6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.7 High
AI Score
Confidence
High
0.011 Low
EPSS
Percentile
84.2%
According to the versions of the pidgin package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(130684);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/15");
script_cve_id(
"CVE-2016-2365",
"CVE-2016-2366",
"CVE-2016-2367",
"CVE-2016-2369",
"CVE-2016-2370",
"CVE-2016-2371",
"CVE-2016-2372",
"CVE-2016-2373",
"CVE-2016-2374",
"CVE-2016-2375",
"CVE-2016-2376",
"CVE-2016-2377",
"CVE-2016-2378",
"CVE-2016-2380",
"CVE-2016-4323"
);
script_name(english:"EulerOS 2.0 SP5 : pidgin (EulerOS-SA-2019-2222)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the pidgin package installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :
- Pidgin is an instant messaging program which can log in
to multiple accounts on multiple instant messaging
networks simultaneously.Security Fix(es):A buffer
overflow vulnerability exists in the handling of the
MXIT protocol Pidgin. Specially crafted data sent via
the server could potentially result in a buffer
overflow, potentially resulting in memory corruption. A
malicious server or an unfiltered malicious user can
send negative length values to trigger this
vulnerability.(CVE-2016-2378)A buffer overflow
vulnerability exists in the handling of the MXIT
protocol in Pidgin. Specially crafted MXIT data sent
from the server could potentially result in arbitrary
code execution. A malicious server or an attacker who
intercepts the network traffic can send an invalid size
for a packet which will trigger a buffer
overflow.(CVE-2016-2376)An exploitable out-of-bounds
read exists in the handling of the MXIT protocol in
Pidgin. Specially crafted MXIT contact information sent
from the server can result in memory
disclosure.(CVE-2016-2375)An exploitable memory
corruption vulnerability exists in the handling of the
MXIT protocol in Pidgin. Specially crafted MXIT MultiMX
message sent via the server can result in an
out-of-bounds write leading to memory disclosure and
code execution.(CVE-2016-2374)A buffer overflow
vulnerability exists in the handling of the MXIT
protocol in Pidgin. Specially crafted MXIT data sent by
the server could potentially result in an out-of-bounds
write of one byte. A malicious server can send a
negative content-length in response to a HTTP request
triggering the vulnerability.(CVE-2016-2377)A denial of
service vulnerability exists in the handling of the
MXIT protocol in Pidgin. Specially crafted MXIT data
sent via the server could potentially result in an
out-of-bounds read. A malicious server or user can send
an invalid mood to trigger this
vulnerability.(CVE-2016-2373)An out-of-bounds write
vulnerability exists in the handling of the MXIT
protocol in Pidgin. Specially crafted MXIT data sent
via the server could cause memory corruption resulting
in code execution.(CVE-2016-2371)A directory traversal
exists in the handling of the MXIT protocol in Pidgin.
Specially crafted MXIT data sent from the server could
potentially result in an overwrite of files. A
malicious server or someone with access to the network
traffic can provide an invalid filename for a splash
image triggering the vulnerability.(CVE-2016-4323)An
information leak exists in the handling of the MXIT
protocol in Pidgin. Specially crafted MXIT data sent to
the server could potentially result in an out-of-bounds
read. A user could be convinced to enter a particular
string which would then get converted incorrectly and
could lead to a potential out-of-bounds
read.(CVE-2016-2380)An information leak exists in the
handling of the MXIT protocol in Pidgin. Specially
crafted MXIT data sent via the server could potentially
result in an out-of-bounds read. A malicious user,
server, or man-in-the-middle attacker can send an
invalid size for a file transfer which will trigger an
out-of-bounds read vulnerability. This could result in
a denial of service or copy data from memory to the
file, resulting in an information leak if the file is
sent to another user.(CVE-2016-2372)A NULL pointer
dereference vulnerability exists in the handling of the
MXIT protocol in Pidgin. Specially crafted MXIT data
sent via the server could potentially result in a
denial of service vulnerability. A malicious server can
send a packet starting with a NULL byte triggering the
vulnerability.(CVE-2016-2369)A denial of service
vulnerability exists in the handling of the MXIT
protocol in Pidgin. Specially crafted MXIT data sent
from the server could potentially result in an
out-of-bounds read. A malicious server or
man-in-the-middle attacker can send invalid data to
trigger this vulnerability.(CVE-2016-2370)A denial of
service vulnerability exists in the handling of the
MXIT protocol in Pidgin. Specially crafted MXIT data
sent via the server could potentially result in a null
pointer dereference. A malicious server or an attacker
who intercepts the network traffic can send invalid
data to trigger this vulnerability and cause a
crash.(CVE-2016-2365)A denial of service vulnerability
exists in the handling of the MXIT protocol in Pidgin.
Specially crafted MXIT data sent via the server could
potentially result in an out-of-bounds read. A
malicious server or an attacker who intercepts the
network traffic can send invalid data to trigger this
vulnerability and cause a crash.(CVE-2016-2366)An
information leak exists in the handling of the MXIT
protocol in Pidgin. Specially crafted MXIT data sent
via the server could potentially result in an
out-of-bounds read. A malicious user, server, or
man-in-the-middle can send an invalid size for an
avatar which will trigger an out-of-bounds read
vulnerability. This could result in a denial of service
or copy data from memory to the file, resulting in an
information leak if the avatar is sent to another
user.(CVE-2016-2367)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2222
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?02e21c73");
script_set_attribute(attribute:"solution", value:
"Update the affected pidgin packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-2378");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2019/10/29");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/08");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libpurple");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["libpurple-2.10.11-7.h4.eulerosv2r7"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pidgin");
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2365
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2366
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2367
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2369
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2370
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2371
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2372
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2373
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2374
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2375
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2376
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2377
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2378
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2380
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4323
www.nessus.org/u?02e21c73
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.7 High
AI Score
Confidence
High
0.011 Low
EPSS
Percentile
84.2%