Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2011-2021 Tenable Network Security, Inc.MANDRIVA_MDVSA-2011-183.NASL
HistoryDec 12, 2011 - 12:00 a.m.

Mandriva Linux Security Advisory : pidgin (MDVSA-2011:183)

2011-12-1200:00:00
This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.
www.tenable.com
7
JSON

Multiple vulnerabilities has been discovered and corrected in pidgin :

When receiving various stanzas related to voice and video chat, the XMPP protocol plugin failed to ensure that the incoming message contained all required fields, and would crash if certain fields were missing.

When receiving various messages related to requesting or receiving authorization for adding a buddy to a buddy list, the oscar protocol plugin failed to validate that a piece of text was UTF-8. In some cases invalid UTF-8 data would lead to a crash (CVE-2011-4601).

When receiving various incoming messages, the SILC protocol plugin failed to validate that a piece of text was UTF-8. In some cases invalid UTF-8 data would lead to a crash (CVE-2011-3594).

This update provides pidgin 2.10.1, which is not vulnerable to these issues.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandriva Linux Security Advisory MDVSA-2011:183. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(57079);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2011-3594", "CVE-2011-4601");
  script_bugtraq_id(49912, 51010);
  script_xref(name:"MDVSA", value:"2011:183");

  script_name(english:"Mandriva Linux Security Advisory : pidgin (MDVSA-2011:183)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandriva Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple vulnerabilities has been discovered and corrected in pidgin :

When receiving various stanzas related to voice and video chat, the
XMPP protocol plugin failed to ensure that the incoming message
contained all required fields, and would crash if certain fields were
missing.

When receiving various messages related to requesting or receiving
authorization for adding a buddy to a buddy list, the oscar protocol
plugin failed to validate that a piece of text was UTF-8. In some
cases invalid UTF-8 data would lead to a crash (CVE-2011-4601).

When receiving various incoming messages, the SILC protocol plugin
failed to validate that a piece of text was UTF-8. In some cases
invalid UTF-8 data would lead to a crash (CVE-2011-3594).

This update provides pidgin 2.10.1, which is not vulnerable to these
issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://pidgin.im/news/security/?id=56"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://pidgin.im/news/security/?id=57"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://pidgin.im/news/security/?id=58"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.pidgin.im/news/security/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:finch");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64finch0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64purple-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64purple0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libfinch0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpurple-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpurple0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-bonjour");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-gevolution");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-i18n");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-meanwhile");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-perl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-plugins");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-silc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:pidgin-tcl");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2011");

  script_set_attribute(attribute:"patch_publication_date", value:"2011/12/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/12");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK2010.1", reference:"finch-2.10.1-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64finch0-2.10.1-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64purple-devel-2.10.1-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64purple0-2.10.1-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libfinch0-2.10.1-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libpurple-devel-2.10.1-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libpurple0-2.10.1-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"pidgin-2.10.1-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"pidgin-bonjour-2.10.1-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"pidgin-client-2.10.1-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"pidgin-gevolution-2.10.1-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"pidgin-i18n-2.10.1-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"pidgin-meanwhile-2.10.1-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"pidgin-perl-2.10.1-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"pidgin-plugins-2.10.1-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"pidgin-silc-2.10.1-0.1mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"pidgin-tcl-2.10.1-0.1mdv2010.2", yank:"mdv")) flag++;

if (rpm_check(release:"MDK2011", reference:"finch-2.10.1-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64finch0-2.10.1-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64purple-devel-2.10.1-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64purple0-2.10.1-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libfinch0-2.10.1-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libpurple-devel-2.10.1-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libpurple0-2.10.1-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"pidgin-2.10.1-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"pidgin-bonjour-2.10.1-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"pidgin-client-2.10.1-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"pidgin-gevolution-2.10.1-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"pidgin-i18n-2.10.1-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"pidgin-meanwhile-2.10.1-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"pidgin-perl-2.10.1-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"pidgin-plugins-2.10.1-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"pidgin-silc-2.10.1-0.1-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"pidgin-tcl-2.10.1-0.1-mdv2011.0", yank:"mdv")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxfinchp-cpe:/a:mandriva:linux:finch
mandrivalinuxlib64finch0p-cpe:/a:mandriva:linux:lib64finch0
mandrivalinuxlib64purple-develp-cpe:/a:mandriva:linux:lib64purple-devel
mandrivalinuxlib64purple0p-cpe:/a:mandriva:linux:lib64purple0
mandrivalinuxlibfinch0p-cpe:/a:mandriva:linux:libfinch0
mandrivalinuxlibpurple-develp-cpe:/a:mandriva:linux:libpurple-devel
mandrivalinuxlibpurple0p-cpe:/a:mandriva:linux:libpurple0
mandrivalinuxpidginp-cpe:/a:mandriva:linux:pidgin
mandrivalinuxpidgin-bonjourp-cpe:/a:mandriva:linux:pidgin-bonjour
mandrivalinuxpidgin-clientp-cpe:/a:mandriva:linux:pidgin-client
Rows per page:
1-10 of 191

Related

nessus 29
openvas 49
securityvulns 3
fedora 7
altlinux 4
seebug 2
prion 3
veracode 2
debiancve 3
cve 3
ubuntucve 3
redhat 3
oraclelinux 4
centos 3
ubuntu 2
gentoo 1
nessus
nessus
openSUSE Security Update : pidgin (openSUSE-2012-29)
2014-06-13 00:00:00
Fedora 16 : pidgin-2.10.1-1.fc16 (2011-17558)
2012-01-06 00:00:00
Fedora 15 : pidgin-2.10.1-1.fc15 (2011-17546)
2012-01-09 00:00:00
openvas
openvas
Mandriva Update for pidgin MDVSA-2011:183 (pidgin)
2011-12-12 00:00:00
Mandriva Update for pidgin MDVSA-2011:183 (pidgin)
2011-12-12 00:00:00
Fedora Update for pidgin FEDORA-2011-17558
2012-04-02 00:00:00
securityvulns
securityvulns
libpurple / Pidgin DoS
2011-12-19 00:00:00
[ MDVSA-2011:183 ] pidgin
2011-12-19 00:00:00
[USN-1273-1] Pidgin vulnerabilities
2011-11-27 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: pidgin-2.10.2-1.fc16
2012-03-24 23:21:18
[SECURITY] Fedora 16 Update: pidgin-2.10.1-1.fc16
2012-01-05 20:55:17
[SECURITY] Fedora 15 Update: pidgin-2.10.2-1.fc15
2012-04-01 00:30:30
altlinux
altlinux
Security fix for the ALT Linux 5 package pidgin version 2.10.1-alt1
2012-01-10 00:00:00
Security fix for the ALT Linux 5 package pidgin version 2.10.1-alt0.M50P.1
2012-03-13 00:00:00
Security fix for the ALT Linux 6 package pidgin version 2.10.1-alt0.M60P.1
2012-03-13 00:00:00
seebug
seebug
Pidgin OSCAR协议UTF-8消息拒绝服务漏洞
2011-12-14 00:00:00
Pidgin "silc_private_message()"拒绝服务漏洞
2011-11-22 00:00:00
prion
prion
Design/Logic Flaw
2011-12-25 01:55:00
Out-of-bounds
2011-11-04 21:55:00
Design/Logic Flaw
2011-12-17 03:54:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 01:06:11
Denial Of Service (DoS)
2020-04-10 01:03:46
debiancve
debiancve
CVE-2011-4601
2011-12-25 01:55:00
CVE-2011-3594
2011-11-04 21:55:00
CVE-2011-4603
2011-12-17 03:54:00
cve
cve
CVE-2011-4601
2011-12-25 01:55:00
CVE-2011-3594
2011-11-04 21:55:00
CVE-2011-4603
2011-12-17 03:54:00
ubuntucve
ubuntucve
CVE-2011-4601
2011-12-24 00:00:00
CVE-2011-3594
2011-11-04 00:00:00
CVE-2011-4603
2011-12-16 00:00:00
redhat
redhat
(RHSA-2011:1821) Moderate: pidgin security update
2011-12-14 00:00:00
(RHSA-2011:1371) Moderate: pidgin security update
2011-10-13 00:00:00
(RHSA-2011:1820) Moderate: pidgin security update
2011-12-14 00:00:00
oraclelinux
oraclelinux
pidgin security update
2011-12-16 00:00:00
pidgin security update
2011-10-14 00:00:00
pidgin security update
2011-12-14 00:00:00
centos
centos
finch, libpurple, pidgin security update
2011-12-22 15:52:55
finch, libpurple, pidgin security update
2011-10-14 18:48:12
finch, libpurple, pidgin security update
2011-12-14 19:41:24
ubuntu
ubuntu
Pidgin vulnerabilities
2011-11-21 00:00:00
Pidgin vulnerabilities
2012-07-09 00:00:00
gentoo
gentoo
Pidgin: Multiple vulnerabilities
2012-06-21 00:00:00
JSON
Related for MANDRIVA_MDVSA-2011-183.NASL
nessus29openvas49securityvulns3fedora7altlinux4seebug2prion3veracode2debiancve3cve3ubuntucve3redhat3oraclelinux4centos3ubuntu2gentoo1