Lucene search
This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.SUSE_FINCH-6856.NASLHistoryJan 27, 2011 - 12:00 a.m.
SuSE 10 Security Update : pidgin (ZYPP Patch Number 6856)
2011-01-2700:00:00
This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.
www.tenable.com
15
This update of pidgin fixes various security vulnerabilities :
- Remote file disclosure vulnerability by using the MSN protocol. CVE-2010-0277: CVSS v2 Base Score: 4.9:
Resource Management Errors (CWE-399) MSN protocol plugin in libpurple allowed remote attackers to cause a denial of service (memory corruption) at least. CVE-2010-0420:
Same nick names in XMPP MUC lead to a crash in finch.
CVE-2010-0423: A remote denial of service attack (resource consumption) is possible by sending an IM with a lot of smilies in it. (CVE-2010-0013: CVSS v2 Base Score: 4.3: Path Traversal (CWE-22))
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The text description of this plugin is (C) Novell, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(51727);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2010-0013", "CVE-2010-0277", "CVE-2010-0420", "CVE-2010-0423");
script_name(english:"SuSE 10 Security Update : pidgin (ZYPP Patch Number 6856)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote SuSE 10 host is missing a security-related patch."
);
script_set_attribute(
attribute:"description",
value:
"This update of pidgin fixes various security vulnerabilities :
- Remote file disclosure vulnerability by using the MSN
protocol. CVE-2010-0277: CVSS v2 Base Score: 4.9:
Resource Management Errors (CWE-399) MSN protocol plugin
in libpurple allowed remote attackers to cause a denial
of service (memory corruption) at least. CVE-2010-0420:
Same nick names in XMPP MUC lead to a crash in finch.
CVE-2010-0423: A remote denial of service attack
(resource consumption) is possible by sending an IM with
a lot of smilies in it. (CVE-2010-0013: CVSS v2 Base
Score: 4.3: Path Traversal (CWE-22))"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-0013.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-0277.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-0420.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-0423.html"
);
script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 6856.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_cwe_id(20, 22, 399);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
script_set_attribute(attribute:"patch_publication_date", value:"2010/02/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2011/01/27");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
flag = 0;
if (rpm_check(release:"SLED10", sp:2, reference:"finch-2.6.6-0.4.1")) flag++;
if (rpm_check(release:"SLED10", sp:2, reference:"libpurple-2.6.6-0.4.1")) flag++;
if (rpm_check(release:"SLED10", sp:2, reference:"pidgin-2.6.6-0.4.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else exit(0, "The host is not affected.");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| suse | suse_linux | cpe:/o:suse:suse_linux |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0013
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0277
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0420
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0423
support.novell.com/security/cve/CVE-2010-0013.html
support.novell.com/security/cve/CVE-2010-0277.html
support.novell.com/security/cve/CVE-2010-0420.html
support.novell.com/security/cve/CVE-2010-0423.html
Related
openvas
openvas
Fedora Update for pidgin FEDORA-2010-1383
2010-03-02 00:00:00
FreeBSD Ports: pidgin
2010-05-04 00:00:00
Fedora Update for pidgin FEDORA-2010-1383
2010-03-02 00:00:00
nessus
nessus
openSUSE Security Update : finch (finch-2032)
2010-03-04 00:00:00
Fedora 12 : pidgin-2.6.6-1.fc12 (2010-1383)
2010-07-01 00:00:00
SuSE 11 Security Update : pidgin (SAT Patch Number 2019)
2010-03-03 00:00:00
debian
debian
[Backports-security-announce] Security Update for pidgin
2010-02-18 22:27:39
[Backports-security-announce] Security Update for pidgin
2010-02-18 22:17:54
[SECURITY] [DSA 2038-2] New pidgin packages fix regression
2010-05-17 20:37:56
fedora
fedora
[SECURITY] Fedora 12 Update: pidgin-2.6.6-1.fc12
2010-02-20 00:26:26
[SECURITY] Fedora 12 Update: pidgin-2.7.0-2.fc12
2010-05-24 19:48:53
[SECURITY] Fedora 13 Update: pidgin-2.6.6-1.fc13
2010-02-20 00:13:53
redhat
redhat
(RHSA-2010:0115) Moderate: pidgin security update
2010-02-18 00:00:00
(RHSA-2010:0044) Important: pidgin security update
2010-01-14 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package pidgin version 2.6.6-alt1
2010-02-22 00:00:00
Security fix for the ALT Linux 5 package pidgin-mini version 2.7.1-alt1
2010-06-13 00:00:00
oraclelinux
oraclelinux
pidgin security update
2010-02-18 00:00:00
pidgin security update
2010-01-14 00:00:00
ubuntu
ubuntu
Pidgin vulnerabilities
2010-02-22 00:00:00
Pidgin vulnerabilities
2010-01-18 00:00:00
securityvulns
securityvulns
Pidgin / Adium messenger multiple security vulnerabilities
2010-02-19 00:00:00
[ MDVSA-2010:041 ] pidgin
2010-02-19 00:00:00
HP Power Manager crossite request forgery
2011-02-14 00:00:00
seebug
seebug
Pidgin多个拒绝服务漏洞
2010-03-02 00:00:00
Pidgin MSN <= 2.6.4 File Download Vulnerability
2014-07-01 00:00:00
freebsd
freebsd
pidgin -- multiple remote denial of service vulnerabilities
2010-02-18 00:00:00
centos
centos
finch, libpurple, pidgin security update
2010-02-20 00:04:47
finch, libpurple, pidgin security update
2010-01-14 21:33:39
slackware
slackware
[slackware-security] pidgin
2010-03-11 02:17:44
[slackware-security] pidgin
2010-01-25 05:20:22
debiancve
debiancve
prion
prion
Memory corruption
2010-01-09 18:30:00
Code injection
2010-02-24 18:30:00
Code injection
2010-02-24 18:30:00
cve
cve
ubuntucve
ubuntucve
osv
osv
pidgin - denial of service
2010-04-18 00:00:00
packetstorm
packetstorm
Pidgin MSN 2.6.4 File Download
2010-01-20 00:00:00
exploitpack
exploitpack
Pidgin MSN 2.6.4 - File Download
2010-01-19 00:00:00
veracode
veracode
Directory Traversal
2020-04-10 00:43:30
Denial Of Service (DoS)
2020-04-10 00:40:21
Denial Of Service (DoS)
2020-04-10 00:40:21
exploitdb
exploitdb
Pidgin MSN 2.6.4 - File Download
2010-01-19 00:00:00
gentoo
gentoo
Pidgin: Multiple vulnerabilities
2012-06-21 00:00:00
Related for SUSE_FINCH-6856.NASL