ID OPENVAS:136141256231067503 Type openvas Reporter Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com Modified 2019-03-15T00:00:00
Description
The remote host is missing an update as announced
via advisory SSA:2010-138-01.
# OpenVAS Vulnerability Test
# $Id: esoft_slk_ssa_2010_138_01.nasl 14202 2019-03-15 09:16:15Z cfischer $
# Description: Auto-generated from the corresponding slackware advisory
#
# Authors:
# Thomas Reinke <reinke@securityspace.com>
#
# Copyright:
# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# or at your option, GNU General Public License version 3,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.67503");
script_tag(name:"creation_date", value:"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)");
script_tag(name:"last_modification", value:"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $");
script_cve_id("CVE-2010-1624");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_version("$Revision: 14202 $");
script_name("Slackware Advisory SSA:2010-138-01 pidgin");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
script_family("Slackware Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/slackware_linux", "ssh/login/slackpack", re:"ssh/login/release=SLK(12\.0|12\.1|12\.2|13\.0)");
script_xref(name:"URL", value:"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2010-138-01");
script_tag(name:"insight", value:"New pidgin packages are available for Slackware 12.0, 12.1, 12.2, 13.0,
and -current to fix a security issue.");
script_tag(name:"solution", value:"Upgrade to the new package(s).");
script_tag(name:"summary", value:"The remote host is missing an update as announced
via advisory SSA:2010-138-01.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-slack.inc");
report = "";
res = "";
if((res = isslkpkgvuln(pkg:"pidgin", ver:"2.7.0-i486-1_slack12.0", rls:"SLK12.0")) != NULL) {
report += res;
}
if((res = isslkpkgvuln(pkg:"pidgin", ver:"2.7.0-i486-1_slack12.1", rls:"SLK12.1")) != NULL) {
report += res;
}
if((res = isslkpkgvuln(pkg:"pidgin", ver:"2.7.0-i486-1_slack12.2", rls:"SLK12.2")) != NULL) {
report += res;
}
if((res = isslkpkgvuln(pkg:"pidgin", ver:"2.7.0-i486-1_slack13.0", rls:"SLK13.0")) != NULL) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
{"id": "OPENVAS:136141256231067503", "type": "openvas", "bulletinFamily": "scanner", "title": "Slackware Advisory SSA:2010-138-01 pidgin", "description": "The remote host is missing an update as announced\nvia advisory SSA:2010-138-01.", "published": "2012-09-11T00:00:00", "modified": "2019-03-15T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231067503", "reporter": "Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com", "references": ["https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2010-138-01"], "cvelist": ["CVE-2010-1624"], "lastseen": "2019-05-29T18:38:35", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-1624"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:23888", "SECURITYVULNS:VULN:10849"]}, {"type": "slackware", "idList": ["SSA-2010-138-01"]}, {"type": "debian", "idList": ["DEBIAN:9B357C4F24A7CE88EED84043584C1A4B:5F8CE"]}, {"type": "fedora", "idList": ["FEDORA:61D4510FCAD", "FEDORA:DF9FC110C29", "FEDORA:518CC110C68", "FEDORA:57837110FDA", "FEDORA:34A2D110F65", "FEDORA:E2504110F93", "FEDORA:8AF73111A2E", "FEDORA:DCDD0111181", "FEDORA:803A5111130"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310831051", "OPENVAS:831051", "OPENVAS:1361412562310870342", "OPENVAS:1361412562310880447", "OPENVAS:1361412562310840530", "OPENVAS:862282", "OPENVAS:840530", "OPENVAS:880618", "OPENVAS:880447", "OPENVAS:67503"]}, {"type": "nessus", "idList": ["SUSE_11_FINCH-111105.NASL", "CENTOS_RHSA-2010-0788.NASL", "FEDORA_2010-8503.NASL", "UBUNTU_USN-1014-1.NASL", "MANDRIVA_MDVSA-2010-097.NASL", "SLACKWARE_SSA_2010-138-01.NASL", "SL_20101021_PIDGIN_ON_SL4_X.NASL", "REDHAT-RHSA-2010-0788.NASL", "ORACLELINUX_ELSA-2010-0788.NASL", "FEDORA_2010-8524.NASL"]}, {"type": "centos", "idList": ["CESA-2010:0788"]}, {"type": "ubuntu", "idList": ["USN-1014-1"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-0616", "ELSA-2010-0788"]}, {"type": "redhat", "idList": ["RHSA-2010:0788"]}], "modified": "2019-05-29T18:38:35", "rev": 2}, "score": {"value": 6.8, "vector": "NONE", "modified": "2019-05-29T18:38:35", "rev": 2}, "vulnersScore": 6.8}, "pluginID": "136141256231067503", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2010_138_01.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.67503\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2010-1624\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2010-138-01 pidgin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(12\\.0|12\\.1|12\\.2|13\\.0)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2010-138-01\");\n\n script_tag(name:\"insight\", value:\"New pidgin packages are available for Slackware 12.0, 12.1, 12.2, 13.0,\nand -current to fix a security issue.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2010-138-01.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"pidgin\", ver:\"2.7.0-i486-1_slack12.0\", rls:\"SLK12.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"pidgin\", ver:\"2.7.0-i486-1_slack12.1\", rls:\"SLK12.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"pidgin\", ver:\"2.7.0-i486-1_slack12.2\", rls:\"SLK12.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"pidgin\", ver:\"2.7.0-i486-1_slack13.0\", rls:\"SLK13.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "naslFamily": "Slackware Local Security Checks"}
{"cve": [{"lastseen": "2020-12-09T19:34:38", "description": "The msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a custom emoticon in a malformed SLP message.", "edition": 5, "cvss3": {}, "published": "2010-05-14T19:30:00", "title": "CVE-2010-1624", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1624"], "modified": "2017-09-19T01:30:00", "cpe": ["cpe:/a:pidgin:pidgin:2.1.1", "cpe:/a:pidgin:pidgin:2.0.0", "cpe:/a:pidgin:pidgin:2.2.0", "cpe:/a:pidgin:pidgin:2.5.9", "cpe:/a:pidgin:pidgin:2.5.2", "cpe:/a:pidgin:pidgin:2.4.1", "cpe:/a:pidgin:pidgin:2.5.7", "cpe:/a:pidgin:pidgin:2.5.1", "cpe:/a:pidgin:pidgin:2.5.4", "cpe:/a:pidgin:pidgin:*", "cpe:/a:pidgin:pidgin:2.6.6", "cpe:/a:pidgin:pidgin:2.6.4", "cpe:/a:pidgin:pidgin:2.0.2", "cpe:/a:pidgin:pidgin:2.2.2", "cpe:/a:pidgin:pidgin:2.3.1", "cpe:/a:pidgin:pidgin:2.3.0", "cpe:/a:pidgin:pidgin:2.5.8", "cpe:/a:pidgin:pidgin:2.6.5", "cpe:/a:pidgin:pidgin:2.4.2", "cpe:/a:pidgin:pidgin:2.6.1", "cpe:/a:pidgin:pidgin:2.4.0", "cpe:/a:pidgin:pidgin:2.4.3", "cpe:/a:pidgin:pidgin:2.5.3", "cpe:/a:pidgin:pidgin:2.5.5", "cpe:/a:pidgin:pidgin:2.5.6", "cpe:/a:pidgin:pidgin:2.6.0", "cpe:/a:pidgin:pidgin:2.5.0", "cpe:/a:pidgin:pidgin:2.2.1", "cpe:/a:pidgin:pidgin:2.6.2", "cpe:/a:pidgin:pidgin:2.0.1", "cpe:/a:pidgin:pidgin:2.1.0"], "id": "CVE-2010-1624", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1624", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:pidgin:pidgin:2.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.4.1:32_bit:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.4.0:32_bit:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.5.4:32_bit:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.0.2:*:linux:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.5.2:32_bit:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.5.0:32_bit:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.5.3:32_bit:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:*:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.5.5:32_bit:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.4.2:32_bit:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.4.3:32_bit:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:pidgin:pidgin:2.6.2:*:*:*:*:*:*:*"]}], "debian": [{"lastseen": "2019-05-30T02:22:52", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1624"], "description": "Jan Wagner uploaded a new package for pidgin which fixed the following\nsecurity problem:\n\nCVE-2010-1624[1]\n\n It was discovered that the msn_emoticon_msg function in slp.c in the MSN\n protocol plugin in libpurple in Pidgin before 2.7.0 allows remote attackers\n to cause a denial of service (application crash) via a custom emoticon in a\n malformed SLP message.\n\nFor the sid distribution the problem has been fixed in\nversion 2.7.0-1.\n\nUpgrade instructions\n---------------------\n\nIf you don't use pinning (see [2]) you have to update pidgin\nmanually via "apt-get -t lenny-backports install pidgin".\n\nWe recommend to pin the backports repository to 200 so that new versions\nof installed backports will be installed automatically:\n\nPackage: *\nPin: release a=lenny-backports\nPin-Priority: 200\n\n[1] http://security-tracker.debian.org/tracker/CVE-2010-1624\n[2] <http://backports.org/dokuwiki/doku.php?id=instructions>\n", "edition": 2, "modified": "2010-05-19T06:49:18", "published": "2010-05-19T06:49:18", "id": "DEBIAN:9B357C4F24A7CE88EED84043584C1A4B:5F8CE", "href": "https://lists.debian.org/debian-backports-announce/2010/debian-backports-announce-201005/msg00000.html", "title": "[Backports-security-announce] Security Update for pidgin", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:36", "bulletinFamily": "software", "cvelist": ["CVE-2010-1624"], "description": "Crash on MSN emoticon messages parsing.", "edition": 1, "modified": "2010-05-20T00:00:00", "published": "2010-05-20T00:00:00", "id": "SECURITYVULNS:VULN:10849", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10849", "title": "libpurple / Pidgin DoS", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:34", "bulletinFamily": "software", "cvelist": ["CVE-2010-1624"], "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2010:097\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : pidgin\r\n Date : May 18, 2010\r\n Affected: 2008.0, 2009.0, 2009.1, 2010.0, Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n A security vulnerability has been identified and fixed in pidgin:\r\n \r\n The msn_emoticon_msg function in slp.c in the MSN protocol plugin in\r\n libpurple in Pidgin before 2.7.0 allows remote attackers to cause\r\n a denial of service (application crash) via a custom emoticon in a\r\n malformed SLP message (CVE-2010-1624).\r\n \r\n Packages for 2008.0 and 2009.0 are provided due to the Extended\r\n Maintenance Program for those products.\r\n \r\n The updated packages have been patched to correct this issue.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1624\r\n http://pidgin.im/news/security/\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2008.0:\r\n 39da6e1befe7d01048d4a41b7f27c440 2008.0/i586/finch-2.6.6-0.2mdv2008.0.i586.rpm\r\n b6c7e668fad077f80cec0ca47ce311d5 2008.0/i586/libfinch0-2.6.6-0.2mdv2008.0.i586.rpm\r\n 8a783e00aa4e5d50f9cb09a626cc9802 2008.0/i586/libpurple0-2.6.6-0.2mdv2008.0.i586.rpm\r\n 563e945d4d8845d84a57b1f1ae88c37d 2008.0/i586/libpurple-devel-2.6.6-0.2mdv2008.0.i586.rpm\r\n ea3e4f5a11d1e32a5e7be40816eddb42 2008.0/i586/pidgin-2.6.6-0.2mdv2008.0.i586.rpm\r\n 93cdafbeef09bd1250e3800bf55da938 2008.0/i586/pidgin-bonjour-2.6.6-0.2mdv2008.0.i586.rpm\r\n 4e3c592f76f9615953c8bb90722f65ce 2008.0/i586/pidgin-client-2.6.6-0.2mdv2008.0.i586.rpm\r\n 722989e0f8f30bb4c6180b683d4f9d0c 2008.0/i586/pidgin-gevolution-2.6.6-0.2mdv2008.0.i586.rpm\r\n d906574b5763e213bef1c5069517438f 2008.0/i586/pidgin-i18n-2.6.6-0.2mdv2008.0.i586.rpm\r\n 79585f5fd8ec94a8d05bc8d5fec33ca9 2008.0/i586/pidgin-meanwhile-2.6.6-0.2mdv2008.0.i586.rpm\r\n 1d6265892c10934420f5d63aeb9cba72 2008.0/i586/pidgin-mono-2.6.6-0.2mdv2008.0.i586.rpm\r\n 65bfbd1361468a9ededb8e581700ff75 2008.0/i586/pidgin-perl-2.6.6-0.2mdv2008.0.i586.rpm\r\n 52a8a34a8e36a54d550d81d23dc45114 2008.0/i586/pidgin-plugins-2.6.6-0.2mdv2008.0.i586.rpm\r\n 7ebdb3fed50c7c6d5782a69647f0b02b 2008.0/i586/pidgin-silc-2.6.6-0.2mdv2008.0.i586.rpm\r\n fb57b2df3fad7851c27f7d45ba8cd55b 2008.0/i586/pidgin-tcl-2.6.6-0.2mdv2008.0.i586.rpm \r\n c2602fe995f1d6797ee917b57aefd69b 2008.0/SRPMS/pidgin-2.6.6-0.2mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2008.0/X86_64:\r\n a9f901de732b5288e43b2f8dbd5bd4a3 2008.0/x86_64/finch-2.6.6-0.2mdv2008.0.x86_64.rpm\r\n 3ac2a66e23f84dfcc31345afbc7ec0bc 2008.0/x86_64/lib64finch0-2.6.6-0.2mdv2008.0.x86_64.rpm\r\n 6905aabab0259c448902d1e0516ccd74 2008.0/x86_64/lib64purple0-2.6.6-0.2mdv2008.0.x86_64.rpm\r\n b3fcd66ccd6288f97eddc42ee4937f6a 2008.0/x86_64/lib64purple-devel-2.6.6-0.2mdv2008.0.x86_64.rpm\r\n 9c792a4f0be8a6c002cf5c3bb9f22a68 2008.0/x86_64/pidgin-2.6.6-0.2mdv2008.0.x86_64.rpm\r\n 18d29dc4cb350468c48de1d2c5aa56c3 2008.0/x86_64/pidgin-bonjour-2.6.6-0.2mdv2008.0.x86_64.rpm\r\n 65c45e3385cf29750e3492377cce88e3 2008.0/x86_64/pidgin-client-2.6.6-0.2mdv2008.0.x86_64.rpm\r\n 42e3de8866e0284fbcee2ff62836f042 2008.0/x86_64/pidgin-gevolution-2.6.6-0.2mdv2008.0.x86_64.rpm\r\n bf01b1f49e99dc787ec560660659b0e9 2008.0/x86_64/pidgin-i18n-2.6.6-0.2mdv2008.0.x86_64.rpm\r\n e7b47d0b0457df6a0551da682a61509b 2008.0/x86_64/pidgin-meanwhile-2.6.6-0.2mdv2008.0.x86_64.rpm\r\n 583fa3d32fe5b588216f64df2eb894f4 2008.0/x86_64/pidgin-mono-2.6.6-0.2mdv2008.0.x86_64.rpm\r\n e683cd89cbba18430856d13672452590 2008.0/x86_64/pidgin-perl-2.6.6-0.2mdv2008.0.x86_64.rpm\r\n e3b118db7dbe101be99cf51d7f1bffd5 2008.0/x86_64/pidgin-plugins-2.6.6-0.2mdv2008.0.x86_64.rpm\r\n 3ff404b2fd6e4bffa60f888bbf926fe7 2008.0/x86_64/pidgin-silc-2.6.6-0.2mdv2008.0.x86_64.rpm\r\n 6927b061d6a8cd9ca8f5e68fa3abd0f0 2008.0/x86_64/pidgin-tcl-2.6.6-0.2mdv2008.0.x86_64.rpm \r\n c2602fe995f1d6797ee917b57aefd69b 2008.0/SRPMS/pidgin-2.6.6-0.2mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2009.0:\r\n dca4890c223b4a899bc60d07cd2f3b1f 2009.0/i586/finch-2.6.6-0.2mdv2009.0.i586.rpm\r\n 5993799e4d4c5ecf28e9fb680bc5e18b 2009.0/i586/libfinch0-2.6.6-0.2mdv2009.0.i586.rpm\r\n a998aaae71d38ca12b1a3d235a746303 2009.0/i586/libpurple0-2.6.6-0.2mdv2009.0.i586.rpm\r\n 41c017b3427fda181db7103dfcb898f5 2009.0/i586/libpurple-devel-2.6.6-0.2mdv2009.0.i586.rpm\r\n 82340e116bab6b46efdf6a7df8d00029 2009.0/i586/pidgin-2.6.6-0.2mdv2009.0.i586.rpm\r\n 62c4fc091fdb34fbcb40841504886066 2009.0/i586/pidgin-bonjour-2.6.6-0.2mdv2009.0.i586.rpm\r\n e7c2a35984511c610b3f17b0fcc0e7bd 2009.0/i586/pidgin-client-2.6.6-0.2mdv2009.0.i586.rpm\r\n 68380c1123241738749f25ab5c39f29c 2009.0/i586/pidgin-gevolution-2.6.6-0.2mdv2009.0.i586.rpm\r\n 3fce1f659f909751524b729e9c216503 2009.0/i586/pidgin-i18n-2.6.6-0.2mdv2009.0.i586.rpm\r\n 6397617b6226701144842069e0b9501d 2009.0/i586/pidgin-meanwhile-2.6.6-0.2mdv2009.0.i586.rpm\r\n a927da190e6b89c509e09d6b1bb1115e 2009.0/i586/pidgin-mono-2.6.6-0.2mdv2009.0.i586.rpm\r\n e288757cfa928a821e8d5944ede971a2 2009.0/i586/pidgin-perl-2.6.6-0.2mdv2009.0.i586.rpm\r\n 7df24771d59a928fb7c16ba47b4d103b 2009.0/i586/pidgin-plugins-2.6.6-0.2mdv2009.0.i586.rpm\r\n 7ae970b3222e6d6aa9b01c4ec7607b35 2009.0/i586/pidgin-silc-2.6.6-0.2mdv2009.0.i586.rpm\r\n bc21c776a48d4b63ebaec43cf594042b 2009.0/i586/pidgin-tcl-2.6.6-0.2mdv2009.0.i586.rpm \r\n c4298c8612d9d1d25a6e28f4fb967e5c 2009.0/SRPMS/pidgin-2.6.6-0.2mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.0/X86_64:\r\n d4ad2b665d726bfa0874db17bbc8a6e9 2009.0/x86_64/finch-2.6.6-0.2mdv2009.0.x86_64.rpm\r\n 027b2e374fea50109b856b1eca09d211 2009.0/x86_64/lib64finch0-2.6.6-0.2mdv2009.0.x86_64.rpm\r\n 7f86f1ab8e26fbb4904d975bb42305e0 2009.0/x86_64/lib64purple0-2.6.6-0.2mdv2009.0.x86_64.rpm\r\n 0814228db5a354dba43b85c5bbe76669 2009.0/x86_64/lib64purple-devel-2.6.6-0.2mdv2009.0.x86_64.rpm\r\n 90be3db323046d707706925e57cf3d9b 2009.0/x86_64/pidgin-2.6.6-0.2mdv2009.0.x86_64.rpm\r\n 861141dc25005772647d6dabaae80871 2009.0/x86_64/pidgin-bonjour-2.6.6-0.2mdv2009.0.x86_64.rpm\r\n 07ddb74d337b844d5ad1c83347c22b26 2009.0/x86_64/pidgin-client-2.6.6-0.2mdv2009.0.x86_64.rpm\r\n e7396ba80dec77e5592a3b28b857ccec 2009.0/x86_64/pidgin-gevolution-2.6.6-0.2mdv2009.0.x86_64.rpm\r\n 8fa26f766870280242f98341fe82b14b 2009.0/x86_64/pidgin-i18n-2.6.6-0.2mdv2009.0.x86_64.rpm\r\n 38b1706f19cfca603f7312ab9cf5eeed 2009.0/x86_64/pidgin-meanwhile-2.6.6-0.2mdv2009.0.x86_64.rpm\r\n 180468a8a07a8c2596c2e520b04374f6 2009.0/x86_64/pidgin-mono-2.6.6-0.2mdv2009.0.x86_64.rpm\r\n f163714ff2ae70786ce72936aefff6e9 2009.0/x86_64/pidgin-perl-2.6.6-0.2mdv2009.0.x86_64.rpm\r\n c91b167a11a619de015cf38a575ab099 2009.0/x86_64/pidgin-plugins-2.6.6-0.2mdv2009.0.x86_64.rpm\r\n f194c4f72caa60a6ff42847838b04347 2009.0/x86_64/pidgin-silc-2.6.6-0.2mdv2009.0.x86_64.rpm\r\n 6bdc684de45ecec534b0641d29b31a89 2009.0/x86_64/pidgin-tcl-2.6.6-0.2mdv2009.0.x86_64.rpm \r\n c4298c8612d9d1d25a6e28f4fb967e5c 2009.0/SRPMS/pidgin-2.6.6-0.2mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.1:\r\n 8b44a686e7efbd656a321b964da188a3 2009.1/i586/finch-2.6.6-0.2mdv2009.1.i586.rpm\r\n a159afab9de56b7ba9298f8b09cc3b05 2009.1/i586/libfinch0-2.6.6-0.2mdv2009.1.i586.rpm\r\n dc5122b41aa80525d3518f69005efff2 2009.1/i586/libpurple0-2.6.6-0.2mdv2009.1.i586.rpm\r\n 62f1513dad71c25075d481c9ab0e6bca 2009.1/i586/libpurple-devel-2.6.6-0.2mdv2009.1.i586.rpm\r\n 95e442ae9975cc451aaf7d46b459ab66 2009.1/i586/pidgin-2.6.6-0.2mdv2009.1.i586.rpm\r\n b20a50a109468d98969a1709c7c1508d 2009.1/i586/pidgin-bonjour-2.6.6-0.2mdv2009.1.i586.rpm\r\n 5a47dc6038140aae09362015da925231 2009.1/i586/pidgin-client-2.6.6-0.2mdv2009.1.i586.rpm\r\n 6306c8b1cadf27aee63c50dbe43aa860 2009.1/i586/pidgin-gevolution-2.6.6-0.2mdv2009.1.i586.rpm\r\n 7e7470494ca40330f660948534607351 2009.1/i586/pidgin-i18n-2.6.6-0.2mdv2009.1.i586.rpm\r\n 011f21c384b5950b8b4adaa6934d0574 2009.1/i586/pidgin-meanwhile-2.6.6-0.2mdv2009.1.i586.rpm\r\n e79dd93c671378f79b96c3026a5e5b20 2009.1/i586/pidgin-mono-2.6.6-0.2mdv2009.1.i586.rpm\r\n b5f989d29078cdcf81005087230d8853 2009.1/i586/pidgin-perl-2.6.6-0.2mdv2009.1.i586.rpm\r\n b941197c6673b4401e47e4ac11f31819 2009.1/i586/pidgin-plugins-2.6.6-0.2mdv2009.1.i586.rpm\r\n 0baa84bba47d7fbaa40757c8164a3325 2009.1/i586/pidgin-silc-2.6.6-0.2mdv2009.1.i586.rpm\r\n e4ec8998516594d7483b3a8489f361e2 2009.1/i586/pidgin-tcl-2.6.6-0.2mdv2009.1.i586.rpm \r\n ec938fb1d32bfbd319a440dd50d4756d 2009.1/SRPMS/pidgin-2.6.6-0.2mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2009.1/X86_64:\r\n e96180d401fbded7374386085382b5dd 2009.1/x86_64/finch-2.6.6-0.2mdv2009.1.x86_64.rpm\r\n 07bcacd71517b085a1938a734197b1d5 2009.1/x86_64/lib64finch0-2.6.6-0.2mdv2009.1.x86_64.rpm\r\n 585d582a296fcd5c30ec7387c3a46758 2009.1/x86_64/lib64purple0-2.6.6-0.2mdv2009.1.x86_64.rpm\r\n 913a6a18a5f5c6b4858eec4a496cc7fa 2009.1/x86_64/lib64purple-devel-2.6.6-0.2mdv2009.1.x86_64.rpm\r\n 644d903c67cfce65c5fe977b3f7e07cf 2009.1/x86_64/pidgin-2.6.6-0.2mdv2009.1.x86_64.rpm\r\n d650c59e24cc5de92acb0854ee0d4464 2009.1/x86_64/pidgin-bonjour-2.6.6-0.2mdv2009.1.x86_64.rpm\r\n a67534c66f3a2998ae743db3232a64fa 2009.1/x86_64/pidgin-client-2.6.6-0.2mdv2009.1.x86_64.rpm\r\n 481b7c8c27c037bbbf2c9b4e6c7aa800 2009.1/x86_64/pidgin-gevolution-2.6.6-0.2mdv2009.1.x86_64.rpm\r\n b43bca4d99d534e16ba77f49c61119b8 2009.1/x86_64/pidgin-i18n-2.6.6-0.2mdv2009.1.x86_64.rpm\r\n cc9bb6142cdec058d8d3619a47ad3e9e 2009.1/x86_64/pidgin-meanwhile-2.6.6-0.2mdv2009.1.x86_64.rpm\r\n 8811e39b1e585bce7b98afae051db5fa 2009.1/x86_64/pidgin-mono-2.6.6-0.2mdv2009.1.x86_64.rpm\r\n 21572f6dc1a6cdd763fcde79e116030a 2009.1/x86_64/pidgin-perl-2.6.6-0.2mdv2009.1.x86_64.rpm\r\n 2378c598ebefd5c716467e67fee55916 2009.1/x86_64/pidgin-plugins-2.6.6-0.2mdv2009.1.x86_64.rpm\r\n 7d58ced43544f18390ac722e5894722f 2009.1/x86_64/pidgin-silc-2.6.6-0.2mdv2009.1.x86_64.rpm\r\n a85b2dcfd5598b8314f2c40546c45b7e 2009.1/x86_64/pidgin-tcl-2.6.6-0.2mdv2009.1.x86_64.rpm \r\n ec938fb1d32bfbd319a440dd50d4756d 2009.1/SRPMS/pidgin-2.6.6-0.2mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2010.0:\r\n 33a0a84e7eba1bd47f86fb739d6c5ebd 2010.0/i586/finch-2.6.6-0.2mdv2010.0.i586.rpm\r\n 0931dc9de8fc7a1e44e479ca20c74e61 2010.0/i586/libfinch0-2.6.6-0.2mdv2010.0.i586.rpm\r\n ac6633dc1c5eb3b33f171049c1e634eb 2010.0/i586/libpurple0-2.6.6-0.2mdv2010.0.i586.rpm\r\n f26673531049ba0d9e169208cbb87a83 2010.0/i586/libpurple-devel-2.6.6-0.2mdv2010.0.i586.rpm\r\n 84f4e6adc15b240bd27ab6a4a26a2b78 2010.0/i586/pidgin-2.6.6-0.2mdv2010.0.i586.rpm\r\n 40e984a3e8b9f48c1d5733dba820099f 2010.0/i586/pidgin-bonjour-2.6.6-0.2mdv2010.0.i586.rpm\r\n 33d16e91176165f9dd938907766fed67 2010.0/i586/pidgin-client-2.6.6-0.2mdv2010.0.i586.rpm\r\n 5e68628aa0eb64e78c3c212f7ccf930a 2010.0/i586/pidgin-gevolution-2.6.6-0.2mdv2010.0.i586.rpm\r\n 212b95dc896a5bc08688bb0c51de465a 2010.0/i586/pidgin-i18n-2.6.6-0.2mdv2010.0.i586.rpm\r\n a2c2a938d89d87066c96cf458b81ec66 2010.0/i586/pidgin-meanwhile-2.6.6-0.2mdv2010.0.i586.rpm\r\n 5fa945563aa7692fbc12d6823fd6be85 2010.0/i586/pidgin-mono-2.6.6-0.2mdv2010.0.i586.rpm\r\n 87ecb6d485340ca1c7c7a97a50be6dee 2010.0/i586/pidgin-perl-2.6.6-0.2mdv2010.0.i586.rpm\r\n 9626b616190a6b09612f26994ede0b5f 2010.0/i586/pidgin-plugins-2.6.6-0.2mdv2010.0.i586.rpm\r\n de41b0f2fef00e6af23ba88b6308d4de 2010.0/i586/pidgin-silc-2.6.6-0.2mdv2010.0.i586.rpm\r\n a95301834d173f6410bc3682f434de94 2010.0/i586/pidgin-tcl-2.6.6-0.2mdv2010.0.i586.rpm \r\n 9a4aaa0d7ac147e37df51ae67b9d402a 2010.0/SRPMS/pidgin-2.6.6-0.2mdv2010.0.src.rpm\r\n\r\n Mandriva Linux 2010.0/X86_64:\r\n 807bd5068fbc7ab1ef2827c5d801749d 2010.0/x86_64/finch-2.6.6-0.2mdv2010.0.x86_64.rpm\r\n 54235086d9bf1f42e2576b424d23cc35 2010.0/x86_64/lib64finch0-2.6.6-0.2mdv2010.0.x86_64.rpm\r\n b03b8efaa05c69ba8a67bbd961131a36 2010.0/x86_64/lib64purple0-2.6.6-0.2mdv2010.0.x86_64.rpm\r\n 18ccf44235a82eea37e80e2ca731ab70 2010.0/x86_64/lib64purple-devel-2.6.6-0.2mdv2010.0.x86_64.rpm\r\n 0f7cf6239ddb04951fb4a8ab39e6f01d 2010.0/x86_64/pidgin-2.6.6-0.2mdv2010.0.x86_64.rpm\r\n 7b0116ab307c72dfffd73ad648d9fcac 2010.0/x86_64/pidgin-bonjour-2.6.6-0.2mdv2010.0.x86_64.rpm\r\n 256edf3796a2c7085cbf6f3f58a29560 2010.0/x86_64/pidgin-client-2.6.6-0.2mdv2010.0.x86_64.rpm\r\n 1621ef71ff976dd3cf8a669a42a44067 2010.0/x86_64/pidgin-gevolution-2.6.6-0.2mdv2010.0.x86_64.rpm\r\n 14ddd62b5d78e4cbb429926125486e24 2010.0/x86_64/pidgin-i18n-2.6.6-0.2mdv2010.0.x86_64.rpm\r\n f4b68c3333998aca9d29270d8d7fcdb4 2010.0/x86_64/pidgin-meanwhile-2.6.6-0.2mdv2010.0.x86_64.rpm\r\n 7f001bec8e12d37eaf968ea8024c5b14 2010.0/x86_64/pidgin-mono-2.6.6-0.2mdv2010.0.x86_64.rpm\r\n cba4f697fe9687e15c4f2f7bbfddf7a3 2010.0/x86_64/pidgin-perl-2.6.6-0.2mdv2010.0.x86_64.rpm\r\n 70f505ca311872675cab10c2edcf575a 2010.0/x86_64/pidgin-plugins-2.6.6-0.2mdv2010.0.x86_64.rpm\r\n e198ea841ab93f3afc6a12cd8feadbe4 2010.0/x86_64/pidgin-silc-2.6.6-0.2mdv2010.0.x86_64.rpm\r\n 10aa3695605c44ba245532d5abbc41ad 2010.0/x86_64/pidgin-tcl-2.6.6-0.2mdv2010.0.x86_64.rpm \r\n 9a4aaa0d7ac147e37df51ae67b9d402a 2010.0/SRPMS/pidgin-2.6.6-0.2mdv2010.0.src.rpm\r\n\r\n Mandriva Enterprise Server 5:\r\n 13dda080ae598772a13ea683d079d015 mes5/i586/finch-2.6.6-0.2mdvmes5.1.i586.rpm\r\n bf2d3618907b7b6302eb59f348966e5d mes5/i586/libfinch0-2.6.6-0.2mdvmes5.1.i586.rpm\r\n af42d46fc20250d87d6cfde3b363eb33 mes5/i586/libpurple0-2.6.6-0.2mdvmes5.1.i586.rpm\r\n 24011318154b8b62cd35d9b4bd14a84b mes5/i586/libpurple-devel-2.6.6-0.2mdvmes5.1.i586.rpm\r\n bd6fec13ee349519e99930d337761208 mes5/i586/pidgin-2.6.6-0.2mdvmes5.1.i586.rpm\r\n 8172f83ada1201acb488258830ed6cfc mes5/i586/pidgin-bonjour-2.6.6-0.2mdvmes5.1.i586.rpm\r\n e73a9f04ba0727e30c90716827c5f5b1 mes5/i586/pidgin-client-2.6.6-0.2mdvmes5.1.i586.rpm\r\n 8d9c07fe4ab3931ab2040c5a0bf3293e mes5/i586/pidgin-gevolution-2.6.6-0.2mdvmes5.1.i586.rpm\r\n 37c80784ac3f42d9c6a8ae91c69c1eca mes5/i586/pidgin-i18n-2.6.6-0.2mdvmes5.1.i586.rpm\r\n 7ec1cd07032a001276777e49265d68cb mes5/i586/pidgin-meanwhile-2.6.6-0.2mdvmes5.1.i586.rpm\r\n c4f74368df8e12b41f65a8abc6961f38 mes5/i586/pidgin-mono-2.6.6-0.2mdvmes5.1.i586.rpm\r\n 72fdd07d1756aad281fa48b48417ec52 mes5/i586/pidgin-perl-2.6.6-0.2mdvmes5.1.i586.rpm\r\n 58974dc2cffc8361b7644b170feb16ca mes5/i586/pidgin-plugins-2.6.6-0.2mdvmes5.1.i586.rpm\r\n dc22560cf4c279a69e610ddb1dab4107 mes5/i586/pidgin-silc-2.6.6-0.2mdvmes5.1.i586.rpm\r\n e1f787fcc327bef63a070756c333eff8 mes5/i586/pidgin-tcl-2.6.6-0.2mdvmes5.1.i586.rpm \r\n 9bf03f46569aeaf34845efb22c2d9142 mes5/SRPMS/pidgin-2.6.6-0.2mdvmes5.1.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n fc9c1743282a44371606bcc6f8a140b3 mes5/x86_64/finch-2.6.6-0.2mdvmes5.1.x86_64.rpm\r\n 12b30fa1d0891dc6f99cb1cd38657624 mes5/x86_64/lib64finch0-2.6.6-0.2mdvmes5.1.x86_64.rpm\r\n bf848bc1b0f1de79901e2bac353239ef mes5/x86_64/lib64purple0-2.6.6-0.2mdvmes5.1.x86_64.rpm\r\n 007056059c45e53eb981df2ad0fce3d9 mes5/x86_64/lib64purple-devel-2.6.6-0.2mdvmes5.1.x86_64.rpm\r\n fd343d238369ff74f4106fabd2517bb7 mes5/x86_64/pidgin-2.6.6-0.2mdvmes5.1.x86_64.rpm\r\n 83e43c6edadaab559a53aaa9c182b022 mes5/x86_64/pidgin-bonjour-2.6.6-0.2mdvmes5.1.x86_64.rpm\r\n 0031769806e429d156a47fdd3a15bb4a mes5/x86_64/pidgin-client-2.6.6-0.2mdvmes5.1.x86_64.rpm\r\n d322e772b3687c9a26cbb3d1350cac7f mes5/x86_64/pidgin-gevolution-2.6.6-0.2mdvmes5.1.x86_64.rpm\r\n be5957fbd2183ba2500968993abdf257 mes5/x86_64/pidgin-i18n-2.6.6-0.2mdvmes5.1.x86_64.rpm\r\n 361a2e28134b872782d50db4d3f0a1b7 mes5/x86_64/pidgin-meanwhile-2.6.6-0.2mdvmes5.1.x86_64.rpm\r\n de494ae11a5e7b1330206750a4c03cc8 mes5/x86_64/pidgin-mono-2.6.6-0.2mdvmes5.1.x86_64.rpm\r\n 8ed6ff0ea253660ee7739c135d44d072 mes5/x86_64/pidgin-perl-2.6.6-0.2mdvmes5.1.x86_64.rpm\r\n 30ab1f70aecff8cde722f64c38f9ebc1 mes5/x86_64/pidgin-plugins-2.6.6-0.2mdvmes5.1.x86_64.rpm\r\n c474ebab7d34c8876f0d12bf3650a68d mes5/x86_64/pidgin-silc-2.6.6-0.2mdvmes5.1.x86_64.rpm\r\n e557ac7501a2988206d7d38dd55fafe0 mes5/x86_64/pidgin-tcl-2.6.6-0.2mdvmes5.1.x86_64.rpm \r\n 9bf03f46569aeaf34845efb22c2d9142 mes5/SRPMS/pidgin-2.6.6-0.2mdvmes5.1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niD8DBQFL8m1GmqjQ0CJFipgRAsSGAJoCz5GC0UIm6eNi+4P+8cnjmTQwBgCdHkId\r\no5UhPOXhuo9Ak9vMoxa1ERA=\r\n=bG3/\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2010-05-20T00:00:00", "published": "2010-05-20T00:00:00", "id": "SECURITYVULNS:DOC:23888", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23888", "title": "[ MDVSA-2010:097 ] pidgin", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "slackware": [{"lastseen": "2020-10-25T16:36:19", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1624"], "description": "New pidgin packages are available for Slackware 12.0, 12.1, 12.2, 13.0,\nand -current to fix a security issue.\n\n\nHere are the details from the Slackware 13.0 ChangeLog:\n\npatches/packages/pidgin-2.7.0-i486-1_slack13.0.txz: Upgraded.\n Upgraded to pidgin-2.7.0 and pidgin-encryption-3.1.\n The msn_emoticon_msg function in slp.c in the MSN protocol plugin in\n libpurple in Pidgin before 2.7.0 allows remote attackers to cause\n a denial of service (application crash) via a custom emoticon in a\n malformed SLP message.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1624\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/pidgin-2.7.0-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/pidgin-2.7.0-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/pidgin-2.7.0-i486-1_slack12.2.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/pidgin-2.7.0-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/pidgin-2.7.0-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/pidgin-2.7.0-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/pidgin-2.7.0-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 12.0 package:\nb988b50b9eacdb945e23f87d727cd9ea pidgin-2.7.0-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\n18d32120919d0042d370813ab90a7d1d pidgin-2.7.0-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\nd3686755cf78d1f1b1c0e61663325c5f pidgin-2.7.0-i486-1_slack12.2.tgz\n\nSlackware 13.0 package:\n80002e97f1979c926b2a5c72ef7e4847 pidgin-2.7.0-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n03ac23f92b3884911718a9e4fce8d3b3 pidgin-2.7.0-x86_64-1_slack13.0.txz\n\nSlackware -current package:\n2573c594996ef632e013a0ffcb95fe75 pidgin-2.7.0-i486-1.txz\n\nSlackware x86_64 -current package:\nb65ac72c257d0fa7b82728030a79bb36 pidgin-2.7.0-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg pidgin-2.7.0-i486-1_slack13.0.txz", "modified": "2010-05-18T23:13:01", "published": "2010-05-18T23:13:01", "id": "SSA-2010-138-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.441227", "type": "slackware", "title": "[slackware-security] pidgin", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1624"], "description": "Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. Pidgin supports many common features of other clients, as well as many unique features, such as perl scripting, TCL scripting and C plugins. Pidgin is not affiliated with or endorsed by America Online, Inc., Microsoft Corporation, Yahoo! Inc., or ICQ Inc. ", "modified": "2010-05-24T19:42:19", "published": "2010-05-24T19:42:19", "id": "FEDORA:34A2D110F65", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: pidgin-2.7.0-2.fc13", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1624", "CVE-2010-2528"], "description": "Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. Pidgin supports many common features of other clients, as well as many unique features, such as perl scripting, TCL scripting and C plugins. Pidgin is not affiliated with or endorsed by America Online, Inc., Microsoft Corporation, Yahoo! Inc., or ICQ Inc. ", "modified": "2010-07-27T02:36:28", "published": "2010-07-27T02:36:28", "id": "FEDORA:61D4510FCAD", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: pidgin-2.7.2-1.fc13", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1624", "CVE-2010-2528", "CVE-2010-3711"], "description": "Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. Pidgin supports many common features of other clients, as well as many unique features, such as perl scripting, TCL scripting and C plugins. Pidgin is not affiliated with or endorsed by America Online, Inc., Microsoft Corporation, Yahoo! Inc., or ICQ Inc. ", "modified": "2010-11-01T21:00:14", "published": "2010-11-01T21:00:14", "id": "FEDORA:803A5111130", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: pidgin-2.7.4-1.fc13", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1624", "CVE-2010-2528", "CVE-2010-3711"], "description": "Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. Pidgin supports many common features of other clients, as well as many unique features, such as perl scripting, TCL scripting and C plugins. Pidgin is not affiliated with or endorsed by America Online, Inc., Microsoft Corporation, Yahoo! Inc., or ICQ Inc. ", "modified": "2011-01-07T20:01:11", "published": "2011-01-07T20:01:11", "id": "FEDORA:518CC110C68", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: pidgin-2.7.9-1.fc13", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1624", "CVE-2010-2528", "CVE-2010-3711", "CVE-2011-1091"], "description": "Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. Pidgin supports many common features of other clients, as well as many unique features, such as perl scripting, TCL scripting and C plugins. Pidgin is not affiliated with or endorsed by America Online, Inc., Microsoft Corporation, Yahoo! Inc., or ICQ Inc. ", "modified": "2011-03-20T21:25:51", "published": "2011-03-20T21:25:51", "id": "FEDORA:DF9FC110C29", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: pidgin-2.7.11-1.fc13", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0013", "CVE-2010-0277", "CVE-2010-0420", "CVE-2010-0423", "CVE-2010-1624"], "description": "Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. Pidgin supports many common features of other clients, as well as many unique features, such as perl scripting, TCL scripting and C plugins. Pidgin is not affiliated with or endorsed by America Online, Inc., Microsoft Corporation, Yahoo! Inc., or ICQ Inc. ", "modified": "2010-05-24T19:48:53", "published": "2010-05-24T19:48:53", "id": "FEDORA:57837110FDA", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: pidgin-2.7.0-2.fc12", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0013", "CVE-2010-0277", "CVE-2010-0420", "CVE-2010-0423", "CVE-2010-1624", "CVE-2010-2528"], "description": "Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. Pidgin supports many common features of other clients, as well as many unique features, such as perl scripting, TCL scripting and C plugins. Pidgin is not affiliated with or endorsed by America Online, Inc., Microsoft Corporation, Yahoo! Inc., or ICQ Inc. ", "modified": "2010-07-30T08:34:46", "published": "2010-07-30T08:34:46", "id": "FEDORA:E2504110F93", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: pidgin-2.7.2-1.fc12", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0013", "CVE-2010-0277", "CVE-2010-0420", "CVE-2010-0423", "CVE-2010-1624", "CVE-2010-2528", "CVE-2010-3711"], "description": "Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. Pidgin supports many common features of other clients, as well as many unique features, such as perl scripting, TCL scripting and C plugins. Pidgin is not affiliated with or endorsed by America Online, Inc., Microsoft Corporation, Yahoo! Inc., or ICQ Inc. ", "modified": "2010-11-10T21:44:25", "published": "2010-11-10T21:44:25", "id": "FEDORA:8AF73111A2E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: pidgin-2.7.5-1.fc12", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2694", "CVE-2009-2703", "CVE-2009-3083", "CVE-2009-3084", "CVE-2009-3085", "CVE-2009-3615", "CVE-2010-0013", "CVE-2010-0277", "CVE-2010-0420", "CVE-2010-0423", "CVE-2010-1624"], "description": "Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. Pidgin supports many common features of other clients, as well as many unique features, such as perl scripting, TCL scripting and C plugins. Pidgin is not affiliated with or endorsed by America Online, Inc., Microsoft Corporation, Yahoo! Inc., or ICQ Inc. ", "modified": "2010-05-24T19:40:10", "published": "2010-05-24T19:40:10", "id": "FEDORA:DCDD0111181", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: pidgin-2.7.0-2.fc11", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-12-12T11:10:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1624"], "description": "Check for the Version of pidgin", "modified": "2017-12-12T00:00:00", "published": "2010-05-28T00:00:00", "id": "OPENVAS:831051", "href": "http://plugins.openvas.org/nasl.php?oid=831051", "type": "openvas", "title": "Mandriva Update for pidgin MDVSA-2010:097 (pidgin)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for pidgin MDVSA-2010:097 (pidgin)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A security vulnerability has been identified and fixed in pidgin:\n\n The msn_emoticon_msg function in slp.c in the MSN protocol plugin in\n libpurple in Pidgin before 2.7.0 allows remote attackers to cause\n a denial of service (application crash) via a custom emoticon in a\n malformed SLP message (CVE-2010-1624).\n \n Packages for 2008.0 and 2009.0 are provided due to the Extended\n Maintenance Program for those products.\n \n The updated packages have been patched to correct this issue.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"pidgin on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-05/msg00019.php\");\n script_id(831051);\n script_version(\"$Revision: 8082 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-12 07:31:24 +0100 (Tue, 12 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-28 10:00:59 +0200 (Fri, 28 May 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:097\");\n script_cve_id(\"CVE-2010-1624\");\n script_name(\"Mandriva Update for pidgin MDVSA-2010:097 (pidgin)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of pidgin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.6.6~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfinch0\", rpm:\"libfinch0~2.6.6~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple0\", rpm:\"libpurple0~2.6.6~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.6.6~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.6.6~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-bonjour\", rpm:\"pidgin-bonjour~2.6.6~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-client\", rpm:\"pidgin-client~2.6.6~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-gevolution\", rpm:\"pidgin-gevolution~2.6.6~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-i18n\", rpm:\"pidgin-i18n~2.6.6~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-meanwhile\", rpm:\"pidgin-meanwhile~2.6.6~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-mono\", rpm:\"pidgin-mono~2.6.6~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.6.6~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-plugins\", rpm:\"pidgin-plugins~2.6.6~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-silc\", rpm:\"pidgin-silc~2.6.6~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-tcl\", rpm:\"pidgin-tcl~2.6.6~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64finch0\", rpm:\"lib64finch0~2.6.6~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64purple0\", rpm:\"lib64purple0~2.6.6~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64purple-devel\", rpm:\"lib64purple-devel~2.6.6~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.6.6~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfinch0\", rpm:\"libfinch0~2.6.6~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple0\", rpm:\"libpurple0~2.6.6~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.6.6~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.6.6~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-bonjour\", rpm:\"pidgin-bonjour~2.6.6~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-client\", rpm:\"pidgin-client~2.6.6~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-gevolution\", rpm:\"pidgin-gevolution~2.6.6~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-i18n\", rpm:\"pidgin-i18n~2.6.6~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-meanwhile\", rpm:\"pidgin-meanwhile~2.6.6~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-mono\", rpm:\"pidgin-mono~2.6.6~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.6.6~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-plugins\", rpm:\"pidgin-plugins~2.6.6~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-silc\", rpm:\"pidgin-silc~2.6.6~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-tcl\", rpm:\"pidgin-tcl~2.6.6~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64finch0\", rpm:\"lib64finch0~2.6.6~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64purple0\", rpm:\"lib64purple0~2.6.6~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64purple-devel\", rpm:\"lib64purple-devel~2.6.6~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.6.6~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfinch0\", rpm:\"libfinch0~2.6.6~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple0\", rpm:\"libpurple0~2.6.6~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.6.6~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.6.6~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-bonjour\", rpm:\"pidgin-bonjour~2.6.6~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-client\", rpm:\"pidgin-client~2.6.6~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-gevolution\", rpm:\"pidgin-gevolution~2.6.6~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-i18n\", rpm:\"pidgin-i18n~2.6.6~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-meanwhile\", rpm:\"pidgin-meanwhile~2.6.6~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-mono\", rpm:\"pidgin-mono~2.6.6~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.6.6~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-plugins\", rpm:\"pidgin-plugins~2.6.6~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-silc\", rpm:\"pidgin-silc~2.6.6~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-tcl\", rpm:\"pidgin-tcl~2.6.6~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64finch0\", rpm:\"lib64finch0~2.6.6~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64purple0\", rpm:\"lib64purple0~2.6.6~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64purple-devel\", rpm:\"lib64purple-devel~2.6.6~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.6.6~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfinch0\", rpm:\"libfinch0~2.6.6~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple0\", rpm:\"libpurple0~2.6.6~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.6.6~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.6.6~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-bonjour\", rpm:\"pidgin-bonjour~2.6.6~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-client\", rpm:\"pidgin-client~2.6.6~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-gevolution\", rpm:\"pidgin-gevolution~2.6.6~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-i18n\", rpm:\"pidgin-i18n~2.6.6~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-meanwhile\", rpm:\"pidgin-meanwhile~2.6.6~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-mono\", rpm:\"pidgin-mono~2.6.6~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.6.6~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-plugins\", rpm:\"pidgin-plugins~2.6.6~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-silc\", rpm:\"pidgin-silc~2.6.6~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-tcl\", rpm:\"pidgin-tcl~2.6.6~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64finch0\", rpm:\"lib64finch0~2.6.6~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64purple0\", rpm:\"lib64purple0~2.6.6~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64purple-devel\", rpm:\"lib64purple-devel~2.6.6~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.6.6~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfinch0\", rpm:\"libfinch0~2.6.6~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple0\", rpm:\"libpurple0~2.6.6~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.6.6~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.6.6~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-bonjour\", rpm:\"pidgin-bonjour~2.6.6~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-client\", rpm:\"pidgin-client~2.6.6~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-gevolution\", rpm:\"pidgin-gevolution~2.6.6~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-i18n\", rpm:\"pidgin-i18n~2.6.6~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-meanwhile\", rpm:\"pidgin-meanwhile~2.6.6~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-mono\", rpm:\"pidgin-mono~2.6.6~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.6.6~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-plugins\", rpm:\"pidgin-plugins~2.6.6~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-silc\", rpm:\"pidgin-silc~2.6.6~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-tcl\", rpm:\"pidgin-tcl~2.6.6~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64finch0\", rpm:\"lib64finch0~2.6.6~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64purple0\", rpm:\"lib64purple0~2.6.6~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64purple-devel\", rpm:\"lib64purple-devel~2.6.6~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1624"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2010-138-01.", "modified": "2017-07-07T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:67503", "href": "http://plugins.openvas.org/nasl.php?oid=67503", "type": "openvas", "title": "Slackware Advisory SSA:2010-138-01 pidgin ", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2010_138_01.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New pidgin packages are available for Slackware 12.0, 12.1, 12.2, 13.0,\nand -current to fix a security issue.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2010-138-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2010-138-01\";\n \nif(description)\n{\n script_id(67503);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2010-1624\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_version(\"$Revision: 6598 $\");\n script_name(\"Slackware Advisory SSA:2010-138-01 pidgin \");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"pidgin\", ver:\"2.7.0-i486-1_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"pidgin\", ver:\"2.7.0-i486-1_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"pidgin\", ver:\"2.7.0-i486-1_slack12.2\", rls:\"SLK12.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"pidgin\", ver:\"2.7.0-i486-1_slack13.0\", rls:\"SLK13.0\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1624"], "description": "Check for the Version of pidgin", "modified": "2017-12-21T00:00:00", "published": "2010-05-28T00:00:00", "id": "OPENVAS:1361412562310831051", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831051", "type": "openvas", "title": "Mandriva Update for pidgin MDVSA-2010:097 (pidgin)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for pidgin MDVSA-2010:097 (pidgin)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A security vulnerability has been identified and fixed in pidgin:\n\n The msn_emoticon_msg function in slp.c in the MSN protocol plugin in\n libpurple in Pidgin before 2.7.0 allows remote attackers to cause\n a denial of service (application crash) via a custom emoticon in a\n malformed SLP message (CVE-2010-1624).\n \n Packages for 2008.0 and 2009.0 are provided due to the Extended\n Maintenance Program for those products.\n \n The updated packages have been patched to correct this issue.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"pidgin on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-05/msg00019.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831051\");\n script_version(\"$Revision: 8207 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 08:30:12 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-28 10:00:59 +0200 (Fri, 28 May 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:097\");\n script_cve_id(\"CVE-2010-1624\");\n script_name(\"Mandriva Update for pidgin MDVSA-2010:097 (pidgin)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of pidgin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.6.6~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfinch0\", rpm:\"libfinch0~2.6.6~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple0\", rpm:\"libpurple0~2.6.6~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.6.6~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.6.6~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-bonjour\", rpm:\"pidgin-bonjour~2.6.6~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-client\", rpm:\"pidgin-client~2.6.6~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-gevolution\", rpm:\"pidgin-gevolution~2.6.6~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-i18n\", rpm:\"pidgin-i18n~2.6.6~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-meanwhile\", rpm:\"pidgin-meanwhile~2.6.6~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-mono\", rpm:\"pidgin-mono~2.6.6~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.6.6~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-plugins\", rpm:\"pidgin-plugins~2.6.6~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-silc\", rpm:\"pidgin-silc~2.6.6~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-tcl\", rpm:\"pidgin-tcl~2.6.6~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64finch0\", rpm:\"lib64finch0~2.6.6~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64purple0\", rpm:\"lib64purple0~2.6.6~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64purple-devel\", rpm:\"lib64purple-devel~2.6.6~0.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.6.6~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfinch0\", rpm:\"libfinch0~2.6.6~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple0\", rpm:\"libpurple0~2.6.6~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.6.6~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.6.6~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-bonjour\", rpm:\"pidgin-bonjour~2.6.6~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-client\", rpm:\"pidgin-client~2.6.6~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-gevolution\", rpm:\"pidgin-gevolution~2.6.6~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-i18n\", rpm:\"pidgin-i18n~2.6.6~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-meanwhile\", rpm:\"pidgin-meanwhile~2.6.6~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-mono\", rpm:\"pidgin-mono~2.6.6~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.6.6~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-plugins\", rpm:\"pidgin-plugins~2.6.6~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-silc\", rpm:\"pidgin-silc~2.6.6~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-tcl\", rpm:\"pidgin-tcl~2.6.6~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64finch0\", rpm:\"lib64finch0~2.6.6~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64purple0\", rpm:\"lib64purple0~2.6.6~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64purple-devel\", rpm:\"lib64purple-devel~2.6.6~0.2mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.6.6~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfinch0\", rpm:\"libfinch0~2.6.6~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple0\", rpm:\"libpurple0~2.6.6~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.6.6~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.6.6~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-bonjour\", rpm:\"pidgin-bonjour~2.6.6~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-client\", rpm:\"pidgin-client~2.6.6~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-gevolution\", rpm:\"pidgin-gevolution~2.6.6~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-i18n\", rpm:\"pidgin-i18n~2.6.6~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-meanwhile\", rpm:\"pidgin-meanwhile~2.6.6~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-mono\", rpm:\"pidgin-mono~2.6.6~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.6.6~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-plugins\", rpm:\"pidgin-plugins~2.6.6~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-silc\", rpm:\"pidgin-silc~2.6.6~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-tcl\", rpm:\"pidgin-tcl~2.6.6~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64finch0\", rpm:\"lib64finch0~2.6.6~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64purple0\", rpm:\"lib64purple0~2.6.6~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64purple-devel\", rpm:\"lib64purple-devel~2.6.6~0.2mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.6.6~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfinch0\", rpm:\"libfinch0~2.6.6~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple0\", rpm:\"libpurple0~2.6.6~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.6.6~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.6.6~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-bonjour\", rpm:\"pidgin-bonjour~2.6.6~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-client\", rpm:\"pidgin-client~2.6.6~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-gevolution\", rpm:\"pidgin-gevolution~2.6.6~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-i18n\", rpm:\"pidgin-i18n~2.6.6~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-meanwhile\", rpm:\"pidgin-meanwhile~2.6.6~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-mono\", rpm:\"pidgin-mono~2.6.6~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.6.6~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-plugins\", rpm:\"pidgin-plugins~2.6.6~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-silc\", rpm:\"pidgin-silc~2.6.6~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-tcl\", rpm:\"pidgin-tcl~2.6.6~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64finch0\", rpm:\"lib64finch0~2.6.6~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64purple0\", rpm:\"lib64purple0~2.6.6~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64purple-devel\", rpm:\"lib64purple-devel~2.6.6~0.2mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.6.6~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfinch0\", rpm:\"libfinch0~2.6.6~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple0\", rpm:\"libpurple0~2.6.6~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.6.6~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.6.6~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-bonjour\", rpm:\"pidgin-bonjour~2.6.6~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-client\", rpm:\"pidgin-client~2.6.6~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-gevolution\", rpm:\"pidgin-gevolution~2.6.6~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-i18n\", rpm:\"pidgin-i18n~2.6.6~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-meanwhile\", rpm:\"pidgin-meanwhile~2.6.6~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-mono\", rpm:\"pidgin-mono~2.6.6~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.6.6~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-plugins\", rpm:\"pidgin-plugins~2.6.6~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-silc\", rpm:\"pidgin-silc~2.6.6~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-tcl\", rpm:\"pidgin-tcl~2.6.6~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64finch0\", rpm:\"lib64finch0~2.6.6~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64purple0\", rpm:\"lib64purple0~2.6.6~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64purple-devel\", rpm:\"lib64purple-devel~2.6.6~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-08T12:53:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1624", "CVE-2010-3711"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1014-1", "modified": "2018-01-05T00:00:00", "published": "2010-11-16T00:00:00", "id": "OPENVAS:1361412562310840530", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840530", "type": "openvas", "title": "Ubuntu Update for pidgin vulnerabilities USN-1014-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1014_1.nasl 8296 2018-01-05 07:28:01Z teissa $\n#\n# Ubuntu Update for pidgin vulnerabilities USN-1014-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Pierre Noguès discovered that Pidgin incorrectly handled malformed SLP\n messages in the MSN protocol handler. A remote attacker could send a\n specially crafted message and cause Pidgin to crash, leading to a denial\n of service. This issue only affected Ubuntu 8.04 LTS, 9.10 and 10.04 LTS.\n (CVE-2010-1624)\n\n Daniel Atallah discovered that Pidgin incorrectly handled the return code\n of the Base64 decoding function. A remote attacker could send a specially\n crafted message and cause Pidgin to crash, leading to a denial of service.\n (CVE-2010-3711)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1014-1\";\ntag_affected = \"pidgin vulnerabilities on Ubuntu 8.04 LTS ,\n Ubuntu 9.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1014-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840530\");\n script_version(\"$Revision: 8296 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 08:28:01 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"USN\", value: \"1014-1\");\n script_cve_id(\"CVE-2010-1624\", \"CVE-2010-3711\");\n script_name(\"Ubuntu Update for pidgin vulnerabilities USN-1014-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"finch\", ver:\"2.6.2-1ubuntu7.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpurple0\", ver:\"2.6.2-1ubuntu7.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pidgin-dbg\", ver:\"2.6.2-1ubuntu7.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pidgin\", ver:\"2.6.2-1ubuntu7.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"finch-dev\", ver:\"2.6.2-1ubuntu7.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpurple-bin\", ver:\"2.6.2-1ubuntu7.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpurple-dev\", ver:\"2.6.2-1ubuntu7.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pidgin-data\", ver:\"2.6.2-1ubuntu7.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pidgin-dev\", ver:\"2.6.2-1ubuntu7.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"finch\", ver:\"2.6.6-1ubuntu4.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpurple0\", ver:\"2.6.6-1ubuntu4.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pidgin-dbg\", ver:\"2.6.6-1ubuntu4.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pidgin\", ver:\"2.6.6-1ubuntu4.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"finch-dev\", ver:\"2.6.6-1ubuntu4.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpurple-bin\", ver:\"2.6.6-1ubuntu4.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpurple-dev\", ver:\"2.6.6-1ubuntu4.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pidgin-data\", ver:\"2.6.6-1ubuntu4.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pidgin-dev\", ver:\"2.6.6-1ubuntu4.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"finch\", ver:\"2.4.1-1ubuntu2.10\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpurple0\", ver:\"2.4.1-1ubuntu2.10\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pidgin-dbg\", ver:\"2.4.1-1ubuntu2.10\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pidgin\", ver:\"2.4.1-1ubuntu2.10\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"finch-dev\", ver:\"2.4.1-1ubuntu2.10\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpurple-bin\", ver:\"2.4.1-1ubuntu2.10\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpurple-dev\", ver:\"2.4.1-1ubuntu2.10\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pidgin-data\", ver:\"2.4.1-1ubuntu2.10\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pidgin-dev\", ver:\"2.4.1-1ubuntu2.10\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"gaim\", ver:\"2.4.1-1ubuntu2.10\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-12-12T11:11:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1624", "CVE-2010-3711"], "description": "Check for the Version of pidgin", "modified": "2017-12-12T00:00:00", "published": "2010-10-22T00:00:00", "id": "OPENVAS:870342", "href": "http://plugins.openvas.org/nasl.php?oid=870342", "type": "openvas", "title": "RedHat Update for pidgin RHSA-2010:0788-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for pidgin RHSA-2010:0788-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Pidgin is an instant messaging program which can log in to multiple\n accounts on multiple instant messaging networks simultaneously.\n\n Multiple NULL pointer dereference flaws were found in the way Pidgin\n handled Base64 decoding. A remote attacker could use these flaws to crash\n Pidgin if the target Pidgin user was using the Yahoo! Messenger Protocol,\n MSN, MySpace, or Extensible Messaging and Presence Protocol (XMPP) protocol\n plug-ins, or using the Microsoft NT LAN Manager (NTLM) protocol for\n authentication. (CVE-2010-3711)\n \n A NULL pointer dereference flaw was found in the way the Pidgin MSN\n protocol plug-in processed custom emoticon messages. A remote attacker\n could use this flaw to crash Pidgin by sending specially-crafted emoticon\n messages during mutual communication. (CVE-2010-1624)\n \n Red Hat would like to thank the Pidgin project for reporting these issues.\n Upstream acknowledges Daniel Atallah as the original reporter of\n CVE-2010-3711, and Pierre Nogus of Meta Security as the original reporter\n of CVE-2010-1624.\n \n All Pidgin users should upgrade to these updated packages, which contain\n backported patches to resolve these issues. Pidgin must be restarted for\n this update to take effect.\";\n\ntag_affected = \"pidgin on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-October/msg00027.html\");\n script_id(870342);\n script_version(\"$Revision: 8082 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-12 07:31:24 +0100 (Tue, 12 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-22 16:42:09 +0200 (Fri, 22 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"RHSA\", value: \"2010:0788-01\");\n script_cve_id(\"CVE-2010-1624\", \"CVE-2010-3711\");\n script_name(\"RedHat Update for pidgin RHSA-2010:0788-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of pidgin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.6.6~5.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"finch-devel\", rpm:\"finch-devel~2.6.6~5.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple\", rpm:\"libpurple~2.6.6~5.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.6.6~5.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-perl\", rpm:\"libpurple-perl~2.6.6~5.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-tcl\", rpm:\"libpurple-tcl~2.6.6~5.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.6.6~5.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-debuginfo\", rpm:\"pidgin-debuginfo~2.6.6~5.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-devel\", rpm:\"pidgin-devel~2.6.6~5.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.6.6~5.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:17:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1624", "CVE-2010-3711"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1014-1", "modified": "2017-12-01T00:00:00", "published": "2010-11-16T00:00:00", "id": "OPENVAS:840530", "href": "http://plugins.openvas.org/nasl.php?oid=840530", "type": "openvas", "title": "Ubuntu Update for pidgin vulnerabilities USN-1014-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1014_1.nasl 7965 2017-12-01 07:38:25Z santu $\n#\n# Ubuntu Update for pidgin vulnerabilities USN-1014-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Pierre Noguès discovered that Pidgin incorrectly handled malformed SLP\n messages in the MSN protocol handler. A remote attacker could send a\n specially crafted message and cause Pidgin to crash, leading to a denial\n of service. This issue only affected Ubuntu 8.04 LTS, 9.10 and 10.04 LTS.\n (CVE-2010-1624)\n\n Daniel Atallah discovered that Pidgin incorrectly handled the return code\n of the Base64 decoding function. A remote attacker could send a specially\n crafted message and cause Pidgin to crash, leading to a denial of service.\n (CVE-2010-3711)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1014-1\";\ntag_affected = \"pidgin vulnerabilities on Ubuntu 8.04 LTS ,\n Ubuntu 9.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1014-1/\");\n script_id(840530);\n script_version(\"$Revision: 7965 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:38:25 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"USN\", value: \"1014-1\");\n script_cve_id(\"CVE-2010-1624\", \"CVE-2010-3711\");\n script_name(\"Ubuntu Update for pidgin vulnerabilities USN-1014-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"finch\", ver:\"2.6.2-1ubuntu7.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpurple0\", ver:\"2.6.2-1ubuntu7.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pidgin-dbg\", ver:\"2.6.2-1ubuntu7.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pidgin\", ver:\"2.6.2-1ubuntu7.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"finch-dev\", ver:\"2.6.2-1ubuntu7.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpurple-bin\", ver:\"2.6.2-1ubuntu7.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpurple-dev\", ver:\"2.6.2-1ubuntu7.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pidgin-data\", ver:\"2.6.2-1ubuntu7.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pidgin-dev\", ver:\"2.6.2-1ubuntu7.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"finch\", ver:\"2.6.6-1ubuntu4.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpurple0\", ver:\"2.6.6-1ubuntu4.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pidgin-dbg\", ver:\"2.6.6-1ubuntu4.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pidgin\", ver:\"2.6.6-1ubuntu4.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"finch-dev\", ver:\"2.6.6-1ubuntu4.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpurple-bin\", ver:\"2.6.6-1ubuntu4.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpurple-dev\", ver:\"2.6.6-1ubuntu4.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pidgin-data\", ver:\"2.6.6-1ubuntu4.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pidgin-dev\", ver:\"2.6.6-1ubuntu4.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"finch\", ver:\"2.4.1-1ubuntu2.10\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpurple0\", ver:\"2.4.1-1ubuntu2.10\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pidgin-dbg\", ver:\"2.4.1-1ubuntu2.10\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pidgin\", ver:\"2.4.1-1ubuntu2.10\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"finch-dev\", ver:\"2.4.1-1ubuntu2.10\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpurple-bin\", ver:\"2.4.1-1ubuntu2.10\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpurple-dev\", ver:\"2.4.1-1ubuntu2.10\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pidgin-data\", ver:\"2.4.1-1ubuntu2.10\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pidgin-dev\", ver:\"2.4.1-1ubuntu2.10\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"gaim\", ver:\"2.4.1-1ubuntu2.10\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1624", "CVE-2010-3711"], "description": "Check for the Version of pidgin", "modified": "2017-12-21T00:00:00", "published": "2010-10-22T00:00:00", "id": "OPENVAS:1361412562310870342", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870342", "type": "openvas", "title": "RedHat Update for pidgin RHSA-2010:0788-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for pidgin RHSA-2010:0788-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Pidgin is an instant messaging program which can log in to multiple\n accounts on multiple instant messaging networks simultaneously.\n\n Multiple NULL pointer dereference flaws were found in the way Pidgin\n handled Base64 decoding. A remote attacker could use these flaws to crash\n Pidgin if the target Pidgin user was using the Yahoo! Messenger Protocol,\n MSN, MySpace, or Extensible Messaging and Presence Protocol (XMPP) protocol\n plug-ins, or using the Microsoft NT LAN Manager (NTLM) protocol for\n authentication. (CVE-2010-3711)\n \n A NULL pointer dereference flaw was found in the way the Pidgin MSN\n protocol plug-in processed custom emoticon messages. A remote attacker\n could use this flaw to crash Pidgin by sending specially-crafted emoticon\n messages during mutual communication. (CVE-2010-1624)\n \n Red Hat would like to thank the Pidgin project for reporting these issues.\n Upstream acknowledges Daniel Atallah as the original reporter of\n CVE-2010-3711, and Pierre Nogus of Meta Security as the original reporter\n of CVE-2010-1624.\n \n All Pidgin users should upgrade to these updated packages, which contain\n backported patches to resolve these issues. Pidgin must be restarted for\n this update to take effect.\";\n\ntag_affected = \"pidgin on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-October/msg00027.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870342\");\n script_version(\"$Revision: 8207 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 08:30:12 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-22 16:42:09 +0200 (Fri, 22 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"RHSA\", value: \"2010:0788-01\");\n script_cve_id(\"CVE-2010-1624\", \"CVE-2010-3711\");\n script_name(\"RedHat Update for pidgin RHSA-2010:0788-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of pidgin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.6.6~5.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"finch-devel\", rpm:\"finch-devel~2.6.6~5.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple\", rpm:\"libpurple~2.6.6~5.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.6.6~5.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-perl\", rpm:\"libpurple-perl~2.6.6~5.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-tcl\", rpm:\"libpurple-tcl~2.6.6~5.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.6.6~5.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-debuginfo\", rpm:\"pidgin-debuginfo~2.6.6~5.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-devel\", rpm:\"pidgin-devel~2.6.6~5.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.6.6~5.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-12-21T11:32:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1624", "CVE-2010-2528"], "description": "Check for the Version of pidgin", "modified": "2017-12-21T00:00:00", "published": "2010-07-30T00:00:00", "id": "OPENVAS:862282", "href": "http://plugins.openvas.org/nasl.php?oid=862282", "type": "openvas", "title": "Fedora Update for pidgin FEDORA-2010-11321", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for pidgin FEDORA-2010-11321\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Pidgin allows you to talk to anyone using a variety of messaging\n protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu,\n ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and\n Zephyr. These protocols are implemented using a modular, easy to\n use design. To use a protocol, just add an account using the\n account editor.\n\n Pidgin supports many common features of other clients, as well as many\n unique features, such as perl scripting, TCL scripting and C plugins.\n \n Pidgin is not affiliated with or endorsed by America Online, Inc.,\n Microsoft Corporation, Yahoo! Inc., or ICQ Inc.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"pidgin on Fedora 13\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044518.html\");\n script_id(862282);\n script_version(\"$Revision: 8205 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 07:30:37 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-30 15:25:34 +0200 (Fri, 30 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-11321\");\n script_cve_id(\"CVE-2010-2528\", \"CVE-2010-1624\");\n script_name(\"Fedora Update for pidgin FEDORA-2010-11321\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of pidgin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.7.2~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1624", "CVE-2010-3711"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:1361412562310880618", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880618", "type": "openvas", "title": "CentOS Update for finch CESA-2010:0788 centos5 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for finch CESA-2010:0788 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2010-October/017101.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880618\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"CESA\", value:\"2010:0788\");\n script_cve_id(\"CVE-2010-1624\", \"CVE-2010-3711\");\n script_name(\"CentOS Update for finch CESA-2010:0788 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'finch'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"finch on CentOS 5\");\n script_tag(name:\"insight\", value:\"Pidgin is an instant messaging program which can log in to multiple\n accounts on multiple instant messaging networks simultaneously.\n\n Multiple NULL pointer dereference flaws were found in the way Pidgin\n handled Base64 decoding. A remote attacker could use these flaws to crash\n Pidgin if the target Pidgin user was using the Yahoo! Messenger Protocol,\n MSN, MySpace, or Extensible Messaging and Presence Protocol (XMPP) protocol\n plug-ins, or using the Microsoft NT LAN Manager (NTLM) protocol for\n authentication. (CVE-2010-3711)\n\n A NULL pointer dereference flaw was found in the way the Pidgin MSN\n protocol plug-in processed custom emoticon messages. A remote attacker\n could use this flaw to crash Pidgin by sending specially-crafted emoticon\n messages during mutual communication. (CVE-2010-1624)\n\n Red Hat would like to thank the Pidgin project for reporting these issues.\n Upstream acknowledges Daniel Atallah as the original reporter of\n CVE-2010-3711, and Pierre Nogus of Meta Security as the original reporter\n of CVE-2010-1624.\n\n All Pidgin users should upgrade to these updated packages, which contain\n backported patches to resolve these issues. Pidgin must be restarted for\n this update to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.6.6~5.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"finch-devel\", rpm:\"finch-devel~2.6.6~5.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple\", rpm:\"libpurple~2.6.6~5.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.6.6~5.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-perl\", rpm:\"libpurple-perl~2.6.6~5.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-tcl\", rpm:\"libpurple-tcl~2.6.6~5.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.6.6~5.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-devel\", rpm:\"pidgin-devel~2.6.6~5.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.6.6~5.el5_5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-01-19T15:05:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1624", "CVE-2010-3711"], "description": "Check for the Version of finch", "modified": "2018-01-19T00:00:00", "published": "2010-11-04T00:00:00", "id": "OPENVAS:1361412562310880447", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880447", "type": "openvas", "title": "CentOS Update for finch CESA-2010:0788 centos4 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for finch CESA-2010:0788 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Pidgin is an instant messaging program which can log in to multiple\n accounts on multiple instant messaging networks simultaneously.\n\n Multiple NULL pointer dereference flaws were found in the way Pidgin\n handled Base64 decoding. A remote attacker could use these flaws to crash\n Pidgin if the target Pidgin user was using the Yahoo! Messenger Protocol,\n MSN, MySpace, or Extensible Messaging and Presence Protocol (XMPP) protocol\n plug-ins, or using the Microsoft NT LAN Manager (NTLM) protocol for\n authentication. (CVE-2010-3711)\n\n A NULL pointer dereference flaw was found in the way the Pidgin MSN\n protocol plug-in processed custom emoticon messages. A remote attacker\n could use this flaw to crash Pidgin by sending specially-crafted emoticon\n messages during mutual communication. (CVE-2010-1624)\n\n Red Hat would like to thank the Pidgin project for reporting these issues.\n Upstream acknowledges Daniel Atallah as the original reporter of\n CVE-2010-3711, and Pierre Nogus of Meta Security as the original reporter\n of CVE-2010-1624.\n\n All Pidgin users should upgrade to these updated packages, which contain\n backported patches to resolve these issues. Pidgin must be restarted for\n this update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"finch on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-October/017117.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880447\");\n script_version(\"$Revision: 8469 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-19 08:58:21 +0100 (Fri, 19 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-04 12:09:38 +0100 (Thu, 04 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2010:0788\");\n script_cve_id(\"CVE-2010-1624\", \"CVE-2010-3711\");\n script_name(\"CentOS Update for finch CESA-2010:0788 centos4 i386\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of finch\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.6.6~5.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"finch-devel\", rpm:\"finch-devel~2.6.6~5.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple\", rpm:\"libpurple~2.6.6~5.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.6.6~5.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-perl\", rpm:\"libpurple-perl~2.6.6~5.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-tcl\", rpm:\"libpurple-tcl~2.6.6~5.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.6.6~5.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-devel\", rpm:\"pidgin-devel~2.6.6~5.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.6.6~5.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-07T11:52:41", "description": "A security vulnerability has been identified and fixed in pidgin :\n\nThe msn_emoticon_msg function in slp.c in the MSN protocol plugin in\nlibpurple in Pidgin before 2.7.0 allows remote attackers to cause a\ndenial of service (application crash) via a custom emoticon in a\nmalformed SLP message (CVE-2010-1624).\n\nPackages for 2008.0 and 2009.0 are provided due to the Extended\nMaintenance Program for those products.\n\nThe updated packages have been patched to correct this issue.", "edition": 24, "published": "2010-05-19T00:00:00", "title": "Mandriva Linux Security Advisory : pidgin (MDVSA-2010:097)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1624"], "modified": "2010-05-19T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:pidgin-bonjour", "p-cpe:/a:mandriva:linux:lib64finch0", "p-cpe:/a:mandriva:linux:lib64purple0", "cpe:/o:mandriva:linux:2009.0", "p-cpe:/a:mandriva:linux:pidgin-tcl", "p-cpe:/a:mandriva:linux:lib64purple-devel", "p-cpe:/a:mandriva:linux:pidgin-mono", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:pidgin-plugins", "cpe:/o:mandriva:linux:2009.1", "p-cpe:/a:mandriva:linux:libpurple0", "p-cpe:/a:mandriva:linux:pidgin", "cpe:/o:mandriva:linux:2010.0", "p-cpe:/a:mandriva:linux:pidgin-client", "p-cpe:/a:mandriva:linux:libfinch0", "p-cpe:/a:mandriva:linux:pidgin-gevolution", "p-cpe:/a:mandriva:linux:finch", "p-cpe:/a:mandriva:linux:pidgin-perl", "p-cpe:/a:mandriva:linux:pidgin-silc", "p-cpe:/a:mandriva:linux:pidgin-meanwhile", "p-cpe:/a:mandriva:linux:libpurple-devel", "p-cpe:/a:mandriva:linux:pidgin-i18n"], "id": "MANDRIVA_MDVSA-2010-097.NASL", "href": "https://www.tenable.com/plugins/nessus/46663", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:097. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46663);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-1624\");\n script_bugtraq_id(40138);\n script_xref(name:\"MDVSA\", value:\"2010:097\");\n\n script_name(english:\"Mandriva Linux Security Advisory : pidgin (MDVSA-2010:097)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A security vulnerability has been identified and fixed in pidgin :\n\nThe msn_emoticon_msg function in slp.c in the MSN protocol plugin in\nlibpurple in Pidgin before 2.7.0 allows remote attackers to cause a\ndenial of service (application crash) via a custom emoticon in a\nmalformed SLP message (CVE-2010-1624).\n\nPackages for 2008.0 and 2009.0 are provided due to the Extended\nMaintenance Program for those products.\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://pidgin.im/news/security/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:finch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64finch0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64purple-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64purple0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libfinch0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpurple-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpurple0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-bonjour\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-gevolution\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-i18n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-meanwhile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-mono\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-silc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"finch-2.6.6-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64finch0-2.6.6-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64purple-devel-2.6.6-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64purple0-2.6.6-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libfinch0-2.6.6-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libpurple-devel-2.6.6-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libpurple0-2.6.6-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"pidgin-2.6.6-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"pidgin-bonjour-2.6.6-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"pidgin-client-2.6.6-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"pidgin-gevolution-2.6.6-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"pidgin-i18n-2.6.6-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"pidgin-meanwhile-2.6.6-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"pidgin-mono-2.6.6-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"pidgin-perl-2.6.6-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"pidgin-plugins-2.6.6-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"pidgin-silc-2.6.6-0.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"pidgin-tcl-2.6.6-0.2mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", reference:\"finch-2.6.6-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64finch0-2.6.6-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64purple-devel-2.6.6-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64purple0-2.6.6-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libfinch0-2.6.6-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libpurple-devel-2.6.6-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libpurple0-2.6.6-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"pidgin-2.6.6-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"pidgin-bonjour-2.6.6-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"pidgin-client-2.6.6-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"pidgin-gevolution-2.6.6-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"pidgin-i18n-2.6.6-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"pidgin-meanwhile-2.6.6-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"pidgin-mono-2.6.6-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"pidgin-perl-2.6.6-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"pidgin-plugins-2.6.6-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"pidgin-silc-2.6.6-0.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"pidgin-tcl-2.6.6-0.2mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.1\", reference:\"finch-2.6.6-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64finch0-2.6.6-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64purple-devel-2.6.6-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64purple0-2.6.6-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libfinch0-2.6.6-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libpurple-devel-2.6.6-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libpurple0-2.6.6-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"pidgin-2.6.6-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"pidgin-bonjour-2.6.6-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"pidgin-client-2.6.6-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"pidgin-gevolution-2.6.6-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"pidgin-i18n-2.6.6-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"pidgin-meanwhile-2.6.6-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"pidgin-mono-2.6.6-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"pidgin-perl-2.6.6-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"pidgin-plugins-2.6.6-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"pidgin-silc-2.6.6-0.2mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"pidgin-tcl-2.6.6-0.2mdv2009.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.0\", reference:\"finch-2.6.6-0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64finch0-2.6.6-0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64purple-devel-2.6.6-0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"x86_64\", reference:\"lib64purple0-2.6.6-0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libfinch0-2.6.6-0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libpurple-devel-2.6.6-0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", cpu:\"i386\", reference:\"libpurple0-2.6.6-0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"pidgin-2.6.6-0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"pidgin-bonjour-2.6.6-0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"pidgin-client-2.6.6-0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"pidgin-gevolution-2.6.6-0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"pidgin-i18n-2.6.6-0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"pidgin-meanwhile-2.6.6-0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"pidgin-mono-2.6.6-0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"pidgin-perl-2.6.6-0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"pidgin-plugins-2.6.6-0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"pidgin-silc-2.6.6-0.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"pidgin-tcl-2.6.6-0.2mdv2010.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:08:53", "description": "2.7.0 with new features, bug fixes and a security fix for\nCVE-2010-1624 Full Upstream ChangeLog: *\nhttp://developer.pidgin.im/wiki/ChangeLog Fedora packaging changes: *\nUse System SSL Certificates * Add additional dependencies for Voice +\nVideo\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2010-07-01T00:00:00", "title": "Fedora 13 : pidgin-2.7.0-2.fc13 (2010-8503)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1624"], "modified": "2010-07-01T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:13", "p-cpe:/a:fedoraproject:fedora:pidgin"], "id": "FEDORA_2010-8503.NASL", "href": "https://www.tenable.com/plugins/nessus/47494", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-8503.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47494);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-1624\");\n script_bugtraq_id(40138);\n script_xref(name:\"FEDORA\", value:\"2010-8503\");\n\n script_name(english:\"Fedora 13 : pidgin-2.7.0-2.fc13 (2010-8503)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"2.7.0 with new features, bug fixes and a security fix for\nCVE-2010-1624 Full Upstream ChangeLog: *\nhttp://developer.pidgin.im/wiki/ChangeLog Fedora packaging changes: *\nUse System SSL Certificates * Add additional dependencies for Voice +\nVideo\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://developer.pidgin.im/wiki/ChangeLog\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://developer.pidgin.im/wiki/ChangeLog\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=589973\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-May/041812.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?aa15375f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pidgin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"pidgin-2.7.0-2.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pidgin\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T09:10:33", "description": "New pidgin packages are available for Slackware 12.0, 12.1, 12.2,\n13.0, and -current to fix a security issue.", "edition": 23, "published": "2010-05-19T00:00:00", "title": "Slackware 12.0 / 12.1 / 12.2 / 13.0 / current : pidgin (SSA:2010-138-01)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1624"], "modified": "2010-05-19T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:12.0", "cpe:/o:slackware:slackware_linux:12.2", "cpe:/o:slackware:slackware_linux:13.0", "p-cpe:/a:slackware:slackware_linux:pidgin", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:12.1"], "id": "SLACKWARE_SSA_2010-138-01.NASL", "href": "https://www.tenable.com/plugins/nessus/46358", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2010-138-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46358);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1624\");\n script_bugtraq_id(40138);\n script_xref(name:\"SSA\", value:\"2010-138-01\");\n\n script_name(english:\"Slackware 12.0 / 12.1 / 12.2 / 13.0 / current : pidgin (SSA:2010-138-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New pidgin packages are available for Slackware 12.0, 12.1, 12.2,\n13.0, and -current to fix a security issue.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.441227\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?87cdd707\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pidgin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"12.0\", pkgname:\"pidgin\", pkgver:\"2.7.0\", pkgarch:\"i486\", pkgnum:\"1_slack12.0\")) flag++;\n\nif (slackware_check(osver:\"12.1\", pkgname:\"pidgin\", pkgver:\"2.7.0\", pkgarch:\"i486\", pkgnum:\"1_slack12.1\")) flag++;\n\nif (slackware_check(osver:\"12.2\", pkgname:\"pidgin\", pkgver:\"2.7.0\", pkgarch:\"i486\", pkgnum:\"1_slack12.2\")) flag++;\n\nif (slackware_check(osver:\"13.0\", pkgname:\"pidgin\", pkgver:\"2.7.0\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"pidgin\", pkgver:\"2.7.0\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"pidgin\", pkgver:\"2.7.0\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"pidgin\", pkgver:\"2.7.0\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T13:08:23", "description": "Updated pidgin packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nMultiple NULL pointer dereference flaws were found in the way Pidgin\nhandled Base64 decoding. A remote attacker could use these flaws to\ncrash Pidgin if the target Pidgin user was using the Yahoo! Messenger\nProtocol, MSN, MySpace, or Extensible Messaging and Presence Protocol\n(XMPP) protocol plug-ins, or using the Microsoft NT LAN Manager (NTLM)\nprotocol for authentication. (CVE-2010-3711)\n\nA NULL pointer dereference flaw was found in the way the Pidgin MSN\nprotocol plug-in processed custom emoticon messages. A remote attacker\ncould use this flaw to crash Pidgin by sending specially crafted\nemoticon messages during mutual communication. (CVE-2010-1624)\n\nRed Hat would like to thank the Pidgin project for reporting these\nissues. Upstream acknowledges Daniel Atallah as the original reporter\nof CVE-2010-3711, and Pierre Nogues of Meta Security as the original\nreporter of CVE-2010-1624.\n\nAll Pidgin users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Pidgin must be\nrestarted for this update to take effect.", "edition": 27, "published": "2010-10-22T00:00:00", "title": "RHEL 4 / 5 : pidgin (RHSA-2010:0788)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1624", "CVE-2010-3711"], "modified": "2010-10-22T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:pidgin-perl", "cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:libpurple", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:libpurple-perl", "cpe:/o:redhat:enterprise_linux:4.8", "p-cpe:/a:redhat:enterprise_linux:pidgin-devel", "p-cpe:/a:redhat:enterprise_linux:pidgin", "p-cpe:/a:redhat:enterprise_linux:finch-devel", "p-cpe:/a:redhat:enterprise_linux:libpurple-devel", "p-cpe:/a:redhat:enterprise_linux:finch", "p-cpe:/a:redhat:enterprise_linux:libpurple-tcl"], "id": "REDHAT-RHSA-2010-0788.NASL", "href": "https://www.tenable.com/plugins/nessus/50297", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0788. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50297);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1624\", \"CVE-2010-3711\");\n script_bugtraq_id(40138, 44283);\n script_xref(name:\"RHSA\", value:\"2010:0788\");\n\n script_name(english:\"RHEL 4 / 5 : pidgin (RHSA-2010:0788)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated pidgin packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nMultiple NULL pointer dereference flaws were found in the way Pidgin\nhandled Base64 decoding. A remote attacker could use these flaws to\ncrash Pidgin if the target Pidgin user was using the Yahoo! Messenger\nProtocol, MSN, MySpace, or Extensible Messaging and Presence Protocol\n(XMPP) protocol plug-ins, or using the Microsoft NT LAN Manager (NTLM)\nprotocol for authentication. (CVE-2010-3711)\n\nA NULL pointer dereference flaw was found in the way the Pidgin MSN\nprotocol plug-in processed custom emoticon messages. A remote attacker\ncould use this flaw to crash Pidgin by sending specially crafted\nemoticon messages during mutual communication. (CVE-2010-1624)\n\nRed Hat would like to thank the Pidgin project for reporting these\nissues. Upstream acknowledges Daniel Atallah as the original reporter\nof CVE-2010-3711, and Pierre Nogues of Meta Security as the original\nreporter of CVE-2010-1624.\n\nAll Pidgin users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Pidgin must be\nrestarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1624\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0788\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:finch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:finch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpurple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpurple-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpurple-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libpurple-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pidgin-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pidgin-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0788\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"finch-2.6.6-5.el4_8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"finch-2.6.6-5.el4_8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"finch-devel-2.6.6-5.el4_8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"finch-devel-2.6.6-5.el4_8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"libpurple-2.6.6-5.el4_8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"libpurple-2.6.6-5.el4_8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"libpurple-devel-2.6.6-5.el4_8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"libpurple-devel-2.6.6-5.el4_8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"libpurple-perl-2.6.6-5.el4_8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"libpurple-perl-2.6.6-5.el4_8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"libpurple-tcl-2.6.6-5.el4_8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"libpurple-tcl-2.6.6-5.el4_8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"pidgin-2.6.6-5.el4_8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"pidgin-2.6.6-5.el4_8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"pidgin-devel-2.6.6-5.el4_8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"pidgin-devel-2.6.6-5.el4_8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"pidgin-perl-2.6.6-5.el4_8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"pidgin-perl-2.6.6-5.el4_8\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"finch-2.6.6-5.el5_5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"finch-2.6.6-5.el5_5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"finch-devel-2.6.6-5.el5_5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"finch-devel-2.6.6-5.el5_5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"libpurple-2.6.6-5.el5_5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"libpurple-2.6.6-5.el5_5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"libpurple-devel-2.6.6-5.el5_5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"libpurple-devel-2.6.6-5.el5_5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"libpurple-perl-2.6.6-5.el5_5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"libpurple-perl-2.6.6-5.el5_5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"libpurple-tcl-2.6.6-5.el5_5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"libpurple-tcl-2.6.6-5.el5_5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"pidgin-2.6.6-5.el5_5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"pidgin-2.6.6-5.el5_5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"pidgin-devel-2.6.6-5.el5_5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"pidgin-devel-2.6.6-5.el5_5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"pidgin-perl-2.6.6-5.el5_5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"pidgin-perl-2.6.6-5.el5_5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"finch / finch-devel / libpurple / libpurple-devel / libpurple-perl / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:08:53", "description": "2.7.0 with new features, bug fixes and a security fix for\nCVE-2010-1624 Full Upstream ChangeLog: *\nhttp://developer.pidgin.im/wiki/ChangeLog Fedora packaging changes: *\nUse System SSL Certificates * Add additional dependencies for Voice +\nVideo\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2010-07-01T00:00:00", "title": "Fedora 12 : pidgin-2.7.0-2.fc12 (2010-8524)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1624", "CVE-2010-0013"], "modified": "2010-07-01T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:12", "p-cpe:/a:fedoraproject:fedora:pidgin"], "id": "FEDORA_2010-8524.NASL", "href": "https://www.tenable.com/plugins/nessus/47496", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-8524.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47496);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-0013\", \"CVE-2010-1624\");\n script_bugtraq_id(37524, 38294, 40138);\n script_xref(name:\"FEDORA\", value:\"2010-8524\");\n\n script_name(english:\"Fedora 12 : pidgin-2.7.0-2.fc12 (2010-8524)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"2.7.0 with new features, bug fixes and a security fix for\nCVE-2010-1624 Full Upstream ChangeLog: *\nhttp://developer.pidgin.im/wiki/ChangeLog Fedora packaging changes: *\nUse System SSL Certificates * Add additional dependencies for Voice +\nVideo\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://developer.pidgin.im/wiki/ChangeLog\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://developer.pidgin.im/wiki/ChangeLog\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=589973\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-May/041846.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?af055530\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pidgin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(22);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"pidgin-2.7.0-2.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pidgin\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-17T12:45:26", "description": "From Red Hat Security Advisory 2010:0788 :\n\nUpdated pidgin packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nMultiple NULL pointer dereference flaws were found in the way Pidgin\nhandled Base64 decoding. A remote attacker could use these flaws to\ncrash Pidgin if the target Pidgin user was using the Yahoo! Messenger\nProtocol, MSN, MySpace, or Extensible Messaging and Presence Protocol\n(XMPP) protocol plug-ins, or using the Microsoft NT LAN Manager (NTLM)\nprotocol for authentication. (CVE-2010-3711)\n\nA NULL pointer dereference flaw was found in the way the Pidgin MSN\nprotocol plug-in processed custom emoticon messages. A remote attacker\ncould use this flaw to crash Pidgin by sending specially crafted\nemoticon messages during mutual communication. (CVE-2010-1624)\n\nRed Hat would like to thank the Pidgin project for reporting these\nissues. Upstream acknowledges Daniel Atallah as the original reporter\nof CVE-2010-3711, and Pierre Nogues of Meta Security as the original\nreporter of CVE-2010-1624.\n\nAll Pidgin users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Pidgin must be\nrestarted for this update to take effect.", "edition": 24, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 : pidgin (ELSA-2010-0788)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1624", "CVE-2010-3711"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:pidgin", "p-cpe:/a:oracle:linux:libpurple-devel", "p-cpe:/a:oracle:linux:finch", "p-cpe:/a:oracle:linux:pidgin-perl", "p-cpe:/a:oracle:linux:libpurple", "p-cpe:/a:oracle:linux:libpurple-tcl", "p-cpe:/a:oracle:linux:finch-devel", "p-cpe:/a:oracle:linux:libpurple-perl", "cpe:/o:oracle:linux:4", "p-cpe:/a:oracle:linux:pidgin-devel"], "id": "ORACLELINUX_ELSA-2010-0788.NASL", "href": "https://www.tenable.com/plugins/nessus/68124", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2010:0788 and \n# Oracle Linux Security Advisory ELSA-2010-0788 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68124);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1624\", \"CVE-2010-3711\");\n script_bugtraq_id(40138, 44283);\n script_xref(name:\"RHSA\", value:\"2010:0788\");\n\n script_name(english:\"Oracle Linux 4 : pidgin (ELSA-2010-0788)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2010:0788 :\n\nUpdated pidgin packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nMultiple NULL pointer dereference flaws were found in the way Pidgin\nhandled Base64 decoding. A remote attacker could use these flaws to\ncrash Pidgin if the target Pidgin user was using the Yahoo! Messenger\nProtocol, MSN, MySpace, or Extensible Messaging and Presence Protocol\n(XMPP) protocol plug-ins, or using the Microsoft NT LAN Manager (NTLM)\nprotocol for authentication. (CVE-2010-3711)\n\nA NULL pointer dereference flaw was found in the way the Pidgin MSN\nprotocol plug-in processed custom emoticon messages. A remote attacker\ncould use this flaw to crash Pidgin by sending specially crafted\nemoticon messages during mutual communication. (CVE-2010-1624)\n\nRed Hat would like to thank the Pidgin project for reporting these\nissues. Upstream acknowledges Daniel Atallah as the original reporter\nof CVE-2010-3711, and Pierre Nogues of Meta Security as the original\nreporter of CVE-2010-1624.\n\nAll Pidgin users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Pidgin must be\nrestarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2010-October/001704.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pidgin packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:finch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:finch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libpurple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libpurple-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libpurple-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libpurple-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pidgin-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pidgin-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"finch-2.6.6-5.el4_8\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"finch-devel-2.6.6-5.el4_8\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libpurple-2.6.6-5.el4_8\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libpurple-devel-2.6.6-5.el4_8\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libpurple-perl-2.6.6-5.el4_8\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"libpurple-tcl-2.6.6-5.el4_8\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"pidgin-2.6.6-5.el4_8\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"pidgin-devel-2.6.6-5.el4_8\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"pidgin-perl-2.6.6-5.el4_8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"finch / finch-devel / libpurple / libpurple-devel / libpurple-perl / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-06T09:26:43", "description": "Updated pidgin packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nMultiple NULL pointer dereference flaws were found in the way Pidgin\nhandled Base64 decoding. A remote attacker could use these flaws to\ncrash Pidgin if the target Pidgin user was using the Yahoo! Messenger\nProtocol, MSN, MySpace, or Extensible Messaging and Presence Protocol\n(XMPP) protocol plug-ins, or using the Microsoft NT LAN Manager (NTLM)\nprotocol for authentication. (CVE-2010-3711)\n\nA NULL pointer dereference flaw was found in the way the Pidgin MSN\nprotocol plug-in processed custom emoticon messages. A remote attacker\ncould use this flaw to crash Pidgin by sending specially crafted\nemoticon messages during mutual communication. (CVE-2010-1624)\n\nRed Hat would like to thank the Pidgin project for reporting these\nissues. Upstream acknowledges Daniel Atallah as the original reporter\nof CVE-2010-3711, and Pierre Nogues of Meta Security as the original\nreporter of CVE-2010-1624.\n\nAll Pidgin users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Pidgin must be\nrestarted for this update to take effect.", "edition": 26, "published": "2010-11-24T00:00:00", "title": "CentOS 4 / 5 : pidgin (CESA-2010:0788)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1624", "CVE-2010-3711"], "modified": "2010-11-24T00:00:00", "cpe": ["p-cpe:/a:centos:centos:libpurple-tcl", "p-cpe:/a:centos:centos:pidgin-perl", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:finch-devel", "p-cpe:/a:centos:centos:libpurple-devel", "p-cpe:/a:centos:centos:libpurple", "p-cpe:/a:centos:centos:pidgin", "p-cpe:/a:centos:centos:finch", "p-cpe:/a:centos:centos:pidgin-devel", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:libpurple-perl"], "id": "CENTOS_RHSA-2010-0788.NASL", "href": "https://www.tenable.com/plugins/nessus/50796", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0788 and \n# CentOS Errata and Security Advisory 2010:0788 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50796);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-1624\", \"CVE-2010-3711\");\n script_bugtraq_id(40138, 44283);\n script_xref(name:\"RHSA\", value:\"2010:0788\");\n\n script_name(english:\"CentOS 4 / 5 : pidgin (CESA-2010:0788)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated pidgin packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nMultiple NULL pointer dereference flaws were found in the way Pidgin\nhandled Base64 decoding. A remote attacker could use these flaws to\ncrash Pidgin if the target Pidgin user was using the Yahoo! Messenger\nProtocol, MSN, MySpace, or Extensible Messaging and Presence Protocol\n(XMPP) protocol plug-ins, or using the Microsoft NT LAN Manager (NTLM)\nprotocol for authentication. (CVE-2010-3711)\n\nA NULL pointer dereference flaw was found in the way the Pidgin MSN\nprotocol plug-in processed custom emoticon messages. A remote attacker\ncould use this flaw to crash Pidgin by sending specially crafted\nemoticon messages during mutual communication. (CVE-2010-1624)\n\nRed Hat would like to thank the Pidgin project for reporting these\nissues. Upstream acknowledges Daniel Atallah as the original reporter\nof CVE-2010-3711, and Pierre Nogues of Meta Security as the original\nreporter of CVE-2010-1624.\n\nAll Pidgin users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Pidgin must be\nrestarted for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-October/017101.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f071f03b\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-October/017102.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dc026e12\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-October/017117.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0bfd5b4f\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2010-October/017118.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?962223c8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pidgin packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:finch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:finch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpurple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpurple-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpurple-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpurple-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pidgin-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pidgin-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"finch-2.6.6-5.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"finch-2.6.6-5.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"finch-devel-2.6.6-5.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"finch-devel-2.6.6-5.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"libpurple-2.6.6-5.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"libpurple-2.6.6-5.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"libpurple-devel-2.6.6-5.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"libpurple-devel-2.6.6-5.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"libpurple-perl-2.6.6-5.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"libpurple-perl-2.6.6-5.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"libpurple-tcl-2.6.6-5.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"libpurple-tcl-2.6.6-5.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"pidgin-2.6.6-5.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"pidgin-2.6.6-5.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"pidgin-devel-2.6.6-5.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"pidgin-devel-2.6.6-5.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"pidgin-perl-2.6.6-5.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"pidgin-perl-2.6.6-5.el4\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"finch-2.6.6-5.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"finch-devel-2.6.6-5.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libpurple-2.6.6-5.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libpurple-devel-2.6.6-5.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libpurple-perl-2.6.6-5.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libpurple-tcl-2.6.6-5.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"pidgin-2.6.6-5.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"pidgin-devel-2.6.6-5.el5_5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"pidgin-perl-2.6.6-5.el5_5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"finch / finch-devel / libpurple / libpurple-devel / libpurple-perl / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T06:34:04", "description": "Pierre Nogues discovered that Pidgin incorrectly handled malformed\nSLP messages in the MSN protocol handler. A remote attacker could send\na specially crafted message and cause Pidgin to crash, leading to a\ndenial of service. This issue only affected Ubuntu 8.04 LTS, 9.10 and\n10.04 LTS. (CVE-2010-1624)\n\nDaniel Atallah discovered that Pidgin incorrectly handled the return\ncode of the Base64 decoding function. A remote attacker could send a\nspecially crafted message and cause Pidgin to crash, leading to a\ndenial of service. (CVE-2010-3711).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2010-11-05T00:00:00", "title": "Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : pidgin vulnerabilities (USN-1014-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1624", "CVE-2010-3711"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libpurple0", "p-cpe:/a:canonical:ubuntu_linux:pidgin-dev", "p-cpe:/a:canonical:ubuntu_linux:pidgin-data", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:finch", "p-cpe:/a:canonical:ubuntu_linux:libpurple-dev", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "p-cpe:/a:canonical:ubuntu_linux:finch-dev", "cpe:/o:canonical:ubuntu_linux:9.10", "p-cpe:/a:canonical:ubuntu_linux:gaim", "p-cpe:/a:canonical:ubuntu_linux:libpurple-bin", "p-cpe:/a:canonical:ubuntu_linux:pidgin-dbg", "p-cpe:/a:canonical:ubuntu_linux:pidgin"], "id": "UBUNTU_USN-1014-1.NASL", "href": "https://www.tenable.com/plugins/nessus/50492", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1014-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50492);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:26\");\n\n script_cve_id(\"CVE-2010-1624\", \"CVE-2010-3711\");\n script_bugtraq_id(40138, 44283);\n script_xref(name:\"USN\", value:\"1014-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : pidgin vulnerabilities (USN-1014-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Pierre Nogues discovered that Pidgin incorrectly handled malformed\nSLP messages in the MSN protocol handler. A remote attacker could send\na specially crafted message and cause Pidgin to crash, leading to a\ndenial of service. This issue only affected Ubuntu 8.04 LTS, 9.10 and\n10.04 LTS. (CVE-2010-1624)\n\nDaniel Atallah discovered that Pidgin incorrectly handled the return\ncode of the Base64 decoding function. A remote attacker could send a\nspecially crafted message and cause Pidgin to crash, leading to a\ndenial of service. (CVE-2010-3711).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1014-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:finch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:finch-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gaim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpurple-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpurple-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpurple0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pidgin-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pidgin-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pidgin-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|9\\.10|10\\.04|10\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 9.10 / 10.04 / 10.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"finch\", pkgver:\"2.4.1-1ubuntu2.10\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"finch-dev\", pkgver:\"2.4.1-1ubuntu2.10\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"gaim\", pkgver:\"2.4.1-1ubuntu2.10\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libpurple-bin\", pkgver:\"2.4.1-1ubuntu2.10\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libpurple-dev\", pkgver:\"2.4.1-1ubuntu2.10\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libpurple0\", pkgver:\"2.4.1-1ubuntu2.10\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"pidgin\", pkgver:\"1:2.4.1-1ubuntu2.10\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"pidgin-data\", pkgver:\"2.4.1-1ubuntu2.10\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"pidgin-dbg\", pkgver:\"2.4.1-1ubuntu2.10\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"pidgin-dev\", pkgver:\"2.4.1-1ubuntu2.10\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"finch\", pkgver:\"2.6.2-1ubuntu7.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"finch-dev\", pkgver:\"2.6.2-1ubuntu7.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libpurple-bin\", pkgver:\"2.6.2-1ubuntu7.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libpurple-dev\", pkgver:\"2.6.2-1ubuntu7.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libpurple0\", pkgver:\"2.6.2-1ubuntu7.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"pidgin\", pkgver:\"1:2.6.2-1ubuntu7.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"pidgin-data\", pkgver:\"2.6.2-1ubuntu7.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"pidgin-dbg\", pkgver:\"2.6.2-1ubuntu7.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"pidgin-dev\", pkgver:\"2.6.2-1ubuntu7.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"finch\", pkgver:\"2.6.6-1ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"finch-dev\", pkgver:\"2.6.6-1ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libpurple-bin\", pkgver:\"2.6.6-1ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libpurple-dev\", pkgver:\"2.6.6-1ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libpurple0\", pkgver:\"2.6.6-1ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"pidgin\", pkgver:\"1:2.6.6-1ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"pidgin-data\", pkgver:\"2.6.6-1ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"pidgin-dbg\", pkgver:\"2.6.6-1ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"pidgin-dev\", pkgver:\"2.6.6-1ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"finch\", pkgver:\"2.7.3-1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"finch-dev\", pkgver:\"2.7.3-1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libpurple-bin\", pkgver:\"2.7.3-1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libpurple-dev\", pkgver:\"2.7.3-1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libpurple0\", pkgver:\"2.7.3-1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"pidgin\", pkgver:\"1:2.7.3-1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"pidgin-data\", pkgver:\"2.7.3-1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"pidgin-dbg\", pkgver:\"2.7.3-1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"pidgin-dev\", pkgver:\"2.7.3-1ubuntu3.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"finch / finch-dev / gaim / libpurple-bin / libpurple-dev / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T13:45:10", "description": "Multiple NULL pointer dereference flaws were found in the way Pidgin\nhandled Base64 decoding. A remote attacker could use these flaws to\ncrash Pidgin if the target Pidgin user was using the Yahoo! Messenger\nProtocol, MSN, MySpace, or Extensible Messaging and Presence Protocol\n(XMPP) protocol plug-ins, or using the Microsoft NT LAN Manager (NTLM)\nprotocol for authentication. (CVE-2010-3711)\n\nA NULL pointer dereference flaw was found in the way the Pidgin MSN\nprotocol plug-in processed custom emoticon messages. A remote attacker\ncould use this flaw to crash Pidgin by sending specially crafted\nemoticon messages during mutual communication. (CVE-2010-1624)\n\nPidgin must be restarted for this update to take effect.", "edition": 24, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : pidgin on SL4.x, SL5.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1624", "CVE-2010-3711"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20101021_PIDGIN_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60876", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60876);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-1624\", \"CVE-2010-3711\");\n\n script_name(english:\"Scientific Linux Security Update : pidgin on SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple NULL pointer dereference flaws were found in the way Pidgin\nhandled Base64 decoding. A remote attacker could use these flaws to\ncrash Pidgin if the target Pidgin user was using the Yahoo! Messenger\nProtocol, MSN, MySpace, or Extensible Messaging and Presence Protocol\n(XMPP) protocol plug-ins, or using the Microsoft NT LAN Manager (NTLM)\nprotocol for authentication. (CVE-2010-3711)\n\nA NULL pointer dereference flaw was found in the way the Pidgin MSN\nprotocol plug-in processed custom emoticon messages. A remote attacker\ncould use this flaw to crash Pidgin by sending specially crafted\nemoticon messages during mutual communication. (CVE-2010-1624)\n\nPidgin must be restarted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1010&L=scientific-linux-errata&T=0&P=2639\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?466d64f2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"finch-2.6.6-5.el4_8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"finch-devel-2.6.6-5.el4_8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libpurple-2.6.6-5.el4_8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libpurple-devel-2.6.6-5.el4_8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libpurple-perl-2.6.6-5.el4_8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"libpurple-tcl-2.6.6-5.el4_8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"pidgin-2.6.6-5.el4_8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"pidgin-devel-2.6.6-5.el4_8\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"pidgin-perl-2.6.6-5.el4_8\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"finch-2.6.6-5.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"finch-devel-2.6.6-5.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libpurple-2.6.6-5.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libpurple-devel-2.6.6-5.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libpurple-perl-2.6.6-5.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libpurple-tcl-2.6.6-5.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"pidgin-2.6.6-5.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"pidgin-devel-2.6.6-5.el5_5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"pidgin-perl-2.6.6-5.el5_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-02-21T01:20:33", "description": "GNOME 2.6.0_x86: Instant Messaging patch.\nDate this patch was last updated by Sun : Nov/30/10\n\nThis plugin has been deprecated and either replaced with individual 143318 patch-revision plugins, or deemed non-security related.", "edition": 9, "published": "2013-12-28T00:00:00", "title": "Solaris 10 (x86) : 143318-03 (deprecated)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1624", "CVE-2009-3615", "CVE-2010-0277"], "modified": "2018-07-30T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS10_X86_143318.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=71703", "sourceData": "\n#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2018/03/12. Deprecated and either replaced by\n# individual patch-revision plugins, or has been deemed a\n# non-security advisory.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71703);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/30 15:31:32\");\n\n script_cve_id(\"CVE-2009-3615\", \"CVE-2010-0277\", \"CVE-2010-1624\");\n script_bugtraq_id(38294, 40138);\n\n script_name(english:\"Solaris 10 (x86) : 143318-03 (deprecated)\");\n script_summary(english:\"Check for patch 143318-03\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"This plugin has been deprecated.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"GNOME 2.6.0_x86: Instant Messaging patch.\nDate this patch was last updated by Sun : Nov/30/10\n\nThis plugin has been deprecated and either replaced with individual\n143318 patch-revision plugins, or deemed non-security related.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/143318-03\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"n/a\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated. Consult specific patch-revision plugins for patch 143318 instead.\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2020-07-09T00:31:05", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1624", "CVE-2010-3711"], "description": "Pierre Nogu\u00e8s discovered that Pidgin incorrectly handled malformed SLP \nmessages in the MSN protocol handler. A remote attacker could send a \nspecially crafted message and cause Pidgin to crash, leading to a denial \nof service. This issue only affected Ubuntu 8.04 LTS, 9.10 and 10.04 LTS. \n(CVE-2010-1624)\n\nDaniel Atallah discovered that Pidgin incorrectly handled the return code \nof the Base64 decoding function. A remote attacker could send a specially \ncrafted message and cause Pidgin to crash, leading to a denial of service. \n(CVE-2010-3711)", "edition": 5, "modified": "2010-11-04T00:00:00", "published": "2010-11-04T00:00:00", "id": "USN-1014-1", "href": "https://ubuntu.com/security/notices/USN-1014-1", "title": "Pidgin vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:25:07", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1624", "CVE-2010-3711"], "description": "**CentOS Errata and Security Advisory** CESA-2010:0788\n\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nMultiple NULL pointer dereference flaws were found in the way Pidgin\nhandled Base64 decoding. A remote attacker could use these flaws to crash\nPidgin if the target Pidgin user was using the Yahoo! Messenger Protocol,\nMSN, MySpace, or Extensible Messaging and Presence Protocol (XMPP) protocol\nplug-ins, or using the Microsoft NT LAN Manager (NTLM) protocol for\nauthentication. (CVE-2010-3711)\n\nA NULL pointer dereference flaw was found in the way the Pidgin MSN\nprotocol plug-in processed custom emoticon messages. A remote attacker\ncould use this flaw to crash Pidgin by sending specially-crafted emoticon\nmessages during mutual communication. (CVE-2010-1624)\n\nRed Hat would like to thank the Pidgin project for reporting these issues.\nUpstream acknowledges Daniel Atallah as the original reporter of\nCVE-2010-3711, and Pierre Nogues of Meta Security as the original reporter\nof CVE-2010-1624.\n\nAll Pidgin users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. Pidgin must be restarted for\nthis update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/029139.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/029140.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/029155.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/029156.html\n\n**Affected packages:**\nfinch\nfinch-devel\nlibpurple\nlibpurple-devel\nlibpurple-perl\nlibpurple-tcl\npidgin\npidgin-devel\npidgin-perl\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0788.html", "edition": 3, "modified": "2010-10-25T13:22:45", "published": "2010-10-21T22:51:36", "href": "http://lists.centos.org/pipermail/centos-announce/2010-October/029139.html", "id": "CESA-2010:0788", "title": "finch, libpurple, pidgin security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:45:06", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1624", "CVE-2010-3711"], "description": "Pidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nMultiple NULL pointer dereference flaws were found in the way Pidgin\nhandled Base64 decoding. A remote attacker could use these flaws to crash\nPidgin if the target Pidgin user was using the Yahoo! Messenger Protocol,\nMSN, MySpace, or Extensible Messaging and Presence Protocol (XMPP) protocol\nplug-ins, or using the Microsoft NT LAN Manager (NTLM) protocol for\nauthentication. (CVE-2010-3711)\n\nA NULL pointer dereference flaw was found in the way the Pidgin MSN\nprotocol plug-in processed custom emoticon messages. A remote attacker\ncould use this flaw to crash Pidgin by sending specially-crafted emoticon\nmessages during mutual communication. (CVE-2010-1624)\n\nRed Hat would like to thank the Pidgin project for reporting these issues.\nUpstream acknowledges Daniel Atallah as the original reporter of\nCVE-2010-3711, and Pierre Nogues of Meta Security as the original reporter\nof CVE-2010-1624.\n\nAll Pidgin users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. Pidgin must be restarted for\nthis update to take effect.\n", "modified": "2017-09-08T12:10:29", "published": "2010-10-21T04:00:00", "id": "RHSA-2010:0788", "href": "https://access.redhat.com/errata/RHSA-2010:0788", "type": "redhat", "title": "(RHSA-2010:0788) Moderate: pidgin security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:56", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1624", "CVE-2010-3711"], "description": "[2.6.6-5]\n- Add patch for CVE-2010-1624 (RH bug #644153).\n[2.6.6-4]\n- Initial patch for CVE-2010-3711 was incomplete. Here's the rest.\n[2.6.6-3]\n- Add patch for CVE-2010-3711 (RH bug #644153). ", "edition": 4, "modified": "2010-10-21T00:00:00", "published": "2010-10-21T00:00:00", "id": "ELSA-2010-0788", "href": "http://linux.oracle.com/errata/ELSA-2010-0788.html", "title": "pidgin security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:39:23", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1091", "CVE-2010-1624", "CVE-2011-4922", "CVE-2010-3711"], "description": "[2.7.9-3.el6]\n- Add patch for RH bug #684685 (zero-out crypto keys before freeing).\n[2.7.9-2.el6]\n- Add patch for CVE-2011-1091 (RH bug #683031).\n[2.7.9-1.el6]\n- Update to 2.7.9 (RH bug #616917).\n- Remove patches now included upstream:\n pidgin-2.6.6-clientLogin-proxy-fix.patch\n pidgin-2.6.6-clientLogin-use-https.patch\n pidgin-2.6.6-CVE-2010-1624.patch\n pidgin-2.6.6-CVE-2010-3711.patch\n- Disable the translation updates patch. It doesn't apply anymore and\n will have to be redone. Saving the patch for now in case some parts\n are still useful to translators.", "edition": 4, "modified": "2011-05-28T00:00:00", "published": "2011-05-28T00:00:00", "id": "ELSA-2011-0616", "href": "http://linux.oracle.com/errata/ELSA-2011-0616.html", "title": "pidgin security and bug fix update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}
