Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2010 Greenbone AGOPENVAS:1361412562310901137
HistoryAug 02, 2010 - 12:00 a.m.

Pidgin 'X-Status' Message Denial of Service Vulnerability - Windows

2010-08-0200:00:00
Copyright (C) 2010 Greenbone AG
plugins.openvas.org
9

7.3 High

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.014 Low

EPSS

Percentile

86.2%

JSON

Pidgin is prone to a denial of service (DoS) vulnerability.

# SPDX-FileCopyrightText: 2010 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.901137");
  script_version("2024-02-15T05:05:39+0000");
  script_tag(name:"last_modification", value:"2024-02-15 05:05:39 +0000 (Thu, 15 Feb 2024)");
  script_tag(name:"creation_date", value:"2010-08-02 12:38:17 +0200 (Mon, 02 Aug 2010)");
  script_cve_id("CVE-2010-2528");
  script_tag(name:"cvss_base", value:"4.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:N/I:N/A:P");
  script_name("Pidgin 'X-Status' Message Denial of Service Vulnerability - Windows");
  script_xref(name:"URL", value:"http://secunia.com/advisories/40699");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/41881");
  script_xref(name:"URL", value:"http://xforce.iss.net/xforce/xfdb/60566");
  script_xref(name:"URL", value:"http://www.vupen.com/english/advisories/2010/1887");
  script_xref(name:"URL", value:"http://www.pidgin.im/news/security/index.php?id=47");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2010 Greenbone AG");
  script_family("Denial of Service");
  script_dependencies("secpod_pidgin_detect_win.nasl");
  script_mandatory_keys("Pidgin/Win/Ver");
  script_tag(name:"impact", value:"Successful exploitation will allow remote attackers to cause the application
  to crash, denying service to legitimate users.");
  script_tag(name:"affected", value:"Pidgin versions prior to 2.7.2");
  script_tag(name:"insight", value:"The flaw is caused by a NULL pointer dereference error when processing
  malformed 'X-Status' messages, which could be exploited by attackers to
  crash an affected application, creating a denial of service condition.");
  script_tag(name:"solution", value:"Upgrade to Pidgin version 2.7.2 or later.");
  script_tag(name:"summary", value:"Pidgin is prone to a denial of service (DoS) vulnerability.");
  script_tag(name:"qod_type", value:"registry");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}

include("version_func.inc");

pidginVer = get_kb_item("Pidgin/Win/Ver");

if(pidginVer != NULL)
{
  if(version_is_less(version:pidginVer, test_version:"2.7.2")){
    report = report_fixed_ver(installed_version:pidginVer, fixed_version:"2.7.2");
    security_message(port: 0, data: report);
  }
}

Related

openvas 17
securityvulns 2
ubuntucve 1
altlinux 3
slackware 1
prion 1
nessus 7
cve 1
debiancve 1
fedora 6
openvas
openvas
Mandriva Update for pidgin MDVSA-2010:148 (pidgin)
2010-08-13 00:00:00
Slackware Advisory SSA:2010-240-05 pidgin
2012-09-11 00:00:00
Pidgin 'X-Status' Message Denial of Service Vulnerability (Windows)
2010-08-02 00:00:00
securityvulns
securityvulns
[ MDVSA-2010:148 ] pidgin
2010-08-14 00:00:00
libpurple library / Pidgin DoS
2010-08-14 00:00:00
ubuntucve
ubuntucve
CVE-2010-2528
2010-07-30 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package pidgin version 2.7.3-alt1
2010-08-11 00:00:00
Security fix for the ALT Linux 6 package pidgin version 2.7.3-alt1
2010-08-11 00:00:00
Security fix for the ALT Linux 5 package pidgin-mini version 2.7.2-alt1
2010-07-24 00:00:00
slackware
slackware
[slackware-security] pidgin
2010-08-28 16:53:14
prion
prion
Null pointer dereference
2010-07-30 13:26:00
nessus
nessus
Pidgin X-Status NULL Pointer Denial of Service
2010-07-22 00:00:00
Mandriva Linux Security Advisory : pidgin (MDVSA-2010:148)
2010-08-13 00:00:00
Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : pidgin (SSA:2010-240-05)
2010-08-29 00:00:00
cve
cve
CVE-2010-2528
2010-07-30 13:26:00
debiancve
debiancve
CVE-2010-2528
2010-07-30 13:26:00
fedora
fedora
[SECURITY] Fedora 13 Update: pidgin-2.7.2-1.fc13
2010-07-27 02:36:28
[SECURITY] Fedora 13 Update: pidgin-2.7.9-1.fc13
2011-01-07 20:01:11
[SECURITY] Fedora 13 Update: pidgin-2.7.4-1.fc13
2010-11-01 21:00:14

7.3 High

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.014 Low

EPSS

Percentile

86.2%

JSON
Related for OPENVAS:1361412562310901137
openvas17securityvulns2ubuntucve1altlinux3slackware1prion1nessus7cve1debiancve1fedora6