Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-1014-1.NASL
HistoryNov 05, 2010 - 12:00 a.m.

Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : pidgin vulnerabilities (USN-1014-1)

2010-11-0500:00:00
Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15
JSON

Pierre Nogues discovered that Pidgin incorrectly handled malformed SLP messages in the MSN protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-1624)

Daniel Atallah discovered that Pidgin incorrectly handled the return code of the Base64 decoding function. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. (CVE-2010-3711).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-1014-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(50492);
  script_version("1.10");
  script_cvs_date("Date: 2019/09/19 12:54:26");

  script_cve_id("CVE-2010-1624", "CVE-2010-3711");
  script_bugtraq_id(40138, 44283);
  script_xref(name:"USN", value:"1014-1");

  script_name(english:"Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : pidgin vulnerabilities (USN-1014-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Pierre Nogues discovered that Pidgin incorrectly handled malformed
SLP messages in the MSN protocol handler. A remote attacker could send
a specially crafted message and cause Pidgin to crash, leading to a
denial of service. This issue only affected Ubuntu 8.04 LTS, 9.10 and
10.04 LTS. (CVE-2010-1624)

Daniel Atallah discovered that Pidgin incorrectly handled the return
code of the Base64 decoding function. A remote attacker could send a
specially crafted message and cause Pidgin to crash, leading to a
denial of service. (CVE-2010-3711).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/1014-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:finch");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:finch-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gaim");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpurple-bin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpurple-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpurple0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:pidgin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:pidgin-data");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:pidgin-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:pidgin-dev");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.10");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/05/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/11/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/11/05");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(8\.04|9\.10|10\.04|10\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 8.04 / 9.10 / 10.04 / 10.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"8.04", pkgname:"finch", pkgver:"2.4.1-1ubuntu2.10")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"finch-dev", pkgver:"2.4.1-1ubuntu2.10")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"gaim", pkgver:"2.4.1-1ubuntu2.10")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libpurple-bin", pkgver:"2.4.1-1ubuntu2.10")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libpurple-dev", pkgver:"2.4.1-1ubuntu2.10")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libpurple0", pkgver:"2.4.1-1ubuntu2.10")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"pidgin", pkgver:"1:2.4.1-1ubuntu2.10")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"pidgin-data", pkgver:"2.4.1-1ubuntu2.10")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"pidgin-dbg", pkgver:"2.4.1-1ubuntu2.10")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"pidgin-dev", pkgver:"2.4.1-1ubuntu2.10")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"finch", pkgver:"2.6.2-1ubuntu7.3")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"finch-dev", pkgver:"2.6.2-1ubuntu7.3")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"libpurple-bin", pkgver:"2.6.2-1ubuntu7.3")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"libpurple-dev", pkgver:"2.6.2-1ubuntu7.3")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"libpurple0", pkgver:"2.6.2-1ubuntu7.3")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"pidgin", pkgver:"1:2.6.2-1ubuntu7.3")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"pidgin-data", pkgver:"2.6.2-1ubuntu7.3")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"pidgin-dbg", pkgver:"2.6.2-1ubuntu7.3")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"pidgin-dev", pkgver:"2.6.2-1ubuntu7.3")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"finch", pkgver:"2.6.6-1ubuntu4.1")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"finch-dev", pkgver:"2.6.6-1ubuntu4.1")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"libpurple-bin", pkgver:"2.6.6-1ubuntu4.1")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"libpurple-dev", pkgver:"2.6.6-1ubuntu4.1")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"libpurple0", pkgver:"2.6.6-1ubuntu4.1")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"pidgin", pkgver:"1:2.6.6-1ubuntu4.1")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"pidgin-data", pkgver:"2.6.6-1ubuntu4.1")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"pidgin-dbg", pkgver:"2.6.6-1ubuntu4.1")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"pidgin-dev", pkgver:"2.6.6-1ubuntu4.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"finch", pkgver:"2.7.3-1ubuntu3.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"finch-dev", pkgver:"2.7.3-1ubuntu3.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"libpurple-bin", pkgver:"2.7.3-1ubuntu3.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"libpurple-dev", pkgver:"2.7.3-1ubuntu3.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"libpurple0", pkgver:"2.7.3-1ubuntu3.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"pidgin", pkgver:"1:2.7.3-1ubuntu3.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"pidgin-data", pkgver:"2.7.3-1ubuntu3.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"pidgin-dbg", pkgver:"2.7.3-1ubuntu3.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"pidgin-dev", pkgver:"2.7.3-1ubuntu3.1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "finch / finch-dev / gaim / libpurple-bin / libpurple-dev / etc");
}
VendorProductVersionCPE
canonicalubuntu_linuxfinchp-cpe:/a:canonical:ubuntu_linux:finch
canonicalubuntu_linuxfinch-devp-cpe:/a:canonical:ubuntu_linux:finch-dev
canonicalubuntu_linuxgaimp-cpe:/a:canonical:ubuntu_linux:gaim
canonicalubuntu_linuxlibpurple-binp-cpe:/a:canonical:ubuntu_linux:libpurple-bin
canonicalubuntu_linuxlibpurple-devp-cpe:/a:canonical:ubuntu_linux:libpurple-dev
canonicalubuntu_linuxlibpurple0p-cpe:/a:canonical:ubuntu_linux:libpurple0
canonicalubuntu_linuxpidginp-cpe:/a:canonical:ubuntu_linux:pidgin
canonicalubuntu_linuxpidgin-datap-cpe:/a:canonical:ubuntu_linux:pidgin-data
canonicalubuntu_linuxpidgin-dbgp-cpe:/a:canonical:ubuntu_linux:pidgin-dbg
canonicalubuntu_linuxpidgin-devp-cpe:/a:canonical:ubuntu_linux:pidgin-dev
Rows per page:
1-10 of 141

Related

openvas 46
nessus 24
oraclelinux 3
redhat 2
centos 1
ubuntu 1
fedora 14
securityvulns 4
debian 4
slackware 2
prion 2
ubuntucve 2
cve 2
veracode 2
debiancve 2
altlinux 3
seebug 1
openvas
openvas
CentOS Update for finch CESA-2010:0788 centos4 i386
2010-11-04 00:00:00
CentOS Update for finch CESA-2010:0788 centos4 i386
2010-11-04 00:00:00
Ubuntu Update for pidgin vulnerabilities USN-1014-1
2010-11-16 00:00:00
nessus
nessus
Scientific Linux Security Update : pidgin on SL4.x, SL5.x i386/x86_64
2012-08-01 00:00:00
CentOS 4 / 5 : pidgin (CESA-2010:0788)
2010-11-24 00:00:00
RHEL 4 / 5 : pidgin (RHSA-2010:0788)
2010-10-22 00:00:00
oraclelinux
oraclelinux
pidgin security update
2010-10-21 00:00:00
pidgin security and bug fix update
2011-05-28 00:00:00
pidgin security update
2011-02-10 00:00:00
redhat
redhat
(RHSA-2010:0788) Moderate: pidgin security update
2010-10-21 00:00:00
(RHSA-2010:0890) Moderate: pidgin security update
2010-11-16 00:00:00
centos
centos
finch, libpurple, pidgin security update
2010-10-21 22:51:36
ubuntu
ubuntu
Pidgin vulnerabilities
2010-11-04 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: pidgin-2.7.4-1.fc13
2010-11-01 21:00:14
[SECURITY] Fedora 13 Update: pidgin-2.7.9-1.fc13
2011-01-07 20:01:11
[SECURITY] Fedora 13 Update: pidgin-2.7.11-1.fc13
2011-03-20 21:25:51
securityvulns
securityvulns
[ MDVSA-2010:097 ] pidgin
2010-05-20 00:00:00
libpurple / Pidgin DoS
2010-05-20 00:00:00
libpurple library / Pidgin DoS
2010-10-24 00:00:00
debian
debian
[Backports-security-announce] Security Update for pidgin
2010-05-19 06:48:59
[Backports-security-announce] Security Update for pidgin
2010-05-19 06:49:18
Subject: BSA-008 Security Update for pidgin
2010-10-22 11:36:43
slackware
slackware
[slackware-security] pidgin
2010-05-18 23:13:01
[slackware-security] pidgin
2010-11-02 01:47:57
prion
prion
Null pointer dereference
2010-05-14 19:30:00
Null pointer dereference
2010-10-28 00:00:00
ubuntucve
ubuntucve
CVE-2010-1624
2010-05-14 00:00:00
CVE-2010-3711
2010-10-27 00:00:00
cve
cve
CVE-2010-1624
2010-05-14 19:30:00
CVE-2010-3711
2010-10-28 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:53:04
Denial Of Service (DoS)
2020-04-10 00:48:55
debiancve
debiancve
CVE-2010-1624
2010-05-14 19:30:00
CVE-2010-3711
2010-10-28 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package pidgin-mini version 2.7.4-alt1
2010-10-21 00:00:00
Security fix for the ALT Linux 5 package pidgin-mini version 2.7.4-alt0.M50P.1
2010-11-12 00:00:00
Security fix for the ALT Linux 5 package pidgin-mini version 2.7.1-alt1
2010-06-13 00:00:00
seebug
seebug
Pidgin purple_base64_decode()ε‡½ζ•°η©ΊζŒ‡ι’ˆεΌ•η”¨ζ‹’η»ζœεŠ‘ζΌζ΄ž
2010-10-29 00:00:00
JSON
Related for UBUNTU_USN-1014-1.NASL
openvas46nessus24oraclelinux3redhat2centos1ubuntu1fedora14securityvulns4debian4slackware2prion2ubuntucve2cve2veracode2debiancve2altlinux3seebug1