Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2014 Greenbone AGOPENVAS:1361412562310804314
HistoryFeb 14, 2014 - 12:00 a.m.

Pidgin Multiple Vulnerabilities (Feb 2014) - Windows

2014-02-1400:00:00
Copyright (C) 2014 Greenbone AG
plugins.openvas.org
12

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.6 Medium

AI Score

Confidence

Low

0.04 Low

EPSS

Percentile

92.1%

JSON

Pidgin is prone to multiple vulnerabilities.

# SPDX-FileCopyrightText: 2014 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:pidgin:pidgin";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.804314");
  script_version("2024-02-20T14:37:13+0000");
  script_cve_id("CVE-2012-6152", "CVE-2013-6477", "CVE-2013-6478", "CVE-2013-6479",
                "CVE-2013-6481", "CVE-2013-6482", "CVE-2013-6483", "CVE-2013-6484",
                "CVE-2013-6485", "CVE-2013-6486", "CVE-2013-6487", "CVE-2013-6489",
                "CVE-2013-6490", "CVE-2014-0020");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"2024-02-20 14:37:13 +0000 (Tue, 20 Feb 2024)");
  script_tag(name:"creation_date", value:"2014-02-14 16:39:04 +0530 (Fri, 14 Feb 2014)");
  script_name("Pidgin Multiple Vulnerabilities (Feb 2014) - Windows");

  script_tag(name:"summary", value:"Pidgin is prone to multiple vulnerabilities.");
  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
  script_tag(name:"insight", value:"The flaws are due to an:

  - Improper validation of data by the Yahoo protocol plugin.

  - Improper validation of argument counts by IRC protocol plugin.

  - Improper validation of input to content-length header.

  - Integer signedness error in the 'MXit' functionality.

  - Integer overflow in 'ibpurple/protocols/gg/lib/http.c' in the 'Gadu-Gadu'
(gg) parser.

  - Error due to incomplete fix for earlier flaw.

  - Integer overflow condition in the 'process_chunked_data' function in 'util.c'.

  - Error in 'STUN' protocol implementation in 'libpurple'.

  - Error in the 'XMPP' protocol plugin in 'libpurple'.

  - Error in the MSN module.

  - Improper validation of the length field in 'libpurple/protocols/yahoo/libymsg.c'.

  - Improper allocation of memory by 'util.c' in 'libpurple'.

  - Error in the libx11 library.

  - Multiple integer signedness errors in libpurple.");
  script_tag(name:"impact", value:"Successful exploitation will allow remote attackers to conduct denial of
service or execute arbitrary programs or spoof iq traffic.");
  script_tag(name:"affected", value:"Pidgin version before 2.10.8.");
  script_tag(name:"solution", value:"Upgrade to Pidgin version 2.10.8 or later.");
  script_tag(name:"qod_type", value:"registry");
  script_tag(name:"solution_type", value:"VendorFix");

  script_xref(name:"URL", value:"http://secunia.com/advisories/56693/");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/65188");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/65189");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/65192");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/65195");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/65243");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/65492");
  script_xref(name:"URL", value:"http://www.pidgin.im/news/security/?id=70");
  script_xref(name:"URL", value:"http://www.pidgin.im/news/security/?id=85");
  script_copyright("Copyright (C) 2014 Greenbone AG");
  script_category(ACT_GATHER_INFO);
  script_family("General");
  script_dependencies("secpod_pidgin_detect_win.nasl");
  script_mandatory_keys("Pidgin/Win/Ver");
  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if(!pidVer = get_app_version(cpe:CPE)){
  exit(0);
}

if(version_is_less(version:pidVer, test_version:"2.10.8"))
{
  report = report_fixed_ver(installed_version:pidVer, fixed_version:"2.10.8");
  security_message(port:0, data:report);
  exit(0);
}

Related

nessus 22
redhat 1
ubuntu 2
openvas 28
veracode 13
debian 4
centos 1
fedora 6
slackware 1
kaspersky 1
oraclelinux 1
mageia 2
securityvulns 2
osv 2
gentoo 2
nvd 14
cve 14
debiancve 14
prion 14
cvelist 14
ubuntucve 14
talos 4
nessus
nessus
Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : pidgin (SSA:2014-034-01)
2014-02-04 00:00:00
RHEL 5 / 6 : pidgin (RHSA-2014:0139)
2014-02-06 00:00:00
Ubuntu 12.04 LTS / 12.10 / 13.10 : pidgin vulnerabilities (USN-2100-1)
2014-02-07 00:00:00
redhat
redhat
(RHSA-2014:0139) Moderate: pidgin security update
2014-02-05 00:00:00
ubuntu
ubuntu
Pidgin vulnerabilities
2014-02-06 00:00:00
libgadu vulnerability
2014-02-10 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-2100-1)
2014-02-11 00:00:00
Fedora Update for pidgin FEDORA-2014-1999
2014-02-17 00:00:00
RedHat Update for pidgin RHSA-2014:0139-01
2014-02-11 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:01:11
Out-Of-Bounds Write
2019-05-02 05:01:11
Buffer Overflow
2019-05-02 05:01:12
debian
debian
[BSA-092] Security Update for pidgin
2014-02-22 11:36:11
[SECURITY] [DSA 2859-1] pidgin security update
2014-02-10 17:30:06
[SECURITY] [DSA 2859-2] pidgin security update
2014-03-19 22:39:05
centos
centos
finch, libpurple, pidgin security update
2014-02-05 19:41:13
fedora
fedora
[SECURITY] Fedora 19 Update: pidgin-2.10.9-1.fc19
2014-02-14 08:00:10
[SECURITY] Fedora 20 Update: pidgin-2.10.9-1.fc20
2014-02-06 03:50:31
[SECURITY] Fedora 19 Update: libgadu-1.12.0-0.3.rc2.fc19
2014-02-22 18:20:35
slackware
slackware
pidgin
2014-02-03 13:58:20
kaspersky
kaspersky
KLA10433 Multiple vulnerabilities in Pidgin
2014-06-02 00:00:00
oraclelinux
oraclelinux
pidgin security update
2014-02-05 00:00:00
mageia
mageia
Updated pidgin package fixes security vulnerabilities
2014-02-05 19:31:44
Updated libgadu packages fix security vulnerability
2014-02-16 17:23:36
securityvulns
securityvulns
libgadu / libpurple / Pidgin multiple security vulnerabilities
2014-02-10 00:00:00
[USN-2101-1] libgadu vulnerability
2014-02-10 00:00:00
osv
osv
pidgin - security update
2014-02-10 00:00:00
pidgin - several
2014-02-10 00:00:00
gentoo
gentoo
Pidgin: Multiple vulnerabilities
2014-05-18 00:00:00
libgadu: Multiple vulnerabilities
2015-08-15 00:00:00
nvd
nvd
CVE-2013-6482
2014-02-06 17:00:05
CVE-2013-6487
2014-02-06 17:00:05
CVE-2013-6490
2014-02-06 17:00:06
cve
cve
CVE-2013-6490
2014-02-06 17:00:06
CVE-2013-6479
2014-02-06 16:10:58
CVE-2013-6483
2014-02-06 16:10:58
debiancve
debiancve
CVE-2013-6479
2014-02-06 16:10:58
CVE-2013-6483
2014-02-06 16:10:58
CVE-2013-6482
2014-02-06 17:00:05
prion
prion
Null pointer dereference
2014-02-06 17:00:00
Design/Logic Flaw
2014-02-06 16:10:00
Null pointer dereference
2014-02-06 16:10:00
cvelist
cvelist
CVE-2013-6482
2014-02-06 16:00:00
CVE-2013-6487
2014-02-06 16:00:00
CVE-2012-6152
2014-02-06 15:00:00
ubuntucve
ubuntucve
CVE-2013-6482
2014-02-05 00:00:00
CVE-2013-6483
2014-02-05 00:00:00
CVE-2012-6152
2014-02-05 00:00:00
talos
talos
Pidgin libpurple SIP/SIMPLE Content-Length Integer Overflow Vulnerability
2014-01-26 00:00:00
Pidgin libpurple Mxit Emoticon Name Length Integer Overflow Vulnerability
2014-01-26 00:00:00
Pidgin for Windows URL Handling Remote Code Execution Vulnerability
2014-01-26 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.6 Medium

AI Score

Confidence

Low

0.04 Low

EPSS

Percentile

92.1%

JSON
Related for OPENVAS:1361412562310804314
nessus22redhat1ubuntu2openvas28veracode13debian4centos1fedora6slackware1kaspersky1oraclelinux1mageia2securityvulns2osv2gentoo2nvd14cve14debiancve14prion14cvelist14ubuntucve14talos4