Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-902-1.NASL
HistoryFeb 23, 2010 - 12:00 a.m.

Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : pidgin vulnerabilities (USN-902-1)

2010-02-2300:00:00
Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
6
JSON

Fabian Yamaguchi discovered that Pidgin incorrectly validated all fields of an incoming message in the MSN protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. (CVE-2010-0277)

Sadrul Habib Chowdhury discovered that Pidgin incorrectly handled certain nicknames in Finch group chat rooms. A remote attacker could use a specially crafted nickname and cause Pidgin to crash, leading to a denial of service. (CVE-2010-0420)

Antti Hayrynen discovered that Pidgin incorrectly handled large numbers of smileys. A remote attacker could send a specially crafted message and cause Pidgin to become unresponsive, leading to a denial of service. (CVE-2010-0423).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-902-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(44688);
  script_version("1.12");
  script_cvs_date("Date: 2019/09/19 12:54:26");

  script_cve_id("CVE-2010-0277", "CVE-2010-0420", "CVE-2010-0423");
  script_xref(name:"USN", value:"902-1");

  script_name(english:"Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : pidgin vulnerabilities (USN-902-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Fabian Yamaguchi discovered that Pidgin incorrectly validated all
fields of an incoming message in the MSN protocol handler. A remote
attacker could send a specially crafted message and cause Pidgin to
crash, leading to a denial of service. (CVE-2010-0277)

Sadrul Habib Chowdhury discovered that Pidgin incorrectly handled
certain nicknames in Finch group chat rooms. A remote attacker could
use a specially crafted nickname and cause Pidgin to crash, leading to
a denial of service. (CVE-2010-0420)

Antti Hayrynen discovered that Pidgin incorrectly handled large
numbers of smileys. A remote attacker could send a specially crafted
message and cause Pidgin to become unresponsive, leading to a denial
of service. (CVE-2010-0423).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/902-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_cwe_id(20, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:finch");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:finch-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gaim");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpurple-bin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpurple-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpurple0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:pidgin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:pidgin-data");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:pidgin-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:pidgin-dev");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.10");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/01/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/02/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/23");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(8\.04|8\.10|9\.04|9\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 8.04 / 8.10 / 9.04 / 9.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"8.04", pkgname:"finch", pkgver:"2.4.1-1ubuntu2.9")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"finch-dev", pkgver:"2.4.1-1ubuntu2.9")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"gaim", pkgver:"2.4.1-1ubuntu2.9")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libpurple-bin", pkgver:"2.4.1-1ubuntu2.9")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libpurple-dev", pkgver:"2.4.1-1ubuntu2.9")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libpurple0", pkgver:"2.4.1-1ubuntu2.9")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"pidgin", pkgver:"1:2.4.1-1ubuntu2.9")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"pidgin-data", pkgver:"2.4.1-1ubuntu2.9")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"pidgin-dbg", pkgver:"2.4.1-1ubuntu2.9")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"pidgin-dev", pkgver:"2.4.1-1ubuntu2.9")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"finch", pkgver:"2.5.2-0ubuntu1.7")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"finch-dev", pkgver:"2.5.2-0ubuntu1.7")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"libpurple-bin", pkgver:"2.5.2-0ubuntu1.7")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"libpurple-dev", pkgver:"2.5.2-0ubuntu1.7")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"libpurple0", pkgver:"2.5.2-0ubuntu1.7")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"pidgin", pkgver:"1:2.5.2-0ubuntu1.7")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"pidgin-data", pkgver:"2.5.2-0ubuntu1.7")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"pidgin-dbg", pkgver:"2.5.2-0ubuntu1.7")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"pidgin-dev", pkgver:"2.5.2-0ubuntu1.7")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"finch", pkgver:"2.5.5-1ubuntu8.6")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"finch-dev", pkgver:"2.5.5-1ubuntu8.6")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"libpurple-bin", pkgver:"2.5.5-1ubuntu8.6")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"libpurple-dev", pkgver:"2.5.5-1ubuntu8.6")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"libpurple0", pkgver:"2.5.5-1ubuntu8.6")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"pidgin", pkgver:"1:2.5.5-1ubuntu8.6")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"pidgin-data", pkgver:"2.5.5-1ubuntu8.6")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"pidgin-dbg", pkgver:"2.5.5-1ubuntu8.6")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"pidgin-dev", pkgver:"2.5.5-1ubuntu8.6")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"finch", pkgver:"2.6.2-1ubuntu7.2")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"finch-dev", pkgver:"2.6.2-1ubuntu7.2")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"libpurple-bin", pkgver:"2.6.2-1ubuntu7.2")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"libpurple-dev", pkgver:"2.6.2-1ubuntu7.2")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"libpurple0", pkgver:"2.6.2-1ubuntu7.2")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"pidgin", pkgver:"1:2.6.2-1ubuntu7.2")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"pidgin-data", pkgver:"2.6.2-1ubuntu7.2")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"pidgin-dbg", pkgver:"2.6.2-1ubuntu7.2")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"pidgin-dev", pkgver:"2.6.2-1ubuntu7.2")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "finch / finch-dev / gaim / libpurple-bin / libpurple-dev / etc");
}
VendorProductVersionCPE
canonicalubuntu_linuxfinchp-cpe:/a:canonical:ubuntu_linux:finch
canonicalubuntu_linuxfinch-devp-cpe:/a:canonical:ubuntu_linux:finch-dev
canonicalubuntu_linuxgaimp-cpe:/a:canonical:ubuntu_linux:gaim
canonicalubuntu_linuxlibpurple-binp-cpe:/a:canonical:ubuntu_linux:libpurple-bin
canonicalubuntu_linuxlibpurple-devp-cpe:/a:canonical:ubuntu_linux:libpurple-dev
canonicalubuntu_linuxlibpurple0p-cpe:/a:canonical:ubuntu_linux:libpurple0
canonicalubuntu_linuxpidginp-cpe:/a:canonical:ubuntu_linux:pidgin
canonicalubuntu_linuxpidgin-datap-cpe:/a:canonical:ubuntu_linux:pidgin-data
canonicalubuntu_linuxpidgin-dbgp-cpe:/a:canonical:ubuntu_linux:pidgin-dbg
canonicalubuntu_linuxpidgin-devp-cpe:/a:canonical:ubuntu_linux:pidgin-dev
Rows per page:
1-10 of 141

Related

nessus 22
redhat 1
openvas 41
altlinux 2
securityvulns 4
oraclelinux 1
fedora 7
ubuntu 1
seebug 1
freebsd 1
centos 1
slackware 1
debian 5
osv 1
prion 3
ubuntucve 3
veracode 3
cve 3
debiancve 3
nessus
nessus
Slackware 12.0 / 12.1 / 12.2 / 13.0 / current : pidgin (SSA:2010-069-01)
2010-03-11 00:00:00
Oracle Linux 4 : pidgin (ELSA-2010-0115)
2013-07-12 00:00:00
Mandriva Linux Security Advisory : pidgin (MDVSA-2010:041)
2010-02-19 00:00:00
redhat
redhat
(RHSA-2010:0115) Moderate: pidgin security update
2010-02-18 00:00:00
openvas
openvas
Mandriva Update for mjpegtools MDVA-2010:041 (mjpegtools)
2010-01-29 00:00:00
Mandriva Update for mjpegtools MDVA-2010:041 (mjpegtools)
2010-01-29 00:00:00
CentOS Update for finch CESA-2010:0115 centos4 i386
2010-02-22 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package pidgin version 2.6.6-alt1
2010-02-22 00:00:00
Security fix for the ALT Linux 5 package pidgin-mini version 2.7.1-alt1
2010-06-13 00:00:00
securityvulns
securityvulns
Pidgin / Adium messenger multiple security vulnerabilities
2010-02-19 00:00:00
[ MDVSA-2010:041 ] pidgin
2010-02-19 00:00:00
HP Power Manager crossite request forgery
2011-02-14 00:00:00
oraclelinux
oraclelinux
pidgin security update
2010-02-18 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: pidgin-2.6.6-1.fc13
2010-02-20 00:13:53
[SECURITY] Fedora 12 Update: pidgin-2.6.6-1.fc12
2010-02-20 00:26:26
[SECURITY] Fedora 12 Update: pidgin-2.7.0-2.fc12
2010-05-24 19:48:53
ubuntu
ubuntu
Pidgin vulnerabilities
2010-02-22 00:00:00
seebug
seebug
Pidgin倚δΈͺζ‹’η»ζœεŠ‘ζΌζ΄ž
2010-03-02 00:00:00
freebsd
freebsd
pidgin -- multiple remote denial of service vulnerabilities
2010-02-18 00:00:00
centos
centos
finch, libpurple, pidgin security update
2010-02-20 00:04:47
slackware
slackware
[slackware-security] pidgin
2010-03-11 02:17:44
debian
debian
[Backports-security-announce] Security Update for pidgin
2010-02-18 22:27:39
[Backports-security-announce] Security Update for pidgin
2010-02-18 22:17:54
[SECURITY] [DSA 2038-2] New pidgin packages fix regression
2010-05-17 20:37:56
osv
osv
pidgin - denial of service
2010-04-18 00:00:00
prion
prion
Code injection
2010-02-24 18:30:00
Code injection
2010-02-24 18:30:00
Memory corruption
2010-01-09 18:30:00
ubuntucve
ubuntucve
CVE-2010-0420
2010-02-18 00:00:00
CVE-2010-0423
2010-02-18 00:00:00
CVE-2010-0277
2010-01-09 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:40:21
Denial Of Service (DoS)
2020-04-10 00:40:21
Denial Of Service (DoS)
2020-04-10 00:40:22
cve
cve
CVE-2010-0420
2010-02-24 18:30:00
CVE-2010-0423
2010-02-24 18:30:00
CVE-2010-0277
2010-01-09 18:30:00
debiancve
debiancve
CVE-2010-0420
2010-02-24 18:30:00
CVE-2010-0423
2010-02-24 18:30:00
CVE-2010-0277
2010-01-09 18:30:00
JSON
Related for UBUNTU_USN-902-1.NASL
nessus22redhat1openvas41altlinux2securityvulns4oraclelinux1fedora7ubuntu1seebug1freebsd1centos1slackware1debian5osv1prion3ubuntucve3veracode3cve3debiancve3