Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2009 Greenbone AGOPENVAS:1361412562310800931
HistorySep 03, 2009 - 12:00 a.m.

Pidgin Multiple Vulnerabilities (Sep 2009) - Windows

2009-09-0300:00:00
Copyright (C) 2009 Greenbone AG
plugins.openvas.org
6

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.6 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

83.0%

JSON

Pidgin is prone to multiple vulnerabilities.

# SPDX-FileCopyrightText: 2009 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.800931");
  script_version("2024-02-08T05:05:59+0000");
  script_tag(name:"last_modification", value:"2024-02-08 05:05:59 +0000 (Thu, 08 Feb 2024)");
  script_tag(name:"creation_date", value:"2009-09-03 16:18:01 +0200 (Thu, 03 Sep 2009)");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_cve_id("CVE-2009-3025", "CVE-2009-3026");
  script_name("Pidgin Multiple Vulnerabilities (Sep 2009) - Windows");
  script_xref(name:"URL", value:"http://secunia.com/advisories/36384/");
  script_xref(name:"URL", value:"http://pidgin.im/news/security/?id=35");
  script_xref(name:"URL", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542891");
  script_xref(name:"URL", value:"http://www.openwall.com/lists/oss-security/2009/08/19/2");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2009 Greenbone AG");
  script_family("General");
  script_dependencies("secpod_pidgin_detect_win.nasl");
  script_mandatory_keys("Pidgin/Win/Ver");
  script_tag(name:"impact", value:"Successful exploitation will let the attacker obtain sensitive information
  by sniffing XMPP sessions and cause application crash.");
  script_tag(name:"affected", value:"Pidgin version 2.6.0 on Windows");
  script_tag(name:"insight", value:"- The application connects to Jabberd servers that are not fully compliant
   with the XMPP specifications without encryption, even if the
   'Require SSL/TLS' setting is configured.

  - An error occurs in compililg libpurple while processing malicious links
   received via the Yahoo Messenger protocol.");
  script_tag(name:"solution", value:"Upgrade to Pidgin version 2.6.1.");
  script_tag(name:"summary", value:"Pidgin is prone to multiple vulnerabilities.");
  script_tag(name:"qod_type", value:"registry");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}

include("version_func.inc");

pidginVer = get_kb_item("Pidgin/Win/Ver");
if(!pidginVer)
  exit(0);

if(version_is_equal(version:pidginVer, test_version:"2.6.0")){
  report = report_fixed_ver(installed_version:pidginVer, vulnerable_range:"Equal to 2.6.0");
  security_message(port: 0, data: report);
}

Related

openvas 21
nessus 19
securityvulns 2
prion 2
cve 2
ubuntucve 2
cvelist 2
nvd 2
debiancve 2
redhatcve 1
veracode 1
redhat 1
centos 1
gentoo 1
oraclelinux 1
ubuntu 1
openvas
openvas
Pidgin Multiple Vulnerabilities - Sep09 (Windows)
2009-09-03 00:00:00
Pidgin Multiple Vulnerabilities - Sep09 (Linux)
2009-09-03 00:00:00
Pidgin Multiple Vulnerabilities (Sep 2009) - Linux
2009-09-03 00:00:00
nessus
nessus
Pidgin < 2.6.1 Multiple Vulnerabilities
2009-09-11 00:00:00
Pidgin < 2.6.1 Multiple Vulnerabilities
2009-09-15 00:00:00
RHEL 3 / 4 / 5 : pidgin (RHSA-2009:1218)
2009-08-20 00:00:00
securityvulns
securityvulns
libpurple / Pidgin multiple security vulnerabilities
2009-09-14 00:00:00
[ MDVSA-2009:230 ] pidgin
2009-09-14 00:00:00
prion
prion
Code injection
2009-08-31 20:30:00
Design/Logic Flaw
2009-08-31 20:30:00
cve
cve
CVE-2009-3025
2009-08-31 20:30:01
CVE-2009-3026
2009-08-31 20:30:01
ubuntucve
ubuntucve
CVE-2009-3025
2009-08-31 00:00:00
CVE-2009-3026
2009-08-31 00:00:00
cvelist
cvelist
CVE-2009-3025
2009-08-31 20:00:00
CVE-2009-3026
2009-08-31 20:00:00
nvd
nvd
CVE-2009-3025
2009-08-31 20:30:01
CVE-2009-3026
2009-08-31 20:30:01
debiancve
debiancve
CVE-2009-3025
2009-08-31 20:30:01
CVE-2009-3026
2009-08-31 20:30:01
redhatcve
redhatcve
CVE-2009-3025
2015-10-30 09:58:44
veracode
veracode
Information Disclosure
2020-04-10 00:36:05
redhat
redhat
(RHSA-2009:1453) Moderate: pidgin security update
2009-09-21 00:00:00
centos
centos
finch, libpurple, pidgin security update
2009-09-22 13:47:28
gentoo
gentoo
Pidgin: Multiple vulnerabilities
2009-10-22 00:00:00
oraclelinux
oraclelinux
pidgin security update
2009-09-21 00:00:00
ubuntu
ubuntu
Pidgin vulnerabilities
2010-01-18 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.6 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

83.0%

JSON
Related for OPENVAS:1361412562310800931
openvas21nessus19securityvulns2prion2cve2ubuntucve2cvelist2nvd2debiancve2redhatcve1veracode1redhat1centos1gentoo1oraclelinux1ubuntu1