Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2009 Greenbone AGOPENVAS:1361412562310801031
HistoryOct 23, 2009 - 12:00 a.m.

Pidgin < 2.6.3 Oscar Protocol Denial of Service Vulnerability - Linux

2009-10-2300:00:00
Copyright (C) 2009 Greenbone AG
plugins.openvas.org
18

7.4 High

AI Score

Confidence

High

0.115 Low

EPSS

Percentile

95.2%

JSON

Pidgin is prone to a denial of service (DoS)
vulnerability.

# SPDX-FileCopyrightText: 2009 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:pidgin:pidgin";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.801031");
  script_version("2024-02-27T05:06:31+0000");
  script_tag(name:"last_modification", value:"2024-02-27 05:06:31 +0000 (Tue, 27 Feb 2024)");
  script_tag(name:"creation_date", value:"2009-10-23 16:18:41 +0200 (Fri, 23 Oct 2009)");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_cve_id("CVE-2009-3615");
  script_name("Pidgin < 2.6.3 Oscar Protocol Denial of Service Vulnerability - Linux");
  script_xref(name:"URL", value:"http://secunia.com/advisories/37072");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/36719");
  script_xref(name:"URL", value:"http://xforce.iss.net/xforce/xfdb/53807");
  script_xref(name:"URL", value:"http://www.pidgin.im/news/security/?id=41");
  script_xref(name:"URL", value:"http://developer.pidgin.im/wiki/ChangeLog");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2009 Greenbone AG");
  script_family("Denial of Service");
  script_dependencies("secpod_pidgin_detect_lin.nasl");
  script_mandatory_keys("Pidgin/Lin/Ver");

  script_tag(name:"impact", value:"Successful exploitation will allow attacker to cause a Denial of Service.");

  script_tag(name:"affected", value:"Pidgin version prior to 2.6.3 on Linux.");

  script_tag(name:"insight", value:"This issue is caused by an error in the Oscar protocol plugin when processing
  malformed ICQ or AIM contacts sent by the SIM IM client, which could cause an
  invalid memory access leading to a crash.");

  script_tag(name:"summary", value:"Pidgin is prone to a denial of service (DoS)
  vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"solution", value:"Update to version 2.6.3 or later.");

  script_tag(name:"qod_type", value:"executable_version");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("version_func.inc");
include("host_details.inc");

if(!ver = get_app_version(cpe:CPE))
  exit(0);

if(version_is_less(version:ver, test_version:"2.6.3")) {
  report = report_fixed_ver(installed_version:ver, fixed_version:"2.6.3");
  security_message(data:report);
  exit(0);
}

exit(99);

Related

openvas 44
nessus 24
debian 3
centos 2
oraclelinux 2
seebug 3
prion 1
slackware 1
ubuntucve 1
cve 1
veracode 1
securityvulns 2
redhat 2
debiancve 1
cvelist 1
fedora 5
ubuntu 1
openvas
openvas
Solaris Update for Instant Messaging 143318-01
2010-02-03 00:00:00
Pidgin Oscar Protocol Denial of Service Vulnerability (Windows)
2009-10-23 00:00:00
Slackware: Security Advisory (SSA:2009-290-02)
2012-09-10 00:00:00
nessus
nessus
Debian DSA-1932-1 : pidgin - programming error
2010-02-24 00:00:00
RHEL 4 / 5 : pidgin (RHSA-2009:1536)
2009-10-30 00:00:00
Slackware 12.0 / 12.1 / 12.2 / 13.0 / current : pidgin (SSA:2009-290-02)
2009-10-19 00:00:00
debian
debian
[Backports-security-announce] Security Update for pidgin
2009-10-29 22:41:34
[Backports-security-announce] Security Update for pidgin
2009-10-29 23:13:57
[SECURITY] [DSA 1932-1] New pidgin packages fix arbitrary code execution
2009-11-08 19:48:09
centos
centos
finch, libpurple, pidgin security update
2009-10-30 14:43:58
pidgin security update
2009-10-29 19:14:53
oraclelinux
oraclelinux
pidgin security update
2009-10-29 00:00:00
pidgin security update
2009-10-29 00:00:00
seebug
seebug
Pidgin OSCARๆ’ไปถ้žๆณ•ๅ†…ๅญ˜่ฎฟ้—ฎๆ‹’็ปๆœๅŠกๆผๆดž
2009-10-20 00:00:00
New pidgin packages fix arbitrary code execution
2009-11-10 00:00:00
Adium ICQๆถˆๆฏๆ‹’็ปๆœๅŠกๆผๆดž
2009-10-20 00:00:00
prion
prion
Design/Logic Flaw
2009-10-20 17:30:00
slackware
slackware
pidgin
2009-10-17 17:37:55
ubuntucve
ubuntucve
CVE-2009-3615
2009-10-20 00:00:00
cve
cve
CVE-2009-3615
2009-10-20 17:30:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:39:46
securityvulns
securityvulns
Pidgin DoS
2009-11-09 00:00:00
[SECURITY] [DSA 1932-1] New pidgin packages fix arbitrary code execution
2009-11-09 00:00:00
redhat
redhat
(RHSA-2009:1536) Moderate: pidgin security update
2009-10-29 00:00:00
(RHSA-2009:1535) Moderate: pidgin security update
2009-10-29 00:00:00
debiancve
debiancve
CVE-2009-3615
2009-10-20 17:30:00
cvelist
cvelist
CVE-2009-3615
2009-10-20 17:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: pidgin-2.6.3-2.fc10
2009-10-21 00:56:06
[SECURITY] Fedora 11 Update: pidgin-2.6.3-2.fc11
2009-10-21 00:50:54
[SECURITY] Fedora 11 Update: pidgin-2.6.5-1.fc11
2010-01-12 20:51:38
ubuntu
ubuntu
Pidgin vulnerabilities
2010-01-18 00:00:00

7.4 High

AI Score

Confidence

High

0.115 Low

EPSS

Percentile

95.2%

JSON
Related for OPENVAS:1361412562310801031
openvas44nessus24debian3centos2oraclelinux2seebug3prion1slackware1ubuntucve1cve1veracode1securityvulns2redhat2debiancve1cvelist1fedora5ubuntu1