{"id": "OPENVAS:71372", "type": "openvas", "bulletinFamily": "scanner", "title": "FreeBSD Ports: pidgin-otr", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "published": "2012-05-31T00:00:00", "modified": "2017-04-07T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=71372", "reporter": "Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2012-2369"], "lastseen": "2017-07-02T21:10:48", "viewCount": 1, "enchantments": {"score": {"value": -0.1, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-2369"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2476-1:A6FCD"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2012-2369"]}, {"type": "fedora", "idList": ["FEDORA:240DC20AA6", "FEDORA:F3008215A7"]}, {"type": "freebsd", "idList": ["AA71DAAA-9F8C-11E1-BD0A-0082A0C18826"]}, {"type": "gentoo", "idList": ["GLSA-201207-05"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-2476.NASL", "FEDORA_2012-7948.NASL", "FEDORA_2012-8063.NASL", "FREEBSD_PKG_AA71DAAA9F8C11E1BD0A0082A0C18826.NASL", "GENTOO_GLSA-201207-05.NASL", "OPENSUSE-2012-314.NASL", "PIDGIN_OTR_3_2_1.NASL", "SUSE_11_PIDGIN-OTR-120604.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231071354", "OPENVAS:136141256231071372", "OPENVAS:136141256231071567", "OPENVAS:1361412562310864246", "OPENVAS:1361412562310864345", "OPENVAS:71354", "OPENVAS:71567", "OPENVAS:864246", "OPENVAS:864345"]}, {"type": "osv", "idList": ["OSV:DSA-2476-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:28088", "SECURITYVULNS:VULN:12387"]}, {"type": "suse", "idList": ["SUSE-SU-2012:0703-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2012-2369"]}]}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2012-2369"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2476-1:A6FCD"]}, {"type": "fedora", "idList": ["FEDORA:F3008215A7"]}, {"type": "freebsd", "idList": ["AA71DAAA-9F8C-11E1-BD0A-0082A0C18826"]}, {"type": "nessus", "idList": ["PIDGIN_OTR_3_2_1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231071354"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12387"]}]}, "exploitation": null, "vulnersScore": -0.1}, "pluginID": "71372", "sourceData": "#\n#VID aa71daaa-9f8c-11e1-bd0a-0082a0c18826\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID aa71daaa-9f8c-11e1-bd0a-0082a0c18826\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: pidgin-otr\n\nCVE-2012-2369\nFormat string vulnerability in the log_message_cb function in\notr-plugin.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin\nbefore 3.2.1 for Pidgin might allow remote attackers to execute\narbitrary code via format string specifiers in data that generates a\nlog message.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.cypherpunks.ca/otr/\nhttp://www.vuxml.org/freebsd/aa71daaa-9f8c-11e1-bd0a-0082a0c18826.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(71372);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2012-2369\");\n script_version(\"$Revision: 5888 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-07 11:01:53 +0200 (Fri, 07 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-31 11:53:51 -0400 (Thu, 31 May 2012)\");\n script_name(\"FreeBSD Ports: pidgin-otr\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\nvuln = 0;\ntxt = \"\";\nbver = portver(pkg:\"pidgin-otr\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.2.1\")<0) {\n txt += \"Package pidgin-otr version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt ));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "FreeBSD Local Security Checks", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1660004461, "score": 1659838957}, "_internal": {"score_hash": "478b1e60889ca859150812c52239e91c"}}
{"securityvulns": [{"lastseen": "2018-08-31T11:10:44", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2476-1 security@debian.org\r\nhttp://www.debian.org/security/ Jonathan Wiltshire\r\nMay 19, 2012 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : pidgin-otr\r\nVulnerability : format string vulnerability\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2012-2369\r\nDebian Bug : 673154\r\n\r\nintrigeri discovered a format string error in pidgin-otr, an off-the-record\r\nmessaging plugin for Pidgin.\r\n\r\nThis could be exploited by a remote attacker to cause arbitrary code to\r\nbe executed on the user's machine.\r\n\r\nThe problem is only in pidgin-otr. Other applications which use libotr are\r\nnot affected.\r\n\r\nFor the stable distribution (squeeze), this problem has been fixed in\r\nversion 3.2.0-5+squeeze1.\r\n\r\nFor the testing distribution (wheezy), this problem has been fixed in\r\nversion 3.2.1-1.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in\r\nversion 3.2.1-1.\r\n\r\nWe recommend that you upgrade your pidgin-otr packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 (GNU/Linux)\r\n\r\niQEcBAEBAgAGBQJPt/OHAAoJEL97/wQC1SS+lH0IAIunPaG8K1FkRvp/HWeqAXHG\r\nPeWKPCgeSw6bl5Ab5zQuaZLhCT3XLYLJJq+wKm6sEaTlFstA3C7Tcf8b+n802+yP\r\nHXueDzn+J4wYhBD6l+R8xfPYkFUqnkjMIqVYoEvpEjbCTCBUhDep/vtzOOh3ZL8y\r\nIz0Hgun1CL186o1p4SCNd8irLfmxUg41vOob8+XTLNKYUxDyomLk9p111f8i62wV\r\nAWOqGJ+AEzY2Ni6ThFNJdnbm2ThFfOfgS8TK3r3331PX9+eHpfR3+cxIBGZ+3dtu\r\nOx7qkDd6c/Ko7cLqkiT6A/DHYZ98p1KxEDqS5eTcTwTOyL+GE7s1cJMsSApCAdw=\r\n=gcop\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "cvss3": {}, "published": "2012-05-24T00:00:00", "title": "[SECURITY] [DSA 2476-1] pidgin-otr security update", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2012-2369"], "modified": "2012-05-24T00:00:00", "id": "SECURITYVULNS:DOC:28088", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28088", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:47", "description": "No description provided", "edition": 1, "cvss3": {}, "published": "2012-05-24T00:00:00", "title": "Pidgin otr plugin format string vulnerability", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2012-2369"], "modified": "2012-05-24T00:00:00", "id": "SECURITYVULNS:VULN:12387", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12387", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2019-05-29T18:38:58", "description": "The remote host is missing an update to pidgin-otr\nannounced via advisory DSA 2476-1.", "cvss3": {}, "published": "2012-05-31T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2476-1 (pidgin-otr)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2369"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:136141256231071354", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071354", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2476_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2476-1 (pidgin-otr)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71354\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2012-2369\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-31 11:51:37 -0400 (Thu, 31 May 2012)\");\n script_name(\"Debian Security Advisory DSA 2476-1 (pidgin-otr)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(6|7)\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202476-1\");\n script_tag(name:\"insight\", value:\"intrigeri discovered a format string error in pidgin-otr, an off-the-record\nmessaging plugin for Pidgin.\n\nThis could be exploited by a remote attacker to cause arbitrary code to\nbe executed on the user's machine.\n\nThe problem is only in pidgin-otr. Other applications which use libotr are\nnot affected.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.2.0-5+squeeze1.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 3.2.1-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.2.1-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your pidgin-otr packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to pidgin-otr\nannounced via advisory DSA 2476-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"pidgin-otr\", ver:\"3.2.0-5+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"pidgin-otr\", ver:\"3.2.1-1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:24", "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "cvss3": {}, "published": "2012-05-31T00:00:00", "type": "openvas", "title": "FreeBSD Ports: pidgin-otr", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2369"], "modified": "2018-10-05T00:00:00", "id": "OPENVAS:136141256231071372", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071372", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_pidgin-otr.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from VID aa71daaa-9f8c-11e1-bd0a-0082a0c18826\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71372\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2012-2369\");\n script_version(\"$Revision: 11762 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-31 11:53:51 -0400 (Thu, 31 May 2012)\");\n script_name(\"FreeBSD Ports: pidgin-otr\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following package is affected: pidgin-otr\n\nCVE-2012-2369\nFormat string vulnerability in the log_message_cb function in\notr-plugin.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin\nbefore 3.2.1 for Pidgin might allow remote attackers to execute\narbitrary code via format string specifiers in data that generates a\nlog message.\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_xref(name:\"URL\", value:\"http://www.cypherpunks.ca/otr/\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/aa71daaa-9f8c-11e1-bd0a-0082a0c18826.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"pidgin-otr\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.2.1\")<0) {\n txt += \"Package pidgin-otr version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:10", "description": "The remote host is missing updates announced in\nadvisory GLSA 201207-05.", "cvss3": {}, "published": "2012-08-10T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201207-05 (pidgin-otr)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2369"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:136141256231071567", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071567", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201207_05.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71567\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2012-2369\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-10 03:22:54 -0400 (Fri, 10 Aug 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201207-05 (pidgin-otr)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"A format string vulnerability in pidgin-otr may allow execution of\narbitrary code.\");\n script_tag(name:\"solution\", value:\"All pidgin-otr users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=x11-plugins/pidgin-otr-3.2.1'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201207-05\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=416263\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201207-05.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"x11-plugins/pidgin-otr\", unaffected: make_list(\"ge 3.2.1\"), vulnerable: make_list(\"lt 3.2.1\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:01", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-05-22T00:00:00", "type": "openvas", "title": "Fedora Update for pidgin-otr FEDORA-2012-8063", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2369"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864246", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864246", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for pidgin-otr FEDORA-2012-8063\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080621.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864246\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-22 10:09:47 +0530 (Tue, 22 May 2012)\");\n script_cve_id(\"CVE-2012-2369\");\n script_xref(name:\"FEDORA\", value:\"2012-8063\");\n script_name(\"Fedora Update for pidgin-otr FEDORA-2012-8063\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'pidgin-otr'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"pidgin-otr on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"pidgin-otr\", rpm:\"pidgin-otr~3.2.1~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:02", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for pidgin-otr FEDORA-2012-7948", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2369"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310864345", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864345", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for pidgin-otr FEDORA-2012-7948\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080969.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864345\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:04:24 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-2369\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-7948\");\n script_name(\"Fedora Update for pidgin-otr FEDORA-2012-7948\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'pidgin-otr'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"pidgin-otr on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"pidgin-otr\", rpm:\"pidgin-otr~3.2.1~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-02T10:56:29", "description": "Check for the Version of pidgin-otr", "cvss3": {}, "published": "2012-05-22T00:00:00", "type": "openvas", "title": "Fedora Update for pidgin-otr FEDORA-2012-8063", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2369"], "modified": "2018-01-02T00:00:00", "id": "OPENVAS:864246", "href": "http://plugins.openvas.org/nasl.php?oid=864246", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for pidgin-otr FEDORA-2012-8063\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"pidgin-otr on Fedora 16\";\ntag_insight = \"This is a Pidgin plugin which implements Off-the-Record (OTR) Messaging.\n It is known to work (at least) under the Linux and Windows versions of\n Pidgin.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080621.html\");\n script_id(864246);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 8267 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 07:29:17 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-22 10:09:47 +0530 (Tue, 22 May 2012)\");\n script_cve_id(\"CVE-2012-2369\");\n script_xref(name: \"FEDORA\", value: \"2012-8063\");\n script_name(\"Fedora Update for pidgin-otr FEDORA-2012-8063\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of pidgin-otr\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"pidgin-otr\", rpm:\"pidgin-otr~3.2.1~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:41", "description": "The remote host is missing updates announced in\nadvisory GLSA 201207-05.", "cvss3": {}, "published": "2012-08-10T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201207-05 (pidgin-otr)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2369"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:71567", "href": "http://plugins.openvas.org/nasl.php?oid=71567", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A format string vulnerability in pidgin-otr may allow execution of\narbitrary code.\";\ntag_solution = \"All pidgin-otr users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=x11-plugins/pidgin-otr-3.2.1'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201207-05\nhttp://bugs.gentoo.org/show_bug.cgi?id=416263\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201207-05.\";\n\n \n \nif(description)\n{\n script_id(71567);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2012-2369\");\n script_version(\"$Revision: 6589 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 10:27:50 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-10 03:22:54 -0400 (Fri, 10 Aug 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201207-05 (pidgin-otr)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"x11-plugins/pidgin-otr\", unaffected: make_list(\"ge 3.2.1\"), vulnerable: make_list(\"lt 3.2.1\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:56:45", "description": "Check for the Version of pidgin-otr", "cvss3": {}, "published": "2012-08-30T00:00:00", "type": "openvas", "title": "Fedora Update for pidgin-otr FEDORA-2012-7948", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2369"], "modified": "2018-01-02T00:00:00", "id": "OPENVAS:864345", "href": "http://plugins.openvas.org/nasl.php?oid=864345", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for pidgin-otr FEDORA-2012-7948\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"pidgin-otr on Fedora 17\";\ntag_insight = \"This is a Pidgin plugin which implements Off-the-Record (OTR) Messaging.\n It is known to work (at least) under the Linux and Windows versions of\n Pidgin.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080969.html\");\n script_id(864345);\n script_version(\"$Revision: 8267 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 07:29:17 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:04:24 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-2369\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-7948\");\n script_name(\"Fedora Update for pidgin-otr FEDORA-2012-7948\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of pidgin-otr\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"pidgin-otr\", rpm:\"pidgin-otr~3.2.1~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:36", "description": "The remote host is missing an update to pidgin-otr\nannounced via advisory DSA 2476-1.", "cvss3": {}, "published": "2012-05-31T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2476-1 (pidgin-otr)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2369"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:71354", "href": "http://plugins.openvas.org/nasl.php?oid=71354", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2476_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2476-1 (pidgin-otr)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"intrigeri discovered a format string error in pidgin-otr, an off-the-record\nmessaging plugin for Pidgin.\n\nThis could be exploited by a remote attacker to cause arbitrary code to\nbe executed on the user's machine.\n\nThe problem is only in pidgin-otr. Other applications which use libotr are\nnot affected.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.2.0-5+squeeze1.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 3.2.1-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.2.1-1.\n\nWe recommend that you upgrade your pidgin-otr packages.\";\ntag_summary = \"The remote host is missing an update to pidgin-otr\nannounced via advisory DSA 2476-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202476-1\";\n\nif(description)\n{\n script_id(71354);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2012-2369\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-31 11:51:37 -0400 (Thu, 31 May 2012)\");\n script_name(\"Debian Security Advisory DSA 2476-1 (pidgin-otr)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"pidgin-otr\", ver:\"3.2.0-5+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"pidgin-otr\", ver:\"3.2.1-1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2021-10-21T23:56:01", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2476-1 security@debian.org\nhttp://www.debian.org/security/ Jonathan Wiltshire\nMay 19, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : pidgin-otr\nVulnerability : format string vulnerability\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-2369\nDebian Bug : 673154\n\nintrigeri discovered a format string error in pidgin-otr, an off-the-record\nmessaging plugin for Pidgin.\n\nThis could be exploited by a remote attacker to cause arbitrary code to\nbe executed on the user's machine.\n\nThe problem is only in pidgin-otr. Other applications which use libotr are\nnot affected.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.2.0-5+squeeze1.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 3.2.1-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.2.1-1.\n\nWe recommend that you upgrade your pidgin-otr packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2012-05-19T19:30:04", "type": "debian", "title": "[SECURITY] [DSA 2476-1] pidgin-otr security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2369"], "modified": "2012-05-19T19:30:04", "id": "DEBIAN:DSA-2476-1:A6FCD", "href": "https://lists.debian.org/debian-security-announce/2012/msg00113.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T19:12:38", "description": "### Background\n\npidgin-otr messaging allows you to have private conversations over instant messaging. \n\n### Description\n\nA format string vulnerability has been found in the \"log_message_cb()\" function in otr-plugin.c. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll pidgin-otr users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-plugins/pidgin-otr-3.2.1\"", "cvss3": {}, "published": "2012-07-09T00:00:00", "type": "gentoo", "title": "pidgin-otr: Arbitrary code execution", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2369"], "modified": "2012-07-09T00:00:00", "id": "GLSA-201207-05", "href": "https://security.gentoo.org/glsa/201207-05", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-08-19T12:58:06", "description": "The remote host is affected by the vulnerability described in GLSA-201207-05 (pidgin-otr: Arbitrary code execution)\n\n A format string vulnerability has been found in the 'log_message_cb()' function in otr-plugin.c.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2012-07-10T00:00:00", "type": "nessus", "title": "GLSA-201207-05 : pidgin-otr: Arbitrary code execution", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2369"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:pidgin-otr", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201207-05.NASL", "href": "https://www.tenable.com/plugins/nessus/59897", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201207-05.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59897);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-2369\");\n script_bugtraq_id(53557);\n script_xref(name:\"GLSA\", value:\"201207-05\");\n\n script_name(english:\"GLSA-201207-05 : pidgin-otr: Arbitrary code execution\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201207-05\n(pidgin-otr: Arbitrary code execution)\n\n A format string vulnerability has been found in the 'log_message_cb()'\n function in otr-plugin.c.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201207-05\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All pidgin-otr users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=x11-plugins/pidgin-otr-3.2.1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:pidgin-otr\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"x11-plugins/pidgin-otr\", unaffected:make_list(\"ge 3.2.1\"), vulnerable:make_list(\"lt 3.2.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pidgin-otr\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T14:43:15", "description": "New release addresses Format string vulnerability CVE-2012-2369\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-05-21T00:00:00", "type": "nessus", "title": "Fedora 16 : pidgin-otr-3.2.1-1.fc16 (2012-8063)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2369"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:pidgin-otr", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-8063.NASL", "href": "https://www.tenable.com/plugins/nessus/59205", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-8063.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59205);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_bugtraq_id(53557);\n script_xref(name:\"FEDORA\", value:\"2012-8063\");\n\n script_name(english:\"Fedora 16 : pidgin-otr-3.2.1-1.fc16 (2012-8063)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New release addresses Format string vulnerability CVE-2012-2369\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-May/080621.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6750d718\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pidgin-otr package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pidgin-otr\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"pidgin-otr-3.2.1-1.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pidgin-otr\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T14:43:51", "description": "New release addresses Format string vulnerability CVE-2012-2369\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-05-29T00:00:00", "type": "nessus", "title": "Fedora 17 : pidgin-otr-3.2.1-1.fc17 (2012-7948)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2369"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:pidgin-otr", "cpe:/o:fedoraproject:fedora:17"], "id": "FEDORA_2012-7948.NASL", "href": "https://www.tenable.com/plugins/nessus/59272", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-7948.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59272);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_bugtraq_id(53557);\n script_xref(name:\"FEDORA\", value:\"2012-7948\");\n\n script_name(english:\"Fedora 17 : pidgin-otr-3.2.1-1.fc17 (2012-7948)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New release addresses Format string vulnerability CVE-2012-2369\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-May/080969.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c754a0f8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pidgin-otr package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pidgin-otr\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"pidgin-otr-3.2.1-1.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pidgin-otr\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:26", "description": "The version of Pidgin OTR (Off-the-Record) installed on the remote Windows host is prior to 3.2.1 and is, therefore, affected by a format string vulnerability that could allow a remote attacker to execute arbitrary code on the affected host.", "cvss3": {"score": null, "vector": null}, "published": "2012-05-18T00:00:00", "type": "nessus", "title": "Pidgin OTR < 3.2.1 Format String", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2369"], "modified": "2019-12-04T00:00:00", "cpe": ["cpe:/a:otr:pidgin-otr"], "id": "PIDGIN_OTR_3_2_1.NASL", "href": "https://www.tenable.com/plugins/nessus/59195", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59195);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/12/04\");\n\n script_cve_id(\"CVE-2012-2369\");\n script_bugtraq_id(53557);\n\n script_name(english:\"Pidgin OTR < 3.2.1 Format String\");\n script_summary(english:\"Checks version of Pidgin OTR\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an application installed that is affected by a\nremote format string vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Pidgin OTR (Off-the-Record) installed on the remote\nWindows host is prior to 3.2.1 and is, therefore, affected by a format\nstring vulnerability that could allow a remote attacker to execute\narbitrary code on the affected host.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://otr.cypherpunks.ca/index.php#news\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/oss-sec/2012/q2/335\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Pidgin OTR 3.2.1 or higher.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-2369\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:otr:pidgin-otr\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"pidgin_otr_installed.nasl\");\n script_require_keys(\"SMB/Pidgin_OTR/Installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"audit.inc\");\n\nappname = \"Pidgin OTR\";\nkb_base = \"SMB/Pidgin_OTR/\";\n\nget_kb_item_or_exit(kb_base + \"Installed\");\nver_str = get_kb_item_or_exit(kb_base + \"Version\");\npath = get_kb_item_or_exit(kb_base + \"Path\");\n\n# 3.2.1-1 -> 3.2.1, drop revision information if present\n# we don't need it for check\nitem = eregmatch(pattern:\"([0-9\\.]+)\", string:ver_str);\nversion = item[1];\n\nfix = \"3.2.1\";\nif (ver_compare(ver:version, fix:fix, strict:FALSE) == -1)\n{ \n port = get_kb_item(\"SMB/transport\");\n\n if (report_verbosity > 0)\n {\n report = '\\n Path : ' + path + \n '\\n Installed version : ' + ver_str +\n '\\n Fixed version : 3.2.1\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n} \nelse audit(AUDIT_INST_PATH_NOT_VULN, appname, ver_str, path);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:49:35", "description": "pidgin-otr was prone to a format string flaw in log_message_cb", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : pidgin-otr (openSUSE-SU-2012:0717-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2369"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:pidgin-otr", "p-cpe:/a:novell:opensuse:pidgin-otr-debuginfo", "p-cpe:/a:novell:opensuse:pidgin-otr-debugsource", "cpe:/o:novell:opensuse:12.1"], "id": "OPENSUSE-2012-314.NASL", "href": "https://www.tenable.com/plugins/nessus/74646", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-314.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74646);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-2369\");\n\n script_name(english:\"openSUSE Security Update : pidgin-otr (openSUSE-SU-2012:0717-1)\");\n script_summary(english:\"Check for the openSUSE-2012-314 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"pidgin-otr was prone to a format string flaw in log_message_cb\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=762498\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-06/msg00005.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pidgin-otr packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pidgin-otr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pidgin-otr-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pidgin-otr-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"pidgin-otr-3.2.0-151.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"pidgin-otr-debuginfo-3.2.0-151.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"pidgin-otr-debugsource-3.2.0-151.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pidgin-otr / pidgin-otr-debuginfo / pidgin-otr-debugsource\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:19", "description": "intrigeri discovered a format string error in pidgin-otr, an Off-the-Record Messaging plugin for Pidgin.\n\nThis could be exploited by a remote attacker to cause arbitrary code to be executed on the user's machine.\n\nThe problem is only in pidgin-otr. Other applications which use libotr are not affected.", "cvss3": {"score": null, "vector": null}, "published": "2012-05-22T00:00:00", "type": "nessus", "title": "Debian DSA-2476-1 : pidgin-otr - format string vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2369"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:pidgin-otr", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2476.NASL", "href": "https://www.tenable.com/plugins/nessus/59215", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2476. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59215);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-2369\");\n script_xref(name:\"DSA\", value:\"2476\");\n\n script_name(english:\"Debian DSA-2476-1 : pidgin-otr - format string vulnerability\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"intrigeri discovered a format string error in pidgin-otr, an\nOff-the-Record Messaging plugin for Pidgin.\n\nThis could be exploited by a remote attacker to cause arbitrary code\nto be executed on the user's machine.\n\nThe problem is only in pidgin-otr. Other applications which use libotr\nare not affected.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673154\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/pidgin-otr\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2476\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the pidgin-otr packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.2.0-5+squeeze1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pidgin-otr\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"pidgin-otr\", reference:\"3.2.0-5+squeeze1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:58:30", "description": "The authors report :\n\nVersions 3.2.0 and earlier of the pidgin-otr plugin contain a format string security flaw. This flaw could potentially be exploited by a remote attacker to cause arbitrary code to be executed on the user's machine.\n\nThe flaw is in pidgin-otr, not in libotr. Other applications that use libotr are not affected.", "cvss3": {"score": null, "vector": null}, "published": "2012-05-17T00:00:00", "type": "nessus", "title": "FreeBSD : pidgin-otr -- format string vulnerability (aa71daaa-9f8c-11e1-bd0a-0082a0c18826)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2369"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:pidgin-otr", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_AA71DAAA9F8C11E1BD0A0082A0C18826.NASL", "href": "https://www.tenable.com/plugins/nessus/59168", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59168);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-2369\");\n\n script_name(english:\"FreeBSD : pidgin-otr -- format string vulnerability (aa71daaa-9f8c-11e1-bd0a-0082a0c18826)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The authors report :\n\nVersions 3.2.0 and earlier of the pidgin-otr plugin contain a format\nstring security flaw. This flaw could potentially be exploited by a\nremote attacker to cause arbitrary code to be executed on the user's\nmachine.\n\nThe flaw is in pidgin-otr, not in libotr. Other applications that use\nlibotr are not affected.\"\n );\n # http://www.cypherpunks.ca/otr/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://otr.cypherpunks.ca/\"\n );\n # https://vuxml.freebsd.org/freebsd/aa71daaa-9f8c-11e1-bd0a-0082a0c18826.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dbc540c3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:pidgin-otr\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"pidgin-otr<3.2.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:56:00", "description": "A format string flaw in pidgin-otr could have caused a denial of service condition or even potentially allowed attackers to execute arbitrary code. This has been fixed.", "cvss3": {"score": null, "vector": null}, "published": "2013-01-25T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : pidgin-otr (SAT Patch Number 6380)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2369"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:pidgin-otr", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_PIDGIN-OTR-120604.NASL", "href": "https://www.tenable.com/plugins/nessus/64212", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64212);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-2369\");\n\n script_name(english:\"SuSE 11.1 Security Update : pidgin-otr (SAT Patch Number 6380)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A format string flaw in pidgin-otr could have caused a denial of\nservice condition or even potentially allowed attackers to execute\narbitrary code. This has been fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=762498\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-2369.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 6380.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:pidgin-otr\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"pidgin-otr-3.2.0-1.40.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"pidgin-otr-3.2.0-1.40.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-04T11:26:30", "description": "A format string flaw in pidgin-otr could have caused a\n denial of service condition or even potentially allowed\n attackers to execute arbitrary code. This has been fixed.\n", "cvss3": {}, "published": "2012-06-06T03:08:27", "type": "suse", "title": "Security update for pidgin-otr (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-2369"], "modified": "2012-06-06T03:08:27", "id": "SUSE-SU-2012:0703-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00003.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cve": [{"lastseen": "2022-03-23T12:17:28", "description": "Format string vulnerability in the log_message_cb function in otr-plugin.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 3.2.1 for Pidgin might allow remote attackers to execute arbitrary code via format string specifiers in data that generates a log message.", "cvss3": {}, "published": "2012-05-23T20:55:00", "type": "cve", "title": "CVE-2012-2369", "cwe": ["CWE-134"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2369"], "modified": "2018-01-06T02:29:00", "cpe": ["cpe:/a:cypherpunks:pidgin-otr:3.2.0"], "id": "CVE-2012-2369", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2369", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:cypherpunks:pidgin-otr:3.2.0:*:*:*:*:*:*:*"]}], "freebsd": [{"lastseen": "2022-01-19T16:03:49", "description": "\n\nThe authors report:\n\nVersions 3.2.0 and earlier of the pidgin-otr plugin contain\n\t a format string security flaw. This flaw could potentially be\n\t exploited by a remote attacker to cause arbitrary code to be\n\t executed on the user's machine.\nThe flaw is in pidgin-otr, not in libotr. Other applications\n\t that use libotr are not affected.\n\n\n", "cvss3": {}, "published": "2012-05-16T00:00:00", "type": "freebsd", "title": "pidgin-otr -- format string vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2369"], "modified": "2012-05-16T00:00:00", "id": "AA71DAAA-9F8C-11E1-BD0A-0082A0C18826", "href": "https://vuxml.freebsd.org/freebsd/aa71daaa-9f8c-11e1-bd0a-0082a0c18826.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-07-21T08:30:47", "description": "\nintrigeri discovered a format string error in pidgin-otr, an Off-the-Record\nMessaging plugin for Pidgin.\n\n\nThis could be exploited by a remote attacker to cause arbitrary code to\nbe executed on the user's machine.\n\n\nThe problem is only in pidgin-otr. Other applications which use libotr are\nnot affected.\n\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 3.2.0-5+squeeze1.\n\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 3.2.1-1.\n\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.2.1-1.\n\n\nWe recommend that you upgrade your pidgin-otr packages.\n\n\n", "cvss3": {}, "published": "2012-05-19T00:00:00", "type": "osv", "title": "pidgin-otr - format string vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2369"], "modified": "2022-07-21T05:47:43", "id": "OSV:DSA-2476-1", "href": "https://osv.dev/vulnerability/DSA-2476-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "description": "This is a Pidgin plugin which implements Off-the-Record (OTR) Messaging. It is known to work (at least) under the Linux and Windows versions of Pidgin. ", "cvss3": {}, "published": "2012-05-18T10:36:53", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: pidgin-otr-3.2.1-1.fc16", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2369"], "modified": "2012-05-18T10:36:53", "id": "FEDORA:240DC20AA6", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/W65CO6NTLGL6RTXBWYV3XAEMG5IYHFD4/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "description": "This is a Pidgin plugin which implements Off-the-Record (OTR) Messaging. It is known to work (at least) under the Linux and Windows versions of Pidgin. ", "cvss3": {}, "published": "2012-05-26T07:23:19", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: pidgin-otr-3.2.1-1.fc17", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2369"], "modified": "2012-05-26T07:23:19", "id": "FEDORA:F3008215A7", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7FAMD6F6AIPET62H3R5KMFLMKJG55E3B/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2022-08-04T14:30:07", "description": "Format string vulnerability in the log_message_cb function in otr-plugin.c\nin the Off-the-Record Messaging (OTR) pidgin-otr plugin before 3.2.1 for\nPidgin might allow remote attackers to execute arbitrary code via format\nstring specifiers in data that generates a log message.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673154>\n * <https://bugs.launchpad.net/ubuntu/+source/pidgin-otr/+bug/1000363>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[sbeattie](<https://launchpad.net/~sbeattie>) | should be mitigated by -D_FORTIFY_SOURCE=2\n", "cvss3": {}, "published": "2012-05-23T00:00:00", "type": "ubuntucve", "title": "CVE-2012-2369", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2369"], "modified": "2012-05-23T00:00:00", "id": "UB:CVE-2012-2369", "href": "https://ubuntu.com/security/CVE-2012-2369", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2022-07-04T06:01:41", "description": "Format string vulnerability in the log_message_cb function in otr-plugin.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 3.2.1 for Pidgin might allow remote attackers to execute arbitrary code via format string specifiers in data that generates a log message.", "cvss3": {}, "published": "2012-05-23T20:55:00", "type": "debiancve", "title": "CVE-2012-2369", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2369"], "modified": "2012-05-23T20:55:00", "id": "DEBIANCVE:CVE-2012-2369", "href": "https://security-tracker.debian.org/tracker/CVE-2012-2369", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
FreeBSD Ports: pidgin-otr
