Lucene search

K

PRIOn knowledge basePRION:CVE-2009-3026

HistoryAug 31, 2009 - 8:30 p.m.

Design/Logic Flaw

2009-08-3120:30:00

PRIOn knowledge base

www.prio-n.com

5

6.7 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

74.3%

protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the “require TLS/SSL” preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption and allows remote attackers to sniff sessions.

CPENameOperatorVersion
pidgineq2.6.0

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=542891

developer.pidgin.im/ticket/8131

developer.pidgin.im/viewmtn/revision/diff/312e056d702d29379ea61aea9d27765f127bc888/with/55897c4ce0787edc1e7721b7f4a9b5cbc8357279

secunia.com/advisories/37071

www.openwall.com/lists/oss-security/2009/08/24/2

www.securityfocus.com/bid/36368

exchange.xforce.ibmcloud.com/vulnerabilities/53000

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11070

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5757

6.7 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

74.3%

Related for PRION:CVE-2009-3026

veracode1 cvelist1 debiancve1 ubuntucve1 cve1 openvas22 nessus18 securityvulns2 gentoo1 redhat1 centos1 oraclelinux1