.2\r\nPidgin pidgin-2.6.3.tar.bz2\r\nhttp://sourceforge.net/projects/pidgin/files/Pidgin/pidgin-2.6.3.tar.bz2\r\nPidgin Pidgin 2.2.1\r\nPidgin pidgin-2.6.3.tar.bz2\r\nhttp://sourceforge.net/projects/pidgin/files/Pidgin/pidgin-2.6.3.tar.bz2\r\nPidgin Pidgin 2.2.2\r\nPidgin pidgin-2.6.3.tar.bz2\r\nhttp://sourceforge.net/projects/pidgin/files/Pidgin/pidgin-2.6.3.tar.bz2\r\nPidgin Pidgin 2.4\r\nPidgin pidgin-2.6.3.tar.bz2\r\nhttp://sourceforge.net/projects/pidgin/files/Pidgin/pidgin-2.6.3.tar.bz2\r\nPidgin Pidgin 2.4.1\r\nPidgin pidgin-2.6.3.tar.bz2\r\nhttp://sourceforge.net/projects/pidgin/files/Pidgin/pidgin-2.6.3.tar.bz2\r\nPidgin Pidgin 2.4.2\r\nPidgin pidgin-2.6.3.tar.bz2\r\nhttp://sourceforge.net/projects/pidgin/files/Pidgin/pidgin-2.6.3.tar.bz2\r\nPidgin Pidgin 2.4.3\r\nPidgin pidgin-2.6.3.tar.bz2\r\nhttp://sourceforge.net/projects/pidgin/files/Pidgin/pidgin-2.6.3.tar.bz2\r\nPidgin Pidgin 2.4.3\r\nPidgin pidgin-2.6.3.tar.bz2\r\nhttp://sourceforge.net/projects/pidgin/files/Pidgin/pidgin-2.6.3.tar.bz2\r\nPidgin Pidgin 2.5.5\r\nPidgin pidgin-2.6.3.tar.bz2\r\nhttp://sourceforge.net/projects/pidgin/files/Pidgin/pidgin-2.6.3.tar.bz2\r\nPidgin Pidgin 2.5.6\r\nPidgin pidgin-2.6.3.tar.bz2\r\nhttp://sourceforge.net/projects/pidgin/files/Pidgin/pidgin-2.6.3.tar.bz2\r\nPidgin Pidgin 2.5.6\r\nPidgin pidgin-2.6.3.tar.bz2\r\nhttp://sourceforge.net/projects/pidgin/files/Pidgin/pidgin-2.6.3.tar.bz2\r\nPidgin Pidgin 2.5.7\r\nPidgin pidgin-2.6.3.tar.bz2\r\nhttp://sourceforge.net/projects/pidgin/files/Pidgin/pidgin-2.6.3.tar.bz2\r\nPidgin Pidgin 2.5.8\r\nPidgin pidgin-2.6.3.tar.bz2\r\nhttp://sourceforge.net/projects/pidgin/files/Pidgin/pidgin-2.6.3.tar.bz2\r\nPidgin Pidgin 2.5.9\r\nPidgin pidgin-2.6.3.tar.bz2\r\nhttp://sourceforge.net/projects/pidgin/files/Pidgin/pidgin-2.6.3.tar.bz2\r\nPidgin Pidgin 2.6\r\nPidgin pidgin-2.6.3.tar.bz2\r\nhttp://sourceforge.net/projects/pidgin/files/Pidgin/pidgin-2.6.3.tar.bz2\r\nPidgin Pidgin 2.6.1\r\nPidgin pidgin-2.6.3.tar.bz2\r\nhttp://sourceforge.net/projects/pidgin/files/Pidgin/pidgin-2.6.3.tar.bz2", "published": "2009-10-20T00:00:00", "title": "Pidgin OSCAR\u63d2\u4ef6\u975e\u6cd5\u5185\u5b58\u8bbf\u95ee\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3615"], "modified": "2009-10-20T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-12493", "id": "SSV:12493", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T18:31:09", "description": "No description provided by source.", "published": "2009-11-10T00:00:00", "type": "seebug", "title": "New pidgin packages fix arbitrary code execution", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3615"], "modified": "2009-11-10T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-12604", "id": "SSV:12604", "sourceData": "\n -----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ------------------------------------------------------------------------\r\nDebian Security Advisory DSA-1932-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nNovember 08, 2009 http://www.debian.org/security/faq\r\n- ------------------------------------------------------------------------\r\n\r\nPackage : pidgin\r\nVulnerability : programming error\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE Id(s) : CVE-2009-3615\r\n\r\nIt was discovered that incorrect pointer handling in the purple library,\r\nan internal component of the multi-protocol instant messaging client\r\nPidgin, could lead to denial of service or the execution of arbitrary\r\ncode through malformed contact requests.\r\n\r\nFor the stable distribution (lenny), this problem has been fixed in\r\nversion 2.4.3-4lenny5.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in\r\nversion 2.6.3-1.\r\n\r\nWe recommend that you upgrade your pidgin package.\r\n\r\nUpgrade instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 5.0 alias lenny\r\n- --------------------------------\r\n\r\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, \\\r\nmipsel, powerpc, s390 and sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3.orig.tar.gz\r\n Size/MD5 checksum: 13123610 d0e0bd218fbc67df8b2eca2f21fcd427\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5.diff.gz\r\n Size/MD5 checksum: 69490 bdf5958352a704f7585d3028cd5e1fec\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5.dsc\r\n Size/MD5 checksum: 1779 43de978c046520a4919f0d5a12a20726\r\n\r\nArchitecture independent packages:\r\n\r\n http://security.debian.org/pool/updates/main/p/pidgin/finch-dev_2.4.3-4lenny5_all.de \\\r\nb Size/MD5 checksum: 158216 5ed3ffcd4e334fc0a111b4009ab833de\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-data_2.4.3-4lenny5_all. \\\r\ndeb Size/MD5 checksum: 7009600 17672a402481c235f6a2b783b791e746\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dev_2.4.3-4lenny5_all.d \\\r\neb Size/MD5 checksum: 193484 3d39086701ad91a11702a2a7c152c6cf\r\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple-dev_2.4.3-4lenny5_al \\\r\nl.deb Size/MD5 checksum: 275870 2f98b47825be3bdd427c0431c62b39be\r\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple-bin_2.4.3-4lenny5_al \\\r\nl.deb Size/MD5 checksum: 133752 0902b80babf5cc2ece1b7768c219535e\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_alpha \\\r\n.deb Size/MD5 checksum: 1803418 9ca1dbc9edbc3593f73e24f6585ae6c6\r\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_alpha.deb\r\n Size/MD5 checksum: 369764 86fba3374b45f8c47f9a1dbd043858b6\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_alpha \\\r\n.deb Size/MD5 checksum: 5546018 6b07e1aec08681d8d215fb1058380079\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_alpha.deb \\\r\n Size/MD5 checksum: 779324 98b7af086407f89594598b0862b68129\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_amd64 \\\r\n.deb Size/MD5 checksum: 5678040 dc9abd0e234ce486e977cf507a1a0748\r\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_amd64.deb\r\n Size/MD5 checksum: 350246 9bd0d316c59474a803d860d36ffaa677\r\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_amd64 \\\r\n.deb Size/MD5 checksum: 1715330 03ce4eee9e2d9ca1065e7ec84d941e86\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_amd64.deb \\\r\n Size/MD5 checksum: 729406 c277522dd8c8213fdc79906c37d6247b\r\n\r\narm architecture (ARM)\r\n\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_arm.d \\\r\neb Size/MD5 checksum: 5348566 58df4a37d31b6506a456bd8dd86b3ef2\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_arm.deb\r\n Size/MD5 checksum: 655256 c469023b397f017ebd0433ea85acee24\r\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_arm.d \\\r\neb Size/MD5 checksum: 1490668 aa8d7c91e49530619312394071fc9fc9\r\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_arm.deb\r\n Size/MD5 checksum: 315340 934e28a580a3f9596f04cb3a90a8013c\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_hppa.deb\r\n Size/MD5 checksum: 361310 7918ac74caafb3dda22a4266020e86c5\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_hppa. \\\r\ndeb Size/MD5 checksum: 5490030 a27a1c817f2895b036fb717f613d6f34\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_hppa.deb\r\n Size/MD5 checksum: 753982 efda55e1cdadee65f026d96ab4503171\r\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_hppa. \\\r\ndeb Size/MD5 checksum: 1827992 64bb7e52aaf538c954039c2456f36d8f\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_i386. \\\r\ndeb Size/MD5 checksum: 5374580 2961a636b7706cacd45fb36f3dea6bd4\r\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_i386.deb\r\n Size/MD5 checksum: 326802 9025d6ea09b7f9a02c83749473aa229c\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_i386.deb\r\n Size/MD5 checksum: 681090 79a25b879aae2ac07db502e42618c88f\r\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_i386. \\\r\ndeb Size/MD5 checksum: 1584434 d29f583b78f101d87ed2066385c40599\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_ia64. \\\r\ndeb Size/MD5 checksum: 2194762 4f259a76294be6db4e2bed1a9273766e\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_ia64.deb\r\n Size/MD5 checksum: 948280 ab48fbb1d647eec48267a69c143a44f3\r\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_ia64.deb\r\n Size/MD5 checksum: 434844 c6d12bbb68ff7e09e344407d54ce948f\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_ia64. \\\r\ndeb Size/MD5 checksum: 5223762 d492670cd8231a7de5a5ab2825c0a48b\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_mips. \\\r\ndeb Size/MD5 checksum: 1373342 ebc93647a9ec9747375431c4ba19ded6\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_mips.deb\r\n Size/MD5 checksum: 654102 92429c957d304b156d3d28c5d25805aa\r\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_mips.deb\r\n Size/MD5 checksum: 318434 ac3e2c5ad70e495bdae41c658ef622dd\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_mips. \\\r\ndeb Size/MD5 checksum: 5656198 7ca75b68fdfb8f8787e48e7427dc4530\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_mipsel.de \\\r\nb Size/MD5 checksum: 651076 7ce55a8603d33c35373dc4dfb1d14f56\r\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_mipse \\\r\nl.deb Size/MD5 checksum: 1358570 58e263173578cb1f3a9875191e202e52\r\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_mipsel.deb \\\r\n Size/MD5 checksum: 318378 9fbc28d9902e6a51f0f6b2d2de7e0395\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_mipse \\\r\nl.deb Size/MD5 checksum: 5546160 a99d654f53d20fa2fab9066c8fa5a8f7\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_s390.deb\r\n Size/MD5 checksum: 717584 6badbed0aba6b9d0fbfa039bacd1af79\r\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_s390. \\\r\ndeb Size/MD5 checksum: 1646224 7df3d4471515c43083309ab7e1d3547d\r\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_s390.deb\r\n Size/MD5 checksum: 358972 29aca9346b345fe3a87f8b952668a7fc\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_s390. \\\r\ndeb Size/MD5 checksum: 5568182 1e7762fc7d93585ba0e4cfd1c12ae4ff\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_sparc.deb \\\r\n Size/MD5 checksum: 683166 da381d9384ba652955ac8029edeec6bb\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_sparc \\\r\n.deb Size/MD5 checksum: 5140422 0eaada1c6c85b8287ce2df775b154ac1\r\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_sparc.deb\r\n Size/MD5 checksum: 327798 87a0de96929927f64a66582f8eacd5e0\r\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_sparc \\\r\n.deb Size/MD5 checksum: 1588172 647ca5e52e7bcb927430b7cceb798b1f\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show &lt;pkg&gt;' and http://packages.debian.org/&lt;pkg&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 (GNU/Linux)\r\n\r\niEYEARECAAYFAkr3H+8ACgkQXm3vHE4uylrUwACgsh7B5PDcw5KrfeM5wD6STeWz\r\nHUoAoI7/R7a9a15eXVKylm3lG8syhpBV\r\n=ClyS\r\n-----END PGP SIGNATURE-----\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-12604", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-11-19T18:33:24", "description": "CVE ID\uff1aCVE-2009-3615\r\n\r\nAdium\u662f\u4e00\u6b3eMac OS X\u4e0b\u7684\u591a\u534f\u8bae\u5373\u65f6\u901a\u4fe1\u8f6f\u4ef6\u3002\r\nAdium\u5904\u7406\u90e8\u5206oscar\u534f\u8bae\u6d88\u606f\u5b58\u5728\u9519\u8bef\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u5bf9\u5e94\u7528\u7a0b\u5e8f\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\r\n\u6784\u5efa\u7279\u6b8a\u7684ICQ\u6d88\u606f\u53ef\u89e6\u53d1\u6b64\u6f0f\u6d1e\u3002\n\nAdium 1.x\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\n\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u5347\u7ea7\u5230Adium 1.3.7\u7248\u672c\uff1a\r\nhttp://www.adium.im/?download=10.4", "published": "2009-10-20T00:00:00", "title": "Adium ICQ\u6d88\u606f\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3615"], "modified": "2009-10-20T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-12496", "id": "SSV:12496", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": ""}], "debian": [{"lastseen": "2020-11-11T13:28:17", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3615"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1932-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nNovember 08, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : pidgin\nVulnerability : programming error\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2009-3615\n\nIt was discovered that incorrect pointer handling in the purple library,\nan internal component of the multi-protocol instant messaging client\nPidgin, could lead to denial of service or the execution of arbitrary\ncode through malformed contact requests.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.4.3-4lenny5.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.6.3-1.\n\nWe recommend that you upgrade your pidgin package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3.orig.tar.gz\n Size/MD5 checksum: 13123610 d0e0bd218fbc67df8b2eca2f21fcd427\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5.diff.gz\n Size/MD5 checksum: 69490 bdf5958352a704f7585d3028cd5e1fec\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5.dsc\n Size/MD5 checksum: 1779 43de978c046520a4919f0d5a12a20726\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/p/pidgin/finch-dev_2.4.3-4lenny5_all.deb\n Size/MD5 checksum: 158216 5ed3ffcd4e334fc0a111b4009ab833de\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-data_2.4.3-4lenny5_all.deb\n Size/MD5 checksum: 7009600 17672a402481c235f6a2b783b791e746\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dev_2.4.3-4lenny5_all.deb\n Size/MD5 checksum: 193484 3d39086701ad91a11702a2a7c152c6cf\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple-dev_2.4.3-4lenny5_all.deb\n Size/MD5 checksum: 275870 2f98b47825be3bdd427c0431c62b39be\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple-bin_2.4.3-4lenny5_all.deb\n Size/MD5 checksum: 133752 0902b80babf5cc2ece1b7768c219535e\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_alpha.deb\n Size/MD5 checksum: 1803418 9ca1dbc9edbc3593f73e24f6585ae6c6\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_alpha.deb\n Size/MD5 checksum: 369764 86fba3374b45f8c47f9a1dbd043858b6\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_alpha.deb\n Size/MD5 checksum: 5546018 6b07e1aec08681d8d215fb1058380079\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_alpha.deb\n Size/MD5 checksum: 779324 98b7af086407f89594598b0862b68129\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_amd64.deb\n Size/MD5 checksum: 5678040 dc9abd0e234ce486e977cf507a1a0748\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_amd64.deb\n Size/MD5 checksum: 350246 9bd0d316c59474a803d860d36ffaa677\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_amd64.deb\n Size/MD5 checksum: 1715330 03ce4eee9e2d9ca1065e7ec84d941e86\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_amd64.deb\n Size/MD5 checksum: 729406 c277522dd8c8213fdc79906c37d6247b\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_arm.deb\n Size/MD5 checksum: 5348566 58df4a37d31b6506a456bd8dd86b3ef2\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_arm.deb\n Size/MD5 checksum: 655256 c469023b397f017ebd0433ea85acee24\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_arm.deb\n Size/MD5 checksum: 1490668 aa8d7c91e49530619312394071fc9fc9\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_arm.deb\n Size/MD5 checksum: 315340 934e28a580a3f9596f04cb3a90a8013c\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_hppa.deb\n Size/MD5 checksum: 361310 7918ac74caafb3dda22a4266020e86c5\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_hppa.deb\n Size/MD5 checksum: 5490030 a27a1c817f2895b036fb717f613d6f34\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_hppa.deb\n Size/MD5 checksum: 753982 efda55e1cdadee65f026d96ab4503171\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_hppa.deb\n Size/MD5 checksum: 1827992 64bb7e52aaf538c954039c2456f36d8f\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_i386.deb\n Size/MD5 checksum: 5374580 2961a636b7706cacd45fb36f3dea6bd4\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_i386.deb\n Size/MD5 checksum: 326802 9025d6ea09b7f9a02c83749473aa229c\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_i386.deb\n Size/MD5 checksum: 681090 79a25b879aae2ac07db502e42618c88f\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_i386.deb\n Size/MD5 checksum: 1584434 d29f583b78f101d87ed2066385c40599\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_ia64.deb\n Size/MD5 checksum: 2194762 4f259a76294be6db4e2bed1a9273766e\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_ia64.deb\n Size/MD5 checksum: 948280 ab48fbb1d647eec48267a69c143a44f3\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_ia64.deb\n Size/MD5 checksum: 434844 c6d12bbb68ff7e09e344407d54ce948f\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_ia64.deb\n Size/MD5 checksum: 5223762 d492670cd8231a7de5a5ab2825c0a48b\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_mips.deb\n Size/MD5 checksum: 1373342 ebc93647a9ec9747375431c4ba19ded6\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_mips.deb\n Size/MD5 checksum: 654102 92429c957d304b156d3d28c5d25805aa\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_mips.deb\n Size/MD5 checksum: 318434 ac3e2c5ad70e495bdae41c658ef622dd\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_mips.deb\n Size/MD5 checksum: 5656198 7ca75b68fdfb8f8787e48e7427dc4530\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_mipsel.deb\n Size/MD5 checksum: 651076 7ce55a8603d33c35373dc4dfb1d14f56\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_mipsel.deb\n Size/MD5 checksum: 1358570 58e263173578cb1f3a9875191e202e52\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_mipsel.deb\n Size/MD5 checksum: 318378 9fbc28d9902e6a51f0f6b2d2de7e0395\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_mipsel.deb\n Size/MD5 checksum: 5546160 a99d654f53d20fa2fab9066c8fa5a8f7\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_s390.deb\n Size/MD5 checksum: 717584 6badbed0aba6b9d0fbfa039bacd1af79\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_s390.deb\n Size/MD5 checksum: 1646224 7df3d4471515c43083309ab7e1d3547d\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_s390.deb\n Size/MD5 checksum: 358972 29aca9346b345fe3a87f8b952668a7fc\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_s390.deb\n Size/MD5 checksum: 5568182 1e7762fc7d93585ba0e4cfd1c12ae4ff\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_sparc.deb\n Size/MD5 checksum: 683166 da381d9384ba652955ac8029edeec6bb\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_sparc.deb\n Size/MD5 checksum: 5140422 0eaada1c6c85b8287ce2df775b154ac1\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_sparc.deb\n Size/MD5 checksum: 327798 87a0de96929927f64a66582f8eacd5e0\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_sparc.deb\n Size/MD5 checksum: 1588172 647ca5e52e7bcb927430b7cceb798b1f\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "edition": 3, "modified": "2009-11-08T19:48:09", "published": "2009-11-08T19:48:09", "id": "DEBIAN:DSA-1932-1:72045", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00255.html", "title": "[SECURITY] [DSA 1932-1] New pidgin packages fix arbitrary code execution", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-11-11T13:19:02", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3615"], "description": "Gerfried Fuchs uploaded new packages for pidgin which fixed the\nfollowing security problem:\n\nCVE-2009-3615\n\n The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and\n Adium before 1.3.7 allows remote attackers to cause a denial of\n service (application crash) via crafted contact-list data for\n (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client.\n\nFor the lenny-backports distribution the problem has been fixed in\nversion 2.6.3-1~bpo50+1.\n\nFor the squeeze and sid distributions the problem has been fixed in\nversion 2.6.3-1.\n\n\nUpgrade instructions\n--------------------\n\nIf you don&#x27;t use pinning (see [1]) you have to update the packages\nmanually via &quot;apt-get -t lenny-backports install &lt;packagelist&gt;&quot; with the\npackagelist of your installed packages affected by this update.\n[1] &lt;http://backports.org/dokuwiki/doku.php?id=instructions&gt;\n\nWe recommend to pin the backports repository to 200 so that new versions\nof installed backports will be installed automatically:\n\n Package: *\n Pin: release a=lenny-backports\n Pin-Priority: 200\n", "edition": 3, "modified": "2009-10-29T23:13:57", "published": "2009-10-29T23:13:57", "id": "DEBIAN:D852A94066010439EB29AE0FCCDAD42A:6D20F", "href": "https://lists.debian.org/debian-backports-announce/2009/debian-backports-announce-200910/msg00001.html", "title": "[Backports-security-announce] Security Update for pidgin", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:45:45", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3615"], "description": "Pidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously. The AOL\nOpen System for Communication in Realtime (OSCAR) protocol is used by the\nAOL ICQ and AIM instant messaging systems.\n\nAn invalid pointer dereference bug was found in the way the Pidgin OSCAR\nprotocol implementation processed lists of contacts. A remote attacker\ncould send a specially-crafted contact list to a user running Pidgin,\ncausing Pidgin to crash. (CVE-2009-3615)\n\nThese packages upgrade Pidgin to version 2.6.3. Refer to the Pidgin release\nnotes for a full list of changes: http://developer.pidgin.im/wiki/ChangeLog\n\nAll Pidgin users should upgrade to these updated packages, which correct\nthis issue. Pidgin must be restarted for this update to take effect.", "modified": "2017-09-08T11:50:54", "published": "2009-10-29T04:00:00", "id": "RHSA-2009:1536", "href": "https://access.redhat.com/errata/RHSA-2009:1536", "type": "redhat", "title": "(RHSA-2009:1536) Moderate: pidgin security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T14:35:07", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2703", "CVE-2009-3083", "CVE-2009-3615"], "description": "Pidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nAn invalid pointer dereference bug was found in the way the Pidgin OSCAR\nprotocol implementation processed lists of contacts. A remote attacker\ncould send a specially-crafted contact list to a user running Pidgin,\ncausing Pidgin to crash. (CVE-2009-3615)\n\nA NULL pointer dereference flaw was found in the way the Pidgin IRC\nprotocol plug-in handles IRC topics. A malicious IRC server could send a\nspecially-crafted IRC TOPIC message, which once received by Pidgin, would\nlead to a denial of service (Pidgin crash). (CVE-2009-2703)\n\nA NULL pointer dereference flaw was found in the way the Pidgin MSN\nprotocol plug-in handles improper MSNSLP invitations. A remote attacker\ncould send a specially-crafted MSNSLP invitation request, which once\naccepted by a valid Pidgin user, would lead to a denial of service (Pidgin\ncrash). (CVE-2009-3083)\n\nAll Pidgin users should upgrade to this updated package, which contains\nbackported patches to resolve these issues. Pidgin must be restarted for\nthis update to take effect.", "modified": "2018-05-26T04:26:18", "published": "2009-10-29T04:00:00", "id": "RHSA-2009:1535", "href": "https://access.redhat.com/errata/RHSA-2009:1535", "type": "redhat", "title": "(RHSA-2009:1535) Moderate: pidgin security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:34", "bulletinFamily": "software", "cvelist": ["CVE-2009-3615"], "description": "Crash on OSCAR protocol contact list parsing &#40;ICQ and AIM&#41;.", "edition": 1, "modified": "2009-11-09T00:00:00", "published": "2009-11-09T00:00:00", "id": "SECURITYVULNS:VULN:10386", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10386", "title": "Pidgin DoS", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:32", "bulletinFamily": "software", "cvelist": ["CVE-2009-3615"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ------------------------------------------------------------------------\r\nDebian Security Advisory DSA-1932-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nNovember 08, 2009 http://www.debian.org/security/faq\r\n- ------------------------------------------------------------------------\r\n\r\nPackage : pidgin\r\nVulnerability : programming error\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE Id&#40;s&#41; : CVE-2009-3615\r\n\r\nIt was discovered that incorrect pointer handling in the purple library,\r\nan internal component of the multi-protocol instant messaging client\r\nPidgin, could lead to denial of service or the execution of arbitrary\r\ncode through malformed contact requests.\r\n\r\nFor the stable distribution &#40;lenny&#41;, this problem has been fixed in\r\nversion 2.4.3-4lenny5.\r\n\r\nFor the unstable distribution &#40;sid&#41;, this problem has been fixed in\r\nversion 2.6.3-1.\r\n\r\nWe recommend that you upgrade your pidgin package.\r\n\r\nUpgrade instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 5.0 alias lenny\r\n- --------------------------------\r\n\r\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc,\r\ns390 and sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3.orig.tar.gz\r\n Size/MD5 checksum: 13123610 d0e0bd218fbc67df8b2eca2f21fcd427\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5.diff.gz\r\n Size/MD5 checksum: 69490 bdf5958352a704f7585d3028cd5e1fec\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5.dsc\r\n Size/MD5 checksum: 1779 43de978c046520a4919f0d5a12a20726\r\n\r\nArchitecture independent packages:\r\n\r\n http://security.debian.org/pool/updates/main/p/pidgin/finch-dev_2.4.3-4lenny5_all.deb\r\n Size/MD5 checksum: 158216 5ed3ffcd4e334fc0a111b4009ab833de\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-data_2.4.3-4lenny5_all.deb\r\n Size/MD5 checksum: 7009600 17672a402481c235f6a2b783b791e746\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dev_2.4.3-4lenny5_all.deb\r\n Size/MD5 checksum: 193484 3d39086701ad91a11702a2a7c152c6cf\r\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple-dev_2.4.3-4lenny5_all.deb\r\n Size/MD5 checksum: 275870 2f98b47825be3bdd427c0431c62b39be\r\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple-bin_2.4.3-4lenny5_all.deb\r\n Size/MD5 checksum: 133752 0902b80babf5cc2ece1b7768c219535e\r\n\r\nalpha architecture &#40;DEC Alpha&#41;\r\n\r\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_alpha.deb\r\n Size/MD5 checksum: 1803418 9ca1dbc9edbc3593f73e24f6585ae6c6\r\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_alpha.deb\r\n Size/MD5 checksum: 369764 86fba3374b45f8c47f9a1dbd043858b6\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_alpha.deb\r\n Size/MD5 checksum: 5546018 6b07e1aec08681d8d215fb1058380079\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_alpha.deb\r\n Size/MD5 checksum: 779324 98b7af086407f89594598b0862b68129\r\n\r\namd64 architecture &#40;AMD x86_64 &#40;AMD64&#41;&#41;\r\n\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_amd64.deb\r\n Size/MD5 checksum: 5678040 dc9abd0e234ce486e977cf507a1a0748\r\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_amd64.deb\r\n Size/MD5 checksum: 350246 9bd0d316c59474a803d860d36ffaa677\r\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_amd64.deb\r\n Size/MD5 checksum: 1715330 03ce4eee9e2d9ca1065e7ec84d941e86\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_amd64.deb\r\n Size/MD5 checksum: 729406 c277522dd8c8213fdc79906c37d6247b\r\n\r\narm architecture &#40;ARM&#41;\r\n\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_arm.deb\r\n Size/MD5 checksum: 5348566 58df4a37d31b6506a456bd8dd86b3ef2\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_arm.deb\r\n Size/MD5 checksum: 655256 c469023b397f017ebd0433ea85acee24\r\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_arm.deb\r\n Size/MD5 checksum: 1490668 aa8d7c91e49530619312394071fc9fc9\r\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_arm.deb\r\n Size/MD5 checksum: 315340 934e28a580a3f9596f04cb3a90a8013c\r\n\r\nhppa architecture &#40;HP PA RISC&#41;\r\n\r\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_hppa.deb\r\n Size/MD5 checksum: 361310 7918ac74caafb3dda22a4266020e86c5\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_hppa.deb\r\n Size/MD5 checksum: 5490030 a27a1c817f2895b036fb717f613d6f34\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_hppa.deb\r\n Size/MD5 checksum: 753982 efda55e1cdadee65f026d96ab4503171\r\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_hppa.deb\r\n Size/MD5 checksum: 1827992 64bb7e52aaf538c954039c2456f36d8f\r\n\r\ni386 architecture &#40;Intel ia32&#41;\r\n\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_i386.deb\r\n Size/MD5 checksum: 5374580 2961a636b7706cacd45fb36f3dea6bd4\r\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_i386.deb\r\n Size/MD5 checksum: 326802 9025d6ea09b7f9a02c83749473aa229c\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_i386.deb\r\n Size/MD5 checksum: 681090 79a25b879aae2ac07db502e42618c88f\r\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_i386.deb\r\n Size/MD5 checksum: 1584434 d29f583b78f101d87ed2066385c40599\r\n\r\nia64 architecture &#40;Intel ia64&#41;\r\n\r\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_ia64.deb\r\n Size/MD5 checksum: 2194762 4f259a76294be6db4e2bed1a9273766e\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_ia64.deb\r\n Size/MD5 checksum: 948280 ab48fbb1d647eec48267a69c143a44f3\r\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_ia64.deb\r\n Size/MD5 checksum: 434844 c6d12bbb68ff7e09e344407d54ce948f\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_ia64.deb\r\n Size/MD5 checksum: 5223762 d492670cd8231a7de5a5ab2825c0a48b\r\n\r\nmips architecture &#40;MIPS &#40;Big Endian&#41;&#41;\r\n\r\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_mips.deb\r\n Size/MD5 checksum: 1373342 ebc93647a9ec9747375431c4ba19ded6\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_mips.deb\r\n Size/MD5 checksum: 654102 92429c957d304b156d3d28c5d25805aa\r\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_mips.deb\r\n Size/MD5 checksum: 318434 ac3e2c5ad70e495bdae41c658ef622dd\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_mips.deb\r\n Size/MD5 checksum: 5656198 7ca75b68fdfb8f8787e48e7427dc4530\r\n\r\nmipsel architecture &#40;MIPS &#40;Little Endian&#41;&#41;\r\n\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_mipsel.deb\r\n Size/MD5 checksum: 651076 7ce55a8603d33c35373dc4dfb1d14f56\r\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_mipsel.deb\r\n Size/MD5 checksum: 1358570 58e263173578cb1f3a9875191e202e52\r\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_mipsel.deb\r\n Size/MD5 checksum: 318378 9fbc28d9902e6a51f0f6b2d2de7e0395\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_mipsel.deb\r\n Size/MD5 checksum: 5546160 a99d654f53d20fa2fab9066c8fa5a8f7\r\n\r\ns390 architecture &#40;IBM S/390&#41;\r\n\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_s390.deb\r\n Size/MD5 checksum: 717584 6badbed0aba6b9d0fbfa039bacd1af79\r\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_s390.deb\r\n Size/MD5 checksum: 1646224 7df3d4471515c43083309ab7e1d3547d\r\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_s390.deb\r\n Size/MD5 checksum: 358972 29aca9346b345fe3a87f8b952668a7fc\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_s390.deb\r\n Size/MD5 checksum: 5568182 1e7762fc7d93585ba0e4cfd1c12ae4ff\r\n\r\nsparc architecture &#40;Sun SPARC/UltraSPARC&#41;\r\n\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_sparc.deb\r\n Size/MD5 checksum: 683166 da381d9384ba652955ac8029edeec6bb\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_sparc.deb\r\n Size/MD5 checksum: 5140422 0eaada1c6c85b8287ce2df775b154ac1\r\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_sparc.deb\r\n Size/MD5 checksum: 327798 87a0de96929927f64a66582f8eacd5e0\r\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_sparc.deb\r\n Size/MD5 checksum: 1588172 647ca5e52e7bcb927430b7cceb798b1f\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: &#96;apt-cache show &lt;pkg&gt;&#39; and http://packages.debian.org/&lt;pkg&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 &#40;GNU/Linux&#41;\r\n\r\niEYEARECAAYFAkr3H+8ACgkQXm3vHE4uylrUwACgsh7B5PDcw5KrfeM5wD6STeWz\r\nHUoAoI7/R7a9a15eXVKylm3lG8syhpBV\r\n=ClyS\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2009-11-09T00:00:00", "published": "2009-11-09T00:00:00", "id": "SECURITYVULNS:DOC:22761", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22761", "title": "[SECURITY] [DSA 1932-1] New pidgin packages fix arbitrary code execution", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-06T09:45:45", "description": "It was discovered that incorrect pointer handling in the purple\nlibrary, an internal component of the multi-protocol instant messaging\nclient Pidgin, could lead to denial of service or the execution of\narbitrary code through malformed contact requests.", "edition": 26, "published": "2010-02-24T00:00:00", "title": "Debian DSA-1932-1 : pidgin - programming error", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3615"], "modified": "2010-02-24T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:5.0", "p-cpe:/a:debian:debian_linux:pidgin"], "id": "DEBIAN_DSA-1932.NASL", "href": "https://www.tenable.com/plugins/nessus/44797", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1932. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44797);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-3615\");\n script_xref(name:\"DSA\", value:\"1932\");\n\n script_name(english:\"Debian DSA-1932-1 : pidgin - programming error\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that incorrect pointer handling in the purple\nlibrary, an internal component of the multi-protocol instant messaging\nclient Pidgin, could lead to denial of service or the execution of\narbitrary code through malformed contact requests.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1932\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the pidgin package.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.4.3-4lenny5.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"finch\", reference:\"2.4.3-4lenny5\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"finch-dev\", reference:\"2.4.3-4lenny5\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libpurple-bin\", reference:\"2.4.3-4lenny5\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libpurple-dev\", reference:\"2.4.3-4lenny5\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libpurple0\", reference:\"2.4.3-4lenny5\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"pidgin\", reference:\"2.4.3-4lenny5\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"pidgin-data\", reference:\"2.4.3-4lenny5\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"pidgin-dbg\", reference:\"2.4.3-4lenny5\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"pidgin-dev\", reference:\"2.4.3-4lenny5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T12:44:46", "description": "From Red Hat Security Advisory 2009:1536 :\n\nUpdated pidgin packages that fix a security issue are now available\nfor Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously. The\nAOL Open System for Communication in Realtime (OSCAR) protocol is used\nby the AOL ICQ and AIM instant messaging systems.\n\nAn invalid pointer dereference bug was found in the way the Pidgin\nOSCAR protocol implementation processed lists of contacts. A remote\nattacker could send a specially crafted contact list to a user running\nPidgin, causing Pidgin to crash. (CVE-2009-3615)\n\nThese packages upgrade Pidgin to version 2.6.3. Refer to the Pidgin\nrelease notes for a full list of changes:\nhttp://developer.pidgin.im/wiki/ChangeLog\n\nAll Pidgin users should upgrade to these updated packages, which\ncorrect this issue. Pidgin must be restarted for this update to take\neffect.", "edition": 23, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 : pidgin (ELSA-2009-1536)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3615"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:pidgin", "p-cpe:/a:oracle:linux:libpurple-devel", "p-cpe:/a:oracle:linux:finch", "p-cpe:/a:oracle:linux:pidgin-perl", "p-cpe:/a:oracle:linux:libpurple", "p-cpe:/a:oracle:linux:libpurple-tcl", "p-cpe:/a:oracle:linux:finch-devel", "p-cpe:/a:oracle:linux:libpurple-perl", "cpe:/o:oracle:linux:4", "p-cpe:/a:oracle:linux:pidgin-devel"], "id": "ORACLELINUX_ELSA-2009-1536.NASL", "href": "https://www.tenable.com/plugins/nessus/67951", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2009:1536 and \n# Oracle Linux Security Advisory ELSA-2009-1536 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67951);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3615\");\n script_xref(name:\"RHSA\", value:\"2009:1536\");\n\n script_name(english:\"Oracle Linux 4 : pidgin (ELSA-2009-1536)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2009:1536 :\n\nUpdated pidgin packages that fix a security issue are now available\nfor Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously. The\nAOL Open System for Communication in Realtime (OSCAR) protocol is used\nby the AOL ICQ and AIM instant messaging systems.\n\nAn invalid pointer dereference bug was found in the way the Pidgin\nOSCAR protocol implementation processed lists of contacts. A remote\nattacker could send a specially crafted contact list to a user running\nPidgin, causing Pidgin to crash. (CVE-2009-3615)\n\nThese packages upgrade Pidgin to version 2.6.3. Refer to the Pidgin\nrelease notes for a full list of changes:\nhttp://developer.pidgin.im/wiki/ChangeLog\n\nAll Pidgin users should upgrade to these updated packages, which\ncorrect this issue. Pidgin must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-October/001228.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pidgin packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:finch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:finch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libpurple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libpurple-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libpurple-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libpurple-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pidgin-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pidgin-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"finch-2.6.3-2.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"finch-devel-2.6.3-2.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libpurple-2.6.3-2.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libpurple-devel-2.6.3-2.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libpurple-perl-2.6.3-2.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libpurple-tcl-2.6.3-2.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"pidgin-2.6.3-2.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"pidgin-devel-2.6.3-2.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"pidgin-perl-2.6.3-2.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"finch / finch-devel / libpurple / libpurple-devel / libpurple-perl / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T09:10:32", "description": "New pidgin packages are available for Slackware 12.0, 12.1, 12.2,\n13.0, and -current to fix a security issue.", "edition": 23, "published": "2009-10-19T00:00:00", "title": "Slackware 12.0 / 12.1 / 12.2 / 13.0 / current : pidgin (SSA:2009-290-02)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3615"], "modified": "2009-10-19T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:12.0", "cpe:/o:slackware:slackware_linux:12.2", "cpe:/o:slackware:slackware_linux:13.0", "p-cpe:/a:slackware:slackware_linux:pidgin", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:12.1"], "id": "SLACKWARE_SSA_2009-290-02.NASL", "href": "https://www.tenable.com/plugins/nessus/42169", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2009-290-02. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42169);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3615\");\n script_xref(name:\"SSA\", value:\"2009-290-02\");\n\n script_name(english:\"Slackware 12.0 / 12.1 / 12.2 / 13.0 / current : pidgin (SSA:2009-290-02)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New pidgin packages are available for Slackware 12.0, 12.1, 12.2,\n13.0, and -current to fix a security issue.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.439800\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?760cacb5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pidgin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"12.0\", pkgname:\"pidgin\", pkgver:\"2.6.3\", pkgarch:\"i486\", pkgnum:\"1_slack12.0\")) flag++;\n\nif (slackware_check(osver:\"12.1\", pkgname:\"pidgin\", pkgver:\"2.6.3\", pkgarch:\"i486\", pkgnum:\"1_slack12.1\")) flag++;\n\nif (slackware_check(osver:\"12.2\", pkgname:\"pidgin\", pkgver:\"2.6.3\", pkgarch:\"i486\", pkgnum:\"1_slack12.2\")) flag++;\n\nif (slackware_check(osver:\"13.0\", pkgname:\"pidgin\", pkgver:\"2.6.3\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"pidgin\", pkgver:\"2.6.3\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"pidgin\", pkgver:\"2.6.3\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"pidgin\", pkgver:\"2.6.3\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-06T09:25:59", "description": "Updated pidgin packages that fix a security issue are now available\nfor Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously. The\nAOL Open System for Communication in Realtime (OSCAR) protocol is used\nby the AOL ICQ and AIM instant messaging systems.\n\nAn invalid pointer dereference bug was found in the way the Pidgin\nOSCAR protocol implementation processed lists of contacts. A remote\nattacker could send a specially crafted contact list to a user running\nPidgin, causing Pidgin to crash. (CVE-2009-3615)\n\nThese packages upgrade Pidgin to version 2.6.3. Refer to the Pidgin\nrelease notes for a full list of changes:\nhttp://developer.pidgin.im/wiki/ChangeLog\n\nAll Pidgin users should upgrade to these updated packages, which\ncorrect this issue. Pidgin must be restarted for this update to take\neffect.", "edition": 25, "published": "2009-11-02T00:00:00", "title": "CentOS 4 / 5 : pidgin (CESA-2009:1536)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3615"], "modified": "2009-11-02T00:00:00", "cpe": ["p-cpe:/a:centos:centos:libpurple-tcl", "p-cpe:/a:centos:centos:pidgin-perl", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:finch-devel", "p-cpe:/a:centos:centos:libpurple-devel", "p-cpe:/a:centos:centos:libpurple", "p-cpe:/a:centos:centos:pidgin", "p-cpe:/a:centos:centos:finch", "p-cpe:/a:centos:centos:pidgin-devel", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:libpurple-perl"], "id": "CENTOS_RHSA-2009-1536.NASL", "href": "https://www.tenable.com/plugins/nessus/42330", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1536 and \n# CentOS Errata and Security Advisory 2009:1536 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42330);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-3615\");\n script_xref(name:\"RHSA\", value:\"2009:1536\");\n\n script_name(english:\"CentOS 4 / 5 : pidgin (CESA-2009:1536)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated pidgin packages that fix a security issue are now available\nfor Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously. The\nAOL Open System for Communication in Realtime (OSCAR) protocol is used\nby the AOL ICQ and AIM instant messaging systems.\n\nAn invalid pointer dereference bug was found in the way the Pidgin\nOSCAR protocol implementation processed lists of contacts. A remote\nattacker could send a specially crafted contact list to a user running\nPidgin, causing Pidgin to crash. (CVE-2009-3615)\n\nThese packages upgrade Pidgin to version 2.6.3. Refer to the Pidgin\nrelease notes for a full list of changes:\nhttp://developer.pidgin.im/wiki/ChangeLog\n\nAll Pidgin users should upgrade to these updated packages, which\ncorrect this issue. Pidgin must be restarted for this update to take\neffect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-October/016266.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?900ada57\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-October/016267.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8c7abd35\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-October/016292.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eb628ad0\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-October/016293.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fba5cb60\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pidgin packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:finch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:finch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpurple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpurple-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpurple-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpurple-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pidgin-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pidgin-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"finch-2.6.3-2.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"finch-2.6.3-2.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"finch-devel-2.6.3-2.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"finch-devel-2.6.3-2.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"libpurple-2.6.3-2.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"libpurple-2.6.3-2.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"libpurple-devel-2.6.3-2.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"libpurple-devel-2.6.3-2.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"libpurple-perl-2.6.3-2.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"libpurple-perl-2.6.3-2.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"libpurple-tcl-2.6.3-2.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"libpurple-tcl-2.6.3-2.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"pidgin-2.6.3-2.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"pidgin-2.6.3-2.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"pidgin-devel-2.6.3-2.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"pidgin-devel-2.6.3-2.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"pidgin-perl-2.6.3-2.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"pidgin-perl-2.6.3-2.el4\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"finch-2.6.3-2.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"finch-devel-2.6.3-2.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libpurple-2.6.3-2.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libpurple-devel-2.6.3-2.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libpurple-perl-2.6.3-2.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libpurple-tcl-2.6.3-2.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"pidgin-2.6.3-2.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"pidgin-devel-2.6.3-2.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"pidgin-perl-2.6.3-2.el5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"finch / finch-devel / libpurple / libpurple-devel / libpurple-perl / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T13:07:08", "description": "Updated pidgin packages that fix a security issue are now available\nfor Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously. The\nAOL Open System for Communication in Realtime (OSCAR) protocol is used\nby the AOL ICQ and AIM instant messaging systems.\n\nAn invalid pointer dereference bug was found in the way the Pidgin\nOSCAR protocol implementation processed lists of contacts. A remote\nattacker could send a specially crafted contact list to a user running\nPidgin, causing Pidgin to crash. (CVE-2009-3615)\n\nThese packages upgrade Pidgin to version 2.6.3. Refer to the Pidgin\nrelease notes for a full list of changes:\nhttp://developer.pidgin.im/wiki/ChangeLog\n\nAll Pidgin users should upgrade to these updated packages, which\ncorrect this issue. Pidgin must be restarted for this update to take\neffect.", "edition": 26, "published": "2009-10-30T00:00:00", "title": "RHEL 4 / 5 : pidgin (RHSA-2009:1536)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3615"], "modified": "2009-10-30T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:pidgin-perl", "cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:libpurple", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:libpurple-perl", "cpe:/o:redhat:enterprise_linux:4.8", "p-cpe:/a:redhat:enterprise_linux:pidgin-devel", "p-cpe:/a:redhat:enterprise_linux:pidgin", "p-cpe:/a:redhat:enterprise_linux:finch-devel", "p-cpe:/a:redhat:enterprise_linux:libpurple-devel", "cpe:/o:redhat:enterprise_linux:5.4", "p-cpe:/a:redhat:enterprise_linux:finch", "p-cpe:/a:redhat:enterprise_linux:libpurple-tcl"], "id": "REDHAT-RHSA-2009-1536.NASL", "href": "https://www.tenable.com/plugins/nessus/42313", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1536. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42313);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3615\");\n script_xref(name:\"RHSA\", value:\"2009:1536\");\n\n script_name(english:\"RHEL 4 / 5 : pidgin (RHSA-2009:1536)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated pidgin packages that fix a security issue are now available\nfor Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously. The\nAOL Open System for Communication in Realtime (OSCAR) protocol is used\nby the AOL ICQ and AIM instant messaging systems.\n\nAn invalid pointer dereference bug was found in the way the Pidgin\nOSCAR protocol implementation processed lists of contacts. A remote\nattacker could send a specially crafted contact list to a user running\nPidgin, causing Pidgin to crash. (CVE-2009-3615)\n\nThese packages upgrade Pidgin to version 2.6.3. Refer to the Pidgin\nrelease notes for a full list of changes:\nhttp://developer.pidgin.im/wiki/ChangeLog\n\nAll Pidgin users should upgrade to these updated packages, which\ncorrect this issue. Pidgin must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3615\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1536\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:finch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:finch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpurple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpurple-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpurple-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpurple-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pidgin-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pidgin-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1536\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"finch-2.6.3-2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"finch-2.6.3-2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"finch-devel-2.6.3-2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"finch-devel-2.6.3-2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"libpurple-2.6.3-2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"libpurple-2.6.3-2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"libpurple-devel-2.6.3-2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"libpurple-devel-2.6.3-2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"libpurple-perl-2.6.3-2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"libpurple-perl-2.6.3-2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"libpurple-tcl-2.6.3-2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"libpurple-tcl-2.6.3-2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"pidgin-2.6.3-2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"pidgin-2.6.3-2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"pidgin-devel-2.6.3-2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"pidgin-devel-2.6.3-2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"pidgin-perl-2.6.3-2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"pidgin-perl-2.6.3-2.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"finch-2.6.3-2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"finch-2.6.3-2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"finch-devel-2.6.3-2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"finch-devel-2.6.3-2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"libpurple-2.6.3-2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"libpurple-2.6.3-2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"libpurple-devel-2.6.3-2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"libpurple-devel-2.6.3-2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"libpurple-perl-2.6.3-2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"libpurple-perl-2.6.3-2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"libpurple-tcl-2.6.3-2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"libpurple-tcl-2.6.3-2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"pidgin-2.6.3-2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"pidgin-2.6.3-2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"pidgin-devel-2.6.3-2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"pidgin-devel-2.6.3-2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"pidgin-perl-2.6.3-2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"pidgin-perl-2.6.3-2.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"finch / finch-devel / libpurple / libpurple-devel / libpurple-perl / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:06:53", "description": "This update fixes :\n\n - Bug #529357 - CVE-2009-3615 Pidgin: Invalid pointer\n dereference (crash) after receiving contacts from SIM IM\n client\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2009-10-22T00:00:00", "title": "Fedora 10 : pidgin-2.6.3-2.fc10 (2009-10702)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3615", "CVE-2009-2694"], "modified": "2009-10-22T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:10", "p-cpe:/a:fedoraproject:fedora:pidgin"], "id": "FEDORA_2009-10702.NASL", "href": "https://www.tenable.com/plugins/nessus/42195", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-10702.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42195);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-2694\", \"CVE-2009-3615\");\n script_bugtraq_id(36071, 36277);\n script_xref(name:\"FEDORA\", value:\"2009-10702\");\n\n script_name(english:\"Fedora 10 : pidgin-2.6.3-2.fc10 (2009-10702)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes :\n\n - Bug #529357 - CVE-2009-3615 Pidgin: Invalid pointer\n dereference (crash) after receiving contacts from SIM IM\n client\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=529357\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-October/030234.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?47526cf6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pidgin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"pidgin-2.6.3-2.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pidgin\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:06:52", "description": "This update fixes :\n\n - Bug #529357 - CVE-2009-3615 Pidgin: Invalid pointer\n dereference (crash) after receiving contacts from SIM IM\n client\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2009-10-22T00:00:00", "title": "Fedora 11 : pidgin-2.6.3-2.fc11 (2009-10662)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3615", "CVE-2009-2694"], "modified": "2009-10-22T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:11", "p-cpe:/a:fedoraproject:fedora:pidgin"], "id": "FEDORA_2009-10662.NASL", "href": "https://www.tenable.com/plugins/nessus/42193", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-10662.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42193);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-2694\", \"CVE-2009-3615\");\n script_bugtraq_id(36071, 36277);\n script_xref(name:\"FEDORA\", value:\"2009-10662\");\n\n script_name(english:\"Fedora 11 : pidgin-2.6.3-2.fc11 (2009-10662)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes :\n\n - Bug #529357 - CVE-2009-3615 Pidgin: Invalid pointer\n dereference (crash) after receiving contacts from SIM IM\n client\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=529357\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-October/030208.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4829d332\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pidgin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"pidgin-2.6.3-2.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pidgin\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:07:08", "description": "An updated pidgin package that fixes several security issues is now\navailable for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nAn invalid pointer dereference bug was found in the way the Pidgin\nOSCAR protocol implementation processed lists of contacts. A remote\nattacker could send a specially crafted contact list to a user running\nPidgin, causing Pidgin to crash. (CVE-2009-3615)\n\nA NULL pointer dereference flaw was found in the way the Pidgin IRC\nprotocol plug-in handles IRC topics. A malicious IRC server could send\na specially crafted IRC TOPIC message, which once received by Pidgin,\nwould lead to a denial of service (Pidgin crash). (CVE-2009-2703)\n\nA NULL pointer dereference flaw was found in the way the Pidgin MSN\nprotocol plug-in handles improper MSNSLP invitations. A remote\nattacker could send a specially crafted MSNSLP invitation request,\nwhich once accepted by a valid Pidgin user, would lead to a denial of\nservice (Pidgin crash). (CVE-2009-3083)\n\nAll Pidgin users should upgrade to this updated package, which\ncontains backported patches to resolve these issues. Pidgin must be\nrestarted for this update to take effect.", "edition": 26, "published": "2009-10-30T00:00:00", "title": "RHEL 3 : pidgin (RHSA-2009:1535)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3083", "CVE-2009-2703", "CVE-2009-3615"], "modified": "2009-10-30T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "p-cpe:/a:redhat:enterprise_linux:pidgin"], "id": "REDHAT-RHSA-2009-1535.NASL", "href": "https://www.tenable.com/plugins/nessus/42312", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1535. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42312);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2703\", \"CVE-2009-3083\", \"CVE-2009-3615\");\n script_bugtraq_id(36277);\n script_xref(name:\"RHSA\", value:\"2009:1535\");\n\n script_name(english:\"RHEL 3 : pidgin (RHSA-2009:1535)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated pidgin package that fixes several security issues is now\navailable for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nAn invalid pointer dereference bug was found in the way the Pidgin\nOSCAR protocol implementation processed lists of contacts. A remote\nattacker could send a specially crafted contact list to a user running\nPidgin, causing Pidgin to crash. (CVE-2009-3615)\n\nA NULL pointer dereference flaw was found in the way the Pidgin IRC\nprotocol plug-in handles IRC topics. A malicious IRC server could send\na specially crafted IRC TOPIC message, which once received by Pidgin,\nwould lead to a denial of service (Pidgin crash). (CVE-2009-2703)\n\nA NULL pointer dereference flaw was found in the way the Pidgin MSN\nprotocol plug-in handles improper MSNSLP invitations. A remote\nattacker could send a specially crafted MSNSLP invitation request,\nwhich once accepted by a valid Pidgin user, would lead to a denial of\nservice (Pidgin crash). (CVE-2009-3083)\n\nAll Pidgin users should upgrade to this updated package, which\ncontains backported patches to resolve these issues. Pidgin must be\nrestarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2703\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3083\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3615\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1535\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pidgin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/09/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1535\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"pidgin-1.5.1-6.el3\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pidgin\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T13:44:34", "description": "An invalid pointer dereference bug was found in the way the Pidgin\nOSCAR protocol implementation processed lists of contacts. A remote\nattacker could send a specially crafted contact list to a user running\nPidgin, causing Pidgin to crash. (CVE-2009-3615)\n\nA NULL pointer dereference flaw was found in the way the Pidgin IRC\nprotocol plug-in handles IRC topics. A malicious IRC server could send\na specially crafted IRC TOPIC message, which once received by Pidgin,\nwould lead to a denial of service (Pidgin crash). (CVE-2009-2703) -\nSL3 only\n\nA NULL pointer dereference flaw was found in the way the Pidgin MSN\nprotocol plug-in handles improper MSNSLP invitations. A remote\nattacker could send a specially crafted MSNSLP invitation request,\nwhich once accepted by a valid Pidgin user, would lead to a denial of\nservice (Pidgin crash). (CVE-2009-3083) - SL3 only\n\nPidgin must be restarted for this update to take effect.", "edition": 25, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : pidgin on SL3.x, SL4.x, SL5.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3083", "CVE-2009-2703", "CVE-2009-3615"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20091029_PIDGIN_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60686", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60686);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2703\", \"CVE-2009-3083\", \"CVE-2009-3615\");\n\n script_name(english:\"Scientific Linux Security Update : pidgin on SL3.x, SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An invalid pointer dereference bug was found in the way the Pidgin\nOSCAR protocol implementation processed lists of contacts. A remote\nattacker could send a specially crafted contact list to a user running\nPidgin, causing Pidgin to crash. (CVE-2009-3615)\n\nA NULL pointer dereference flaw was found in the way the Pidgin IRC\nprotocol plug-in handles IRC topics. A malicious IRC server could send\na specially crafted IRC TOPIC message, which once received by Pidgin,\nwould lead to a denial of service (Pidgin crash). (CVE-2009-2703) -\nSL3 only\n\nA NULL pointer dereference flaw was found in the way the Pidgin MSN\nprotocol plug-in handles improper MSNSLP invitations. A remote\nattacker could send a specially crafted MSNSLP invitation request,\nwhich once accepted by a valid Pidgin user, would lead to a denial of\nservice (Pidgin crash). (CVE-2009-3083) - SL3 only\n\nPidgin must be restarted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0911&L=scientific-linux-errata&T=0&P=79\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a200d3a9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"pidgin-1.5.1-6.el3\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"finch-2.6.3-2.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"finch-devel-2.6.3-2.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libpurple-2.6.3-2.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libpurple-devel-2.6.3-2.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libpurple-perl-2.6.3-2.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libpurple-tcl-2.6.3-2.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"pidgin-2.6.3-2.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"pidgin-devel-2.6.3-2.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"pidgin-perl-2.6.3-2.el4\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"finch-2.6.3-2.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"finch-devel-2.6.3-2.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libpurple-2.6.3-2.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libpurple-devel-2.6.3-2.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libpurple-perl-2.6.3-2.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libpurple-tcl-2.6.3-2.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"pidgin-2.6.3-2.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"pidgin-devel-2.6.3-2.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"pidgin-perl-2.6.3-2.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T12:44:46", "description": "From Red Hat Security Advisory 2009:1535 :\n\nAn updated pidgin package that fixes several security issues is now\navailable for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nAn invalid pointer dereference bug was found in the way the Pidgin\nOSCAR protocol implementation processed lists of contacts. A remote\nattacker could send a specially crafted contact list to a user running\nPidgin, causing Pidgin to crash. (CVE-2009-3615)\n\nA NULL pointer dereference flaw was found in the way the Pidgin IRC\nprotocol plug-in handles IRC topics. A malicious IRC server could send\na specially crafted IRC TOPIC message, which once received by Pidgin,\nwould lead to a denial of service (Pidgin crash). (CVE-2009-2703)\n\nA NULL pointer dereference flaw was found in the way the Pidgin MSN\nprotocol plug-in handles improper MSNSLP invitations. A remote\nattacker could send a specially crafted MSNSLP invitation request,\nwhich once accepted by a valid Pidgin user, would lead to a denial of\nservice (Pidgin crash). (CVE-2009-3083)\n\nAll Pidgin users should upgrade to this updated package, which\ncontains backported patches to resolve these issues. Pidgin must be\nrestarted for this update to take effect.", "edition": 24, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 3 : pidgin (ELSA-2009-1535)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3083", "CVE-2009-2703", "CVE-2009-3615"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:pidgin", "cpe:/o:oracle:linux:3"], "id": "ORACLELINUX_ELSA-2009-1535.NASL", "href": "https://www.tenable.com/plugins/nessus/67950", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2009:1535 and \n# Oracle Linux Security Advisory ELSA-2009-1535 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67950);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2703\", \"CVE-2009-3083\", \"CVE-2009-3615\");\n script_bugtraq_id(36277);\n script_xref(name:\"RHSA\", value:\"2009:1535\");\n\n script_name(english:\"Oracle Linux 3 : pidgin (ELSA-2009-1535)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2009:1535 :\n\nAn updated pidgin package that fixes several security issues is now\navailable for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nAn invalid pointer dereference bug was found in the way the Pidgin\nOSCAR protocol implementation processed lists of contacts. A remote\nattacker could send a specially crafted contact list to a user running\nPidgin, causing Pidgin to crash. (CVE-2009-3615)\n\nA NULL pointer dereference flaw was found in the way the Pidgin IRC\nprotocol plug-in handles IRC topics. A malicious IRC server could send\na specially crafted IRC TOPIC message, which once received by Pidgin,\nwould lead to a denial of service (Pidgin crash). (CVE-2009-2703)\n\nA NULL pointer dereference flaw was found in the way the Pidgin MSN\nprotocol plug-in handles improper MSNSLP invitations. A remote\nattacker could send a specially crafted MSNSLP invitation request,\nwhich once accepted by a valid Pidgin user, would lead to a denial of\nservice (Pidgin crash). (CVE-2009-3083)\n\nAll Pidgin users should upgrade to this updated package, which\ncontains backported patches to resolve these issues. Pidgin must be\nrestarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-October/001226.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pidgin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/09/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"pidgin-1.5.1-6.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"pidgin-1.5.1-6.el3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pidgin\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:29", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3615"], "description": "[2.6.3-2]\n- Upstream backport:\n 3abad7606f4a2dfd1903df796f33924b12509a56 msn_servconn_disconnect-crash\n[2.6.3-1]\n- 2.6.3 CVE-2009-3615 ", "edition": 4, "modified": "2009-10-29T00:00:00", "published": "2009-10-29T00:00:00", "id": "ELSA-2009-1536", "href": "http://linux.oracle.com/errata/ELSA-2009-1536.html", "title": "pidgin security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:39:23", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3083", "CVE-2009-2703", "CVE-2009-3615"], "description": "[1.5.1-6]\n- CVE-2009-3615\n- CVE-2009-3083\n- CVE-2009-2703 ", "edition": 4, "modified": "2009-10-29T00:00:00", "published": "2009-10-29T00:00:00", "id": "ELSA-2009-1535", "href": "http://linux.oracle.com/errata/ELSA-2009-1535.html", "title": "pidgin security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "slackware": [{"lastseen": "2019-05-30T07:36:38", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3615"], "description": "New pidgin packages are available for Slackware 12.0, 12.1, 12.2, 13.0,\nand -current to fix a security issue.\n\nMore details about this issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3615\n\n\nHere are the details from the Slackware 13.0 ChangeLog:\n\npatches/packages/pidgin-2.6.3-i486-1_slack13.0.txz:\n This update fixes an issue where a remote user can cause libpurple-based\n clients to crash.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3615\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the &quot;Get Slack&quot; section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/pidgin-2.6.3-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/pidgin-2.6.3-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/pidgin-2.6.3-i486-1_slack12.2.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/pidgin-2.6.3-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/pidgin-2.6.3-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/pidgin-2.6.3-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/pidgin-2.6.3-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 12.0 package:\n2ebd4a84902d4818abf41ab8bbab51a2 pidgin-2.6.3-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\ndefa9ff74babdc19b387bfbb3484390b pidgin-2.6.3-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\na607298ba37e4c36209cc0f0c0746503 pidgin-2.6.3-i486-1_slack12.2.tgz\n\nSlackware 13.0 package:\n7680b89972f3746f95f3e89721bc5456 pidgin-2.6.3-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n5b601d403720ca39836e27b13a3eb4aa pidgin-2.6.3-x86_64-1_slack13.0.txz\n\nSlackware -current package:\nfe3e8eb2bb9cf6628f89a339e24b1f61 pidgin-2.6.3-i486-1.txz\n\nSlackware x86_64 -current package:\n9ff24734eafd69437d240154c5e5d8fb pidgin-2.6.3-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg pidgin-2.6.3-i486-1_slack13.0.txz", "modified": "2009-10-17T17:37:55", "published": "2009-10-17T17:37:55", "id": "SSA-2009-290-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.439800", "type": "slackware", "title": "pidgin", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:27:45", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3615"], "description": "**CentOS Errata and Security Advisory** CESA-2009:1536\n\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously. The AOL\nOpen System for Communication in Realtime (OSCAR) protocol is used by the\nAOL ICQ and AIM instant messaging systems.\n\nAn invalid pointer dereference bug was found in the way the Pidgin OSCAR\nprotocol implementation processed lists of contacts. A remote attacker\ncould send a specially-crafted contact list to a user running Pidgin,\ncausing Pidgin to crash. (CVE-2009-3615)\n\nThese packages upgrade Pidgin to version 2.6.3. Refer to the Pidgin release\nnotes for a full list of changes: http://developer.pidgin.im/wiki/ChangeLog\n\nAll Pidgin users should upgrade to these updated packages, which correct\nthis issue. Pidgin must be restarted for this update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-October/028304.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-October/028305.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-October/028330.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-October/028331.html\n\n**Affected packages:**\nfinch\nfinch-devel\nlibpurple\nlibpurple-devel\nlibpurple-perl\nlibpurple-tcl\npidgin\npidgin-devel\npidgin-perl\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1536.html", "edition": 3, "modified": "2009-10-30T21:28:21", "published": "2009-10-30T14:43:58", "href": "http://lists.centos.org/pipermail/centos-announce/2009-October/028304.html", "id": "CESA-2009:1536", "title": "finch, libpurple, pidgin security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-07-17T03:29:29", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3083", "CVE-2009-2703", "CVE-2009-3615"], "description": "**CentOS Errata and Security Advisory** CESA-2009:1535\n\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nAn invalid pointer dereference bug was found in the way the Pidgin OSCAR\nprotocol implementation processed lists of contacts. A remote attacker\ncould send a specially-crafted contact list to a user running Pidgin,\ncausing Pidgin to crash. (CVE-2009-3615)\n\nA NULL pointer dereference flaw was found in the way the Pidgin IRC\nprotocol plug-in handles IRC topics. A malicious IRC server could send a\nspecially-crafted IRC TOPIC message, which once received by Pidgin, would\nlead to a denial of service (Pidgin crash). (CVE-2009-2703)\n\nA NULL pointer dereference flaw was found in the way the Pidgin MSN\nprotocol plug-in handles improper MSNSLP invitations. A remote attacker\ncould send a specially-crafted MSNSLP invitation request, which once\naccepted by a valid Pidgin user, would lead to a denial of service (Pidgin\ncrash). (CVE-2009-3083)\n\nAll Pidgin users should upgrade to this updated package, which contains\nbackported patches to resolve these issues. Pidgin must be restarted for\nthis update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-October/028246.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-October/028247.html\n\n**Affected packages:**\npidgin\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1535.html", "edition": 5, "modified": "2009-10-29T19:15:07", "published": "2009-10-29T19:14:53", "href": "http://lists.centos.org/pipermail/centos-announce/2009-October/028246.html", "id": "CESA-2009:1535", "title": "pidgin security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2694", "CVE-2009-2703", "CVE-2009-3083", "CVE-2009-3084", "CVE-2009-3085", "CVE-2009-3615"], "description": "Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. Pidgin supports many common features of other clients, as well as many unique features, such as perl scripting, TCL scripting and C plugins. Pidgin is not affiliated with or endorsed by America Online, Inc., Microsoft Corporation, Yahoo! Inc., or ICQ Inc. ", "modified": "2009-10-21T00:56:06", "published": "2009-10-21T00:56:06", "id": "FEDORA:EFAD110F871", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: pidgin-2.6.3-2.fc10", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2694", "CVE-2009-2703", "CVE-2009-3083", "CVE-2009-3084", "CVE-2009-3085", "CVE-2009-3615"], "description": "Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. Pidgin supports many common features of other clients, as well as many unique features, such as perl scripting, TCL scripting and C plugins. Pidgin is not affiliated with or endorsed by America Online, Inc., Microsoft Corporation, Yahoo! Inc., or ICQ Inc. ", "modified": "2009-10-21T00:50:54", "published": "2009-10-21T00:50:54", "id": "FEDORA:9B57D10F88E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: pidgin-2.6.3-2.fc11", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2694", "CVE-2009-2703", "CVE-2009-3083", "CVE-2009-3084", "CVE-2009-3085", "CVE-2009-3615", "CVE-2010-0013"], "description": "Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. Pidgin supports many common features of other clients, as well as many unique features, such as perl scripting, TCL scripting and C plugins. Pidgin is not affiliated with or endorsed by America Online, Inc., Microsoft Corporation, Yahoo! Inc., or ICQ Inc. ", "modified": "2010-01-12T20:51:38", "published": "2010-01-12T20:51:38", "id": "FEDORA:BE58011032B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: pidgin-2.6.5-1.fc11", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2694", "CVE-2009-2703", "CVE-2009-3083", "CVE-2009-3084", "CVE-2009-3085", "CVE-2009-3615", "CVE-2010-0013", "CVE-2010-0277", "CVE-2010-0420", "CVE-2010-0423"], "description": "Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. Pidgin supports many common features of other clients, as well as many unique features, such as perl scripting, TCL scripting and C plugins. Pidgin is not affiliated with or endorsed by America Online, Inc., Microsoft Corporation, Yahoo! Inc., or ICQ Inc. ", "modified": "2010-02-20T00:09:24", "published": "2010-02-20T00:09:24", "id": "FEDORA:55A0510FB02", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: pidgin-2.6.6-1.fc11", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2694", "CVE-2009-2703", "CVE-2009-3083", "CVE-2009-3084", "CVE-2009-3085", "CVE-2009-3615", "CVE-2010-0013", "CVE-2010-0277", "CVE-2010-0420", "CVE-2010-0423", "CVE-2010-1624"], "description": "Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. Pidgin supports many common features of other clients, as well as many unique features, such as perl scripting, TCL scripting and C plugins. Pidgin is not affiliated with or endorsed by America Online, Inc., Microsoft Corporation, Yahoo! Inc., or ICQ Inc. ", "modified": "2010-05-24T19:40:10", "published": "2010-05-24T19:40:10", "id": "FEDORA:DCDD0111181", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: pidgin-2.7.0-2.fc11", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-08T23:32:00", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3085", "CVE-2009-3083", "CVE-2009-1376", "CVE-2009-3026", "CVE-2010-0013", "CVE-2009-2703", "CVE-2009-3615", "CVE-2008-2955"], "description": "It was discovered that Pidgin did not properly handle certain topic \nmessages in the IRC protocol handler. If a user were tricked into \nconnecting to a malicious IRC server, an attacker could cause Pidgin to \ncrash, leading to a denial of service. This issue only affected Ubuntu 8.04 \nLTS, Ubuntu 8.10 and Ubuntu 9.04. (CVE-2009-2703)\n\nIt was discovered that Pidgin did not properly enforce the \"require \nTLS/SSL\" setting when connecting to certain older Jabber servers. If a \nremote attacker were able to perform a man-in-the-middle attack, this flaw \ncould be exploited to view sensitive information. This issue only affected \nUbuntu 8.04 LTS, Ubuntu 8.10 and Ubuntu 9.04. (CVE-2009-3026)\n\nIt was discovered that Pidgin did not properly handle certain SLP invite \nmessages in the MSN protocol handler. A remote attacker could send a \nspecially crafted invite message and cause Pidgin to crash, leading to a \ndenial of service. This issue only affected Ubuntu 8.04 LTS, Ubuntu 8.10 \nand Ubuntu 9.04. (CVE-2009-3083)\n\nIt was discovered that Pidgin did not properly handle certain errors in the \nXMPP protocol handler. A remote attacker could send a specially crafted \nmessage and cause Pidgin to crash, leading to a denial of service. This \nissue only affected Ubuntu 8.10 and Ubuntu 9.04. (CVE-2009-3085)\n\nIt was discovered that Pidgin did not properly handle malformed \ncontact-list data in the OSCAR protocol handler. A remote attacker could \nsend specially crafted contact-list data and cause Pidgin to crash, leading \nto a denial of service. (CVE-2009-3615)\n\nIt was discovered that Pidgin did not properly handle custom smiley \nrequests in the MSN protocol handler. A remote attacker could send a \nspecially crafted filename in a custom smiley request and obtain arbitrary \nfiles via directory traversal. This issue only affected Ubuntu 8.10, Ubuntu \n9.04 and Ubuntu 9.10. (CVE-2010-0013)\n\nPidgin for Ubuntu 8.04 LTS was also updated to fix connection issues with \nthe MSN protocol.\n\nUSN-675-1 and USN-781-1 provided updated Pidgin packages to fix multiple \nsecurity vulnerabilities in Ubuntu 8.04 LTS. The security patches to fix \nCVE-2008-2955 and CVE-2009-1376 were incomplete. This update corrects the \nproblem. Original advisory details:\n\nIt was discovered that Pidgin did not properly handle file transfers \ncontaining a long filename and special characters in the MSN protocol \nhandler. A remote attacker could send a specially crafted filename in a \nfile transfer request and cause Pidgin to crash, leading to a denial of \nservice. (CVE-2008-2955)\n\nIt was discovered that Pidgin did not properly handle certain malformed \nmessages in the MSN protocol handler. A remote attacker could send a \nspecially crafted message and possibly execute arbitrary code with user \nprivileges. (CVE-2009-1376)", "edition": 5, "modified": "2010-01-18T00:00:00", "published": "2010-01-18T00:00:00", "id": "USN-886-1", "href": "https://ubuntu.com/security/notices/USN-886-1", "title": "Pidgin vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}