7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
AI Score
Confidence
Low
0.011 Low
EPSS
Percentile
84.2%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.10.2016.0236");
script_cve_id("CVE-2016-2365", "CVE-2016-2366", "CVE-2016-2367", "CVE-2016-2368", "CVE-2016-2369", "CVE-2016-2370", "CVE-2016-2371", "CVE-2016-2372", "CVE-2016-2373", "CVE-2016-2374", "CVE-2016-2375", "CVE-2016-2376", "CVE-2016-2377", "CVE-2016-2378", "CVE-2016-2380", "CVE-2016-4323");
script_tag(name:"creation_date", value:"2022-01-28 10:58:44 +0000 (Fri, 28 Jan 2022)");
script_version("2024-02-02T05:06:09+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:09 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2017-01-10 15:07:50 +0000 (Tue, 10 Jan 2017)");
script_name("Mageia: Security Advisory (MGASA-2016-0236)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone AG");
script_family("Mageia Linux Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mageia_linux", "ssh/login/release", re:"ssh/login/release=MAGEIA5");
script_xref(name:"Advisory-ID", value:"MGASA-2016-0236");
script_xref(name:"URL", value:"https://advisories.mageia.org/MGASA-2016-0236.html");
script_xref(name:"URL", value:"https://bugs.mageia.org/show_bug.cgi?id=18754");
script_xref(name:"URL", value:"http://www.talosintel.com/reports/TALOS-2016-0118");
script_xref(name:"URL", value:"http://www.talosintel.com/reports/TALOS-2016-0119");
script_xref(name:"URL", value:"http://www.talosintel.com/reports/TALOS-2016-0120");
script_xref(name:"URL", value:"http://www.talosintel.com/reports/TALOS-2016-0123");
script_xref(name:"URL", value:"http://www.talosintel.com/reports/TALOS-2016-0128");
script_xref(name:"URL", value:"http://www.talosintel.com/reports/TALOS-2016-0133");
script_xref(name:"URL", value:"http://www.talosintel.com/reports/TALOS-2016-0134");
script_xref(name:"URL", value:"http://www.talosintel.com/reports/TALOS-2016-0135");
script_xref(name:"URL", value:"http://www.talosintel.com/reports/TALOS-2016-0136");
script_xref(name:"URL", value:"http://www.talosintel.com/reports/TALOS-2016-0137");
script_xref(name:"URL", value:"http://www.talosintel.com/reports/TALOS-2016-0138");
script_xref(name:"URL", value:"http://www.talosintel.com/reports/TALOS-2016-0139");
script_xref(name:"URL", value:"http://www.talosintel.com/reports/TALOS-2016-0140");
script_xref(name:"URL", value:"http://www.talosintel.com/reports/TALOS-2016-0141");
script_xref(name:"URL", value:"http://www.talosintel.com/reports/TALOS-2016-0142");
script_xref(name:"URL", value:"http://www.talosintel.com/reports/TALOS-2016-0143");
script_xref(name:"URL", value:"https://bitbucket.org/pidgin/www/src/tip/htdocs/ChangeLog?fileviewer=file-view-default");
script_tag(name:"summary", value:"The remote host is missing an update for the 'pidgin' package(s) announced via the MGASA-2016-0236 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"A buffer overflows vulnerability exists in the handling of the MXIT
protocol in Pidgin. Specially crafted MXIT data sent from the server could
potentially result in arbitrary code execution. A malicious server or an
attacker who intercepts the network traffic can send an invalid size for a
packet which will trigger a buffer overflow (CVE-2016-2376).
A buffer vulnerability exists in the handling of the MXIT protocol in
Pidgin. Specially crafted MXIT data sent by the server could potentially
result in an out of bounds write of one byte. A malicious server can send
a negative content-length in response to a HTTP request triggering the
vulnerability (CVE-2016-2377).
A buffer overflow vulnerability exists in the handling of the MXIT
protocol Pidgin. Specially crafted data sent via the server could
potentially result in a buffer overflow, potentially resulting in memory
corruption. A malicious server or an unfiltered malicious user can send
negative length values to trigger this vulnerability (CVE-2016-2378).
An information leak exists in the handling of the MXIT protocol in Pidgin.
Specially crafted MXIT data sent to the server could potentially result in
an out of bounds read. A user could be convinced to enter a particular
string which would then get converted incorrectly and could lead to a
potential out-of-bounds read (CVE-2016-2380).
A directory traversal exists in the handling of the MXIT protocol in
Pidgin. Specially crafted MXIT data sent from the server could potentially
result in an overwrite of files. A malicious server or someone with access
to the network traffic can provide an invalid filename for a splash image
triggering the vulnerability (CVE-2016-4323).
A denial of service vulnerability exists in the handling of the MXIT
protocol in Pidgin. Specially crafted MXIT data sent via the server could
potentially result in a null pointer dereference. A malicious server or an
attacker who intercepts the network traffic can send invalid data to
trigger this vulnerability and cause a crash (CVE-2016-2365).
A denial of service vulnerability exists in the handling of the MXIT
protocol in Pidgin. Specially crafted MXIT data sent via the server could
potentially result in an out-of-bounds read. A malicious server or an
attacker who intercepts the network traffic can send invalid data to
trigger this vulnerability and cause a crash (CVE-2016-2366).
An information leak exists in the handling of the MXIT protocol in Pidgin.
Specially crafted MXIT data sent via the server could potentially result
in an out of bounds read. A malicious user, server, or man-in-the-middle
can send an invalid size for an avatar which will trigger an out-of-bounds
read vulnerability. This could result in a denial of service or copy data
from memory to the file, resulting in an information leak if the avatar is
sent to another user (CVE-2016-2367).
Multiple memory corruption vulnerabilities ... [Please see the references for more information on the vulnerabilities]");
script_tag(name:"affected", value:"'pidgin' package(s) on Mageia 5.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "MAGEIA5") {
if(!isnull(res = isrpmvuln(pkg:"finch", rpm:"finch~2.11.0~1.mga5", rls:"MAGEIA5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64finch0", rpm:"lib64finch0~2.11.0~1.mga5", rls:"MAGEIA5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64purple-devel", rpm:"lib64purple-devel~2.11.0~1.mga5", rls:"MAGEIA5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64purple0", rpm:"lib64purple0~2.11.0~1.mga5", rls:"MAGEIA5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfinch0", rpm:"libfinch0~2.11.0~1.mga5", rls:"MAGEIA5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libpurple-devel", rpm:"libpurple-devel~2.11.0~1.mga5", rls:"MAGEIA5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libpurple0", rpm:"libpurple0~2.11.0~1.mga5", rls:"MAGEIA5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"pidgin", rpm:"pidgin~2.11.0~1.mga5", rls:"MAGEIA5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"pidgin-bonjour", rpm:"pidgin-bonjour~2.11.0~1.mga5", rls:"MAGEIA5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"pidgin-client", rpm:"pidgin-client~2.11.0~1.mga5", rls:"MAGEIA5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"pidgin-i18n", rpm:"pidgin-i18n~2.11.0~1.mga5", rls:"MAGEIA5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"pidgin-meanwhile", rpm:"pidgin-meanwhile~2.11.0~1.mga5", rls:"MAGEIA5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"pidgin-perl", rpm:"pidgin-perl~2.11.0~1.mga5", rls:"MAGEIA5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"pidgin-plugins", rpm:"pidgin-plugins~2.11.0~1.mga5", rls:"MAGEIA5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"pidgin-silc", rpm:"pidgin-silc~2.11.0~1.mga5", rls:"MAGEIA5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"pidgin-tcl", rpm:"pidgin-tcl~2.11.0~1.mga5", rls:"MAGEIA5"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
www.talosintel.com/reports/TALOS-2016-0118
www.talosintel.com/reports/TALOS-2016-0119
www.talosintel.com/reports/TALOS-2016-0120
www.talosintel.com/reports/TALOS-2016-0123
www.talosintel.com/reports/TALOS-2016-0128
www.talosintel.com/reports/TALOS-2016-0133
www.talosintel.com/reports/TALOS-2016-0134
www.talosintel.com/reports/TALOS-2016-0135
www.talosintel.com/reports/TALOS-2016-0136
www.talosintel.com/reports/TALOS-2016-0137
www.talosintel.com/reports/TALOS-2016-0138
www.talosintel.com/reports/TALOS-2016-0139
www.talosintel.com/reports/TALOS-2016-0140
www.talosintel.com/reports/TALOS-2016-0141
www.talosintel.com/reports/TALOS-2016-0142
www.talosintel.com/reports/TALOS-2016-0143
advisories.mageia.org/MGASA-2016-0236.html
bitbucket.org/pidgin/www/src/tip/htdocs/ChangeLog?fileviewer=file-view-default
bugs.mageia.org/show_bug.cgi?id=18754
MGASA-2016-0236
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
AI Score
Confidence
Low
0.011 Low
EPSS
Percentile
84.2%