{"cve": [{"lastseen": "2018-01-18T11:54:59", "bulletinFamily": "NVD", "description": "The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin before 2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by changing a nickname while in an XMPP chat room.", "modified": "2018-01-17T21:29:01", "published": "2012-03-15T06:55:01", "id": "CVE-2011-4939", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4939", "title": "CVE-2011-4939", "type": "cve", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-18T11:55:07", "bulletinFamily": "NVD", "description": "The msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service (application crash) via an OIM message that lacks UTF-8 encoding.", "modified": "2018-01-17T21:29:12", "published": "2012-03-15T06:55:01", "id": "CVE-2012-1178", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1178", "title": "CVE-2012-1178", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:44", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2012:029\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : pidgin\r\n Date : March 16, 2012\r\n Affected: 2011., Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Multiple vulnerabilities has been discovered and corrected in pidgin:\r\n \r\n The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin\r\n before 2.10.2 allows remote attackers to cause a denial of service\r\n (NULL pointer dereference and application crash) by changing a nickname\r\n while in an XMPP chat room (CVE-2011-4939).\r\n \r\n The msn_oim_report_to_user function in oim.c in the MSN protocol\r\n plugin in libpurple in Pidgin before 2.10.2 allows remote servers to\r\n cause a denial of service (application crash) via an OIM message that\r\n lacks UTF-8 encoding (CVE-2012-1178).\r\n \r\n This update provides pidgin 2.10.2, which is not vulnerable to\r\n these issues.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4939\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1178\r\n http://www.pidgin.im/news/security/\r\n http://pidgin.im/news/security/?id=60\r\n http://pidgin.im/news/security/?id=61\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2011:\r\n d43d0101f88ab54df4721b49bbfcbd47 2011/i586/finch-2.10.2-0.1-mdv2011.0.i586.rpm\r\n 0cb536b1fb989b8706240a58ca01eb1c 2011/i586/libfinch0-2.10.2-0.1-mdv2011.0.i586.rpm\r\n 10a39a3b20735cebdd268e8c94c66811 2011/i586/libpurple0-2.10.2-0.1-mdv2011.0.i586.rpm\r\n 046ac86afa986a1e7dd7bae15a2e03c0 2011/i586/libpurple-devel-2.10.2-0.1-mdv2011.0.i586.rpm\r\n 382300ecec41008daa5d31a875795fc8 2011/i586/pidgin-2.10.2-0.1-mdv2011.0.i586.rpm\r\n 950290cc8a4a0788458d92f457aaab1e 2011/i586/pidgin-bonjour-2.10.2-0.1-mdv2011.0.i586.rpm\r\n b1d60f79d998fcbdd3cc00e03658a1c1 2011/i586/pidgin-client-2.10.2-0.1-mdv2011.0.i586.rpm\r\n ecd78ce4555ae2d022523c87c55454a4 2011/i586/pidgin-gevolution-2.10.2-0.1-mdv2011.0.i586.rpm\r\n ccc331d78938f4cc7e648cc7459444e4 2011/i586/pidgin-i18n-2.10.2-0.1-mdv2011.0.i586.rpm\r\n da7eae1f1bf161b87ea30cb3811486a6 2011/i586/pidgin-meanwhile-2.10.2-0.1-mdv2011.0.i586.rpm\r\n 068f7a6d905007052fc5b3b80cec7c2f 2011/i586/pidgin-perl-2.10.2-0.1-mdv2011.0.i586.rpm\r\n abe2d9f54fd720cc5fe0b814f0676d75 2011/i586/pidgin-plugins-2.10.2-0.1-mdv2011.0.i586.rpm\r\n 2aaef5a16d0da257e615a5a43f5cecfe 2011/i586/pidgin-silc-2.10.2-0.1-mdv2011.0.i586.rpm\r\n 72e4b2d2fdc011993bd85c58deaa75c7 2011/i586/pidgin-tcl-2.10.2-0.1-mdv2011.0.i586.rpm \r\n fb74b14c9e4d5bc8d1e0713e0e91d788 2011/SRPMS/pidgin-2.10.2-0.1.src.rpm\r\n\r\n Mandriva Linux 2011/X86_64:\r\n 9a4bf7e801d1a9cad6466e94b4be3fd0 2011/x86_64/finch-2.10.2-0.1-mdv2011.0.x86_64.rpm\r\n cc101bd802e81b630e18053a762ef57b 2011/x86_64/lib64finch0-2.10.2-0.1-mdv2011.0.x86_64.rpm\r\n 753668f3396efa4269f01a31a72761bb 2011/x86_64/lib64purple0-2.10.2-0.1-mdv2011.0.x86_64.rpm\r\n 54c16e684f7e237973bc8a4a75671997 2011/x86_64/lib64purple-devel-2.10.2-0.1-mdv2011.0.x86_64.rpm\r\n c67c0bdd52aa429529f8911ac84f60d3 2011/x86_64/pidgin-2.10.2-0.1-mdv2011.0.x86_64.rpm\r\n ee7d7717c71119cce8f3bba710a15406 2011/x86_64/pidgin-bonjour-2.10.2-0.1-mdv2011.0.x86_64.rpm\r\n 7f84358dabcc9578beabe1d9a2d8c6d9 2011/x86_64/pidgin-client-2.10.2-0.1-mdv2011.0.x86_64.rpm\r\n b3f464a55d023e09101faa975aa279f6 2011/x86_64/pidgin-gevolution-2.10.2-0.1-mdv2011.0.x86_64.rpm\r\n ca70e67fc54f0abb959b7e5b32a17ae5 2011/x86_64/pidgin-i18n-2.10.2-0.1-mdv2011.0.x86_64.rpm\r\n 3ec278a284fa7e9e8c108dde9237c84a 2011/x86_64/pidgin-meanwhile-2.10.2-0.1-mdv2011.0.x86_64.rpm\r\n 2160d440723ccd0146fdf73d080d9487 2011/x86_64/pidgin-perl-2.10.2-0.1-mdv2011.0.x86_64.rpm\r\n 0da3d45908d0ff4f56d9257603a9b05d 2011/x86_64/pidgin-plugins-2.10.2-0.1-mdv2011.0.x86_64.rpm\r\n 11461747aed93ec09971c3aaddc2a1dc 2011/x86_64/pidgin-silc-2.10.2-0.1-mdv2011.0.x86_64.rpm\r\n 4f0f6e4a042ba2de61d36f0b7a5e6ee8 2011/x86_64/pidgin-tcl-2.10.2-0.1-mdv2011.0.x86_64.rpm \r\n fb74b14c9e4d5bc8d1e0713e0e91d788 2011/SRPMS/pidgin-2.10.2-0.1.src.rpm\r\n\r\n Mandriva Enterprise Server 5:\r\n 98176bf2dc43db51bda56e352a932a31 mes5/i586/finch-2.10.2-0.1mdvmes5.2.i586.rpm\r\n 3a3968095ec2913ae4804e402185973e mes5/i586/libfinch0-2.10.2-0.1mdvmes5.2.i586.rpm\r\n afde08c26b239b655ca572e36e130225 mes5/i586/libpurple0-2.10.2-0.1mdvmes5.2.i586.rpm\r\n e1962de89b05b7030980b67eb8468112 mes5/i586/libpurple-devel-2.10.2-0.1mdvmes5.2.i586.rpm\r\n b86d63e64d1e7f6088f814e7ed7f750b mes5/i586/pidgin-2.10.2-0.1mdvmes5.2.i586.rpm\r\n 71858e3b063eb3069fb1f26b57842572 mes5/i586/pidgin-bonjour-2.10.2-0.1mdvmes5.2.i586.rpm\r\n 9adf07b928e291b16009cd20a2948dca mes5/i586/pidgin-client-2.10.2-0.1mdvmes5.2.i586.rpm\r\n c3f899d615f11a811da7b42e313b5727 mes5/i586/pidgin-gevolution-2.10.2-0.1mdvmes5.2.i586.rpm\r\n 6d7840859c24f27bf365afd9985c248c mes5/i586/pidgin-i18n-2.10.2-0.1mdvmes5.2.i586.rpm\r\n fcab90775cd1e9502f859503820838ff mes5/i586/pidgin-meanwhile-2.10.2-0.1mdvmes5.2.i586.rpm\r\n c22fd1876ba641fa62c6f9b45cb5a761 mes5/i586/pidgin-perl-2.10.2-0.1mdvmes5.2.i586.rpm\r\n e6e5fd2457eaf4761caf82520a6b97e2 mes5/i586/pidgin-plugins-2.10.2-0.1mdvmes5.2.i586.rpm\r\n cac016b838884059b56d96b221e019f1 mes5/i586/pidgin-silc-2.10.2-0.1mdvmes5.2.i586.rpm\r\n 1c7900f6d723b5f7dbf3043dc72fc06b mes5/i586/pidgin-tcl-2.10.2-0.1mdvmes5.2.i586.rpm \r\n 5d7d088675ef2278ecd8abaecce60ea2 mes5/SRPMS/pidgin-2.10.2-0.1mdvmes5.2.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n 386eea89cf9212b8c39bf7c35f17aba4 mes5/x86_64/finch-2.10.2-0.1mdvmes5.2.x86_64.rpm\r\n 72a3e88110705a28bfdaa2a983ffda93 mes5/x86_64/lib64finch0-2.10.2-0.1mdvmes5.2.x86_64.rpm\r\n a80684b67e6873757895b8f19ffd0b58 mes5/x86_64/lib64purple0-2.10.2-0.1mdvmes5.2.x86_64.rpm\r\n df45736b7a7f6874545ac0e21c8ab654 mes5/x86_64/lib64purple-devel-2.10.2-0.1mdvmes5.2.x86_64.rpm\r\n 48c2332c458fc7eb09c09e3b9aa489fa mes5/x86_64/pidgin-2.10.2-0.1mdvmes5.2.x86_64.rpm\r\n 55f50f19e45c40201221c4fc974a1bcc mes5/x86_64/pidgin-bonjour-2.10.2-0.1mdvmes5.2.x86_64.rpm\r\n a2ef0a13cdf19b49bfb255128618c451 mes5/x86_64/pidgin-client-2.10.2-0.1mdvmes5.2.x86_64.rpm\r\n 81938c1e9ded10b9529f2bfc481bfa3c mes5/x86_64/pidgin-gevolution-2.10.2-0.1mdvmes5.2.x86_64.rpm\r\n bbce183143e426c03a91e58e49880c24 mes5/x86_64/pidgin-i18n-2.10.2-0.1mdvmes5.2.x86_64.rpm\r\n 0899857f03f5ea37a27f55d8cf5dcc05 mes5/x86_64/pidgin-meanwhile-2.10.2-0.1mdvmes5.2.x86_64.rpm\r\n 962492864ecd5dd982761ce511de10aa mes5/x86_64/pidgin-perl-2.10.2-0.1mdvmes5.2.x86_64.rpm\r\n 47d1c889595cb334cf4259c909c04c66 mes5/x86_64/pidgin-plugins-2.10.2-0.1mdvmes5.2.x86_64.rpm\r\n f47e860c64fa593d1e2ee45631b36e04 mes5/x86_64/pidgin-silc-2.10.2-0.1mdvmes5.2.x86_64.rpm\r\n cd28db4b2d38e3ccc760572b3cb5fcb3 mes5/x86_64/pidgin-tcl-2.10.2-0.1mdvmes5.2.x86_64.rpm \r\n 5d7d088675ef2278ecd8abaecce60ea2 mes5/SRPMS/pidgin-2.10.2-0.1mdvmes5.2.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 (GNU/Linux)\r\n\r\niD8DBQFPYvMjmqjQ0CJFipgRAvgOAJ0XpDNHUxenK3wPbl1HnGsbboIS1ACgyTMA\r\n+23QTOHoHQuUnBhtXSsUYCg=\r\n=HVjt\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2012-03-17T00:00:00", "published": "2012-03-17T00:00:00", "id": "SECURITYVULNS:DOC:27759", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27759", "title": "[ MDVSA-2012:029 ] pidgin", "type": "securityvulns", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-01-16T20:14:40", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities has been discovered and corrected in pidgin :\n\nThe pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin\nbefore 2.10.2 allows remote attackers to cause a denial of service\n(NULL pointer dereference and application crash) by changing a\nnickname while in an XMPP chat room (CVE-2011-4939).\n\nThe msn_oim_report_to_user function in oim.c in the MSN protocol\nplugin in libpurple in Pidgin before 2.10.2 allows remote servers to\ncause a denial of service (application crash) via an OIM message that\nlacks UTF-8 encoding (CVE-2012-1178).\n\nThis update provides pidgin 2.10.2, which is not vulnerable to these\nissues.", "modified": "2018-07-19T00:00:00", "published": "2012-09-06T00:00:00", "id": "MANDRIVA_MDVSA-2012-029.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=61945", "title": "Mandriva Linux Security Advisory : pidgin (MDVSA-2012:029)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:029. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61945);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/19 20:59:17\");\n\n script_cve_id(\"CVE-2011-4939\", \"CVE-2012-1178\");\n script_bugtraq_id(52475, 52476);\n script_xref(name:\"MDVSA\", value:\"2012:029\");\n\n script_name(english:\"Mandriva Linux Security Advisory : pidgin (MDVSA-2012:029)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been discovered and corrected in pidgin :\n\nThe pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin\nbefore 2.10.2 allows remote attackers to cause a denial of service\n(NULL pointer dereference and application crash) by changing a\nnickname while in an XMPP chat room (CVE-2011-4939).\n\nThe msn_oim_report_to_user function in oim.c in the MSN protocol\nplugin in libpurple in Pidgin before 2.10.2 allows remote servers to\ncause a denial of service (application crash) via an OIM message that\nlacks UTF-8 encoding (CVE-2012-1178).\n\nThis update provides pidgin 2.10.2, which is not vulnerable to these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://pidgin.im/news/security/?id=60\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://pidgin.im/news/security/?id=61\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.pidgin.im/news/security/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:finch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64finch0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64purple-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64purple0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libfinch0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpurple-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpurple0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-bonjour\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-gevolution\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-i18n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-meanwhile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-silc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:pidgin-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2011\", reference:\"finch-2.10.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64finch0-2.10.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64purple-devel-2.10.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64purple0-2.10.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libfinch0-2.10.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libpurple-devel-2.10.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libpurple0-2.10.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"pidgin-2.10.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"pidgin-bonjour-2.10.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"pidgin-client-2.10.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"pidgin-gevolution-2.10.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"pidgin-i18n-2.10.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"pidgin-meanwhile-2.10.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"pidgin-perl-2.10.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"pidgin-plugins-2.10.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"pidgin-silc-2.10.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"pidgin-tcl-2.10.2-0.1-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:13:30", "bulletinFamily": "scanner", "description": "The version of Pidgin installed on the remote host is earlier than\n2.10.2 and is potentially affected by the following issues :\n\n - A denial of service vulnerability (NULL pointer \n dereference) in the 'pidgin_conv_chat_rename_user' \n function in 'gtkconv.c'. Remote attackers can trigger \n the vulnerability by performing certain types of \n nickname changes while in an XMPP chat room. \n (CVE-2011-4939)\n\n - The msn_oim_report_to_user function in oim.c allows \n remote servers to cause an application crash by \n sending an OIM message without UTF-8 encoding. \n (CVE-2012-1178)", "modified": "2018-11-15T00:00:00", "published": "2012-03-21T00:00:00", "id": "PIDGIN_2_10_2.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=58410", "title": "Pidgin < 2.10.2 Multiple DoS", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58410);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/11/15 20:50:28\");\n\n script_cve_id(\"CVE-2011-4939\", \"CVE-2012-1178\");\n script_bugtraq_id(52475, 52476);\n\n script_name(english:\"Pidgin < 2.10.2 Multiple DoS\");\n script_summary(english:\"Does a version check\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"An instant messaging client installed on the remote Windows host is\npotentially affected by multiple denial of service vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The version of Pidgin installed on the remote host is earlier than\n2.10.2 and is potentially affected by the following issues :\n\n - A denial of service vulnerability (NULL pointer \n dereference) in the 'pidgin_conv_chat_rename_user' \n function in 'gtkconv.c'. Remote attackers can trigger \n the vulnerability by performing certain types of \n nickname changes while in an XMPP chat room. \n (CVE-2011-4939)\n\n - The msn_oim_report_to_user function in oim.c allows \n remote servers to cause an application crash by \n sending an OIM message without UTF-8 encoding. \n (CVE-2012-1178)\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://developer.pidgin.im/ticket/14392\");\n script_set_attribute(attribute:\"see_also\", value:\"http://pidgin.im/news/security/?id=60\");\n script_set_attribute(attribute:\"see_also\", value:\"http://pidgin.im/news/security/?id=61\");\n script_set_attribute(attribute:\"see_also\", value:\"https://developer.pidgin.im/ticket/14884\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Pidgin 2.10.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/07/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:pidgin:pidgin\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"pidgin_installed.nasl\");\n script_require_keys(\"SMB/Pidgin/Version\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\npath = get_kb_item_or_exit(\"SMB/Pidgin/Path\");\nversion = get_kb_item_or_exit(\"SMB/Pidgin/Version\");\nfixed_version = '2.10.2';\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n port = get_kb_item(\"SMB/transport\");\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n}\nelse exit(0, \"The Pidgin \" + version + \" install under '+path+' is not affected.\");\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:18:41", "bulletinFamily": "scanner", "description": "Changes in pidgin :\n\n - Fixing bnc#752275, CVE-2012-1178: Pidgin fails to verify\n the text's utf-8 encoding", "modified": "2018-11-10T00:00:00", "published": "2014-06-13T00:00:00", "id": "OPENSUSE-2012-432.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=74688", "title": "openSUSE Security Update : pidgin (openSUSE-SU-2012:0905-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-432.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74688);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/11/10 11:50:00\");\n\n script_cve_id(\"CVE-2012-1178\");\n\n script_name(english:\"openSUSE Security Update : pidgin (openSUSE-SU-2012:0905-1)\");\n script_summary(english:\"Check for the openSUSE-2012-432 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Changes in pidgin :\n\n - Fixing bnc#752275, CVE-2012-1178: Pidgin fails to verify\n the text's utf-8 encoding\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=752275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-07/msg00041.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pidgin packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:finch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:finch-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:finch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple-meanwhile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple-meanwhile-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpurple-tcl-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pidgin-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pidgin-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pidgin-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pidgin-evolution\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pidgin-evolution-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4|SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4 / 12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"finch-2.7.10-4.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"finch-debuginfo-2.7.10-4.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"finch-devel-2.7.10-4.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libpurple-2.7.10-4.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libpurple-debuginfo-2.7.10-4.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libpurple-devel-2.7.10-4.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libpurple-lang-2.7.10-4.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libpurple-meanwhile-2.7.10-4.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libpurple-meanwhile-debuginfo-2.7.10-4.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libpurple-tcl-2.7.10-4.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libpurple-tcl-debuginfo-2.7.10-4.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"pidgin-2.7.10-4.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"pidgin-debuginfo-2.7.10-4.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"pidgin-debugsource-2.7.10-4.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"pidgin-devel-2.7.10-4.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"pidgin-evolution-2.7.10-4.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"pidgin-evolution-debuginfo-2.7.10-4.50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"finch-2.10.1-8.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"finch-debuginfo-2.10.1-8.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"finch-devel-2.10.1-8.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libpurple-2.10.1-8.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libpurple-branding-upstream-2.10.1-8.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libpurple-debuginfo-2.10.1-8.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libpurple-devel-2.10.1-8.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libpurple-lang-2.10.1-8.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libpurple-meanwhile-2.10.1-8.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libpurple-meanwhile-debuginfo-2.10.1-8.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libpurple-tcl-2.10.1-8.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libpurple-tcl-debuginfo-2.10.1-8.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"pidgin-2.10.1-8.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"pidgin-debuginfo-2.10.1-8.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"pidgin-debugsource-2.10.1-8.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"pidgin-devel-2.10.1-8.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"pidgin-evolution-2.10.1-8.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"pidgin-evolution-debuginfo-2.10.1-8.15.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"finch / finch-debuginfo / finch-devel / libpurple / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:13:35", "bulletinFamily": "scanner", "description": "US-CERT reports :\n\nThe msn_oim_report_to_user function in oim.c in the MSN protocol\nplugin in libpurple in Pidgin before 2.10.2 allows remote servers to\ncause a denial of service (application crash) via an OIM message that\nlacks UTF-8 encoding.", "modified": "2018-11-10T00:00:00", "published": "2012-04-02T00:00:00", "id": "FREEBSD_PKG_7289214F7C5511E1AB3B000BCDF0A03B.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=58556", "title": "FreeBSD : libpurple -- Remote DoS via an MSN OIM message that lacks UTF-8 encoding (7289214f-7c55-11e1-ab3b-000bcdf0a03b)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58556);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/11/10 11:49:43\");\n\n script_cve_id(\"CVE-2012-1178\");\n\n script_name(english:\"FreeBSD : libpurple -- Remote DoS via an MSN OIM message that lacks UTF-8 encoding (7289214f-7c55-11e1-ab3b-000bcdf0a03b)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"US-CERT reports :\n\nThe msn_oim_report_to_user function in oim.c in the MSN protocol\nplugin in libpurple in Pidgin before 2.10.2 allows remote servers to\ncause a denial of service (application crash) via an OIM message that\nlacks UTF-8 encoding.\"\n );\n # https://vuxml.freebsd.org/freebsd/7289214f-7c55-11e1-ab3b-000bcdf0a03b.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8141149b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libpurple\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/03/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"libpurple<2.10.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:14:02", "bulletinFamily": "scanner", "description": "Evgeny Boger discovered that Pidgin incorrectly handled buddy list\nmessages in the AIM and ICQ protocol handlers. A remote attacker could\nsend a specially crafted message and cause Pidgin to crash, leading to\na denial of service. This issue only affected Ubuntu 10.04 LTS, 11.04\nand 11.10. (CVE-2011-4601)\n\nThijs Alkemade discovered that Pidgin incorrectly handled malformed\nvoice and video chat requests in the XMPP protocol handler. A remote\nattacker could send a specially crafted message and cause Pidgin to\ncrash, leading to a denial of service. This issue only affected Ubuntu\n10.04 LTS, 11.04 and 11.10. (CVE-2011-4602)\n\nDiego Bauche Madero discovered that Pidgin incorrectly handled UTF-8\nsequences in the SILC protocol handler. A remote attacker could send a\nspecially crafted message and cause Pidgin to crash, leading to a\ndenial of service. This issue only affected Ubuntu 10.04 LTS, 11.04\nand 11.10. (CVE-2011-4603)\n\nJulia Lawall discovered that Pidgin incorrectly cleared memory\ncontents used in cryptographic operations. An attacker could exploit\nthis to read the memory contents, leading to an information\ndisclosure. This issue only affected Ubuntu 10.04 LTS. (CVE-2011-4922)\n\nClemens Huebner and Kevin Stange discovered that Pidgin incorrectly\nhandled nickname changes inside chat rooms in the XMPP protocol\nhandler. A remote attacker could exploit this by changing nicknames,\nleading to a denial of service. This issue only affected Ubuntu 11.10.\n(CVE-2011-4939)\n\nThijs Alkemade discovered that Pidgin incorrectly handled off-line\ninstant messages in the MSN protocol handler. A remote attacker could\nsend a specially crafted message and cause Pidgin to crash, leading to\na denial of service. This issue only affected Ubuntu 10.04 LTS, 11.04\nand 11.10. (CVE-2012-1178)\n\nJose Valentin Gutierrez discovered that Pidgin incorrectly handled\nSOCKS5 proxy connections during file transfer requests in the XMPP\nprotocol handler. A remote attacker could send a specially crafted\nrequest and cause Pidgin to crash, leading to a denial of service.\nThis issue only affected Ubuntu 12.04 LTS and 11.10. (CVE-2012-2214)\n\nFabian Yamaguchi discovered that Pidgin incorrectly handled malformed\nmessages in the MSN protocol handler. A remote attacker could send a\nspecially crafted message and cause Pidgin to crash, leading to a\ndenial of service. (CVE-2012-2318)\n\nUlf Harnhammar discovered that Pidgin incorrectly handled messages\nwith in-line images in the MXit protocol handler. A remote attacker\ncould send a specially crafted message and possibly execute arbitrary\ncode with user privileges. (CVE-2012-3374).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-12-01T00:00:00", "published": "2012-07-10T00:00:00", "id": "UBUNTU_USN-1500-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=59903", "title": "Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : pidgin vulnerabilities (USN-1500-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1500-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59903);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/12/01 13:19:07\");\n\n script_cve_id(\"CVE-2011-4601\", \"CVE-2011-4602\", \"CVE-2011-4603\", \"CVE-2011-4922\", \"CVE-2011-4939\", \"CVE-2012-1178\", \"CVE-2012-2214\", \"CVE-2012-2318\", \"CVE-2012-3374\");\n script_bugtraq_id(46307, 51010, 51070, 51074, 52475, 52476, 53400, 53706, 54322);\n script_xref(name:\"USN\", value:\"1500-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : pidgin vulnerabilities (USN-1500-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Evgeny Boger discovered that Pidgin incorrectly handled buddy list\nmessages in the AIM and ICQ protocol handlers. A remote attacker could\nsend a specially crafted message and cause Pidgin to crash, leading to\na denial of service. This issue only affected Ubuntu 10.04 LTS, 11.04\nand 11.10. (CVE-2011-4601)\n\nThijs Alkemade discovered that Pidgin incorrectly handled malformed\nvoice and video chat requests in the XMPP protocol handler. A remote\nattacker could send a specially crafted message and cause Pidgin to\ncrash, leading to a denial of service. This issue only affected Ubuntu\n10.04 LTS, 11.04 and 11.10. (CVE-2011-4602)\n\nDiego Bauche Madero discovered that Pidgin incorrectly handled UTF-8\nsequences in the SILC protocol handler. A remote attacker could send a\nspecially crafted message and cause Pidgin to crash, leading to a\ndenial of service. This issue only affected Ubuntu 10.04 LTS, 11.04\nand 11.10. (CVE-2011-4603)\n\nJulia Lawall discovered that Pidgin incorrectly cleared memory\ncontents used in cryptographic operations. An attacker could exploit\nthis to read the memory contents, leading to an information\ndisclosure. This issue only affected Ubuntu 10.04 LTS. (CVE-2011-4922)\n\nClemens Huebner and Kevin Stange discovered that Pidgin incorrectly\nhandled nickname changes inside chat rooms in the XMPP protocol\nhandler. A remote attacker could exploit this by changing nicknames,\nleading to a denial of service. This issue only affected Ubuntu 11.10.\n(CVE-2011-4939)\n\nThijs Alkemade discovered that Pidgin incorrectly handled off-line\ninstant messages in the MSN protocol handler. A remote attacker could\nsend a specially crafted message and cause Pidgin to crash, leading to\na denial of service. This issue only affected Ubuntu 10.04 LTS, 11.04\nand 11.10. (CVE-2012-1178)\n\nJose Valentin Gutierrez discovered that Pidgin incorrectly handled\nSOCKS5 proxy connections during file transfer requests in the XMPP\nprotocol handler. A remote attacker could send a specially crafted\nrequest and cause Pidgin to crash, leading to a denial of service.\nThis issue only affected Ubuntu 12.04 LTS and 11.10. (CVE-2012-2214)\n\nFabian Yamaguchi discovered that Pidgin incorrectly handled malformed\nmessages in the MSN protocol handler. A remote attacker could send a\nspecially crafted message and cause Pidgin to crash, leading to a\ndenial of service. (CVE-2012-2318)\n\nUlf Harnhammar discovered that Pidgin incorrectly handled messages\nwith in-line images in the MXit protocol handler. A remote attacker\ncould send a specially crafted message and possibly execute arbitrary\ncode with user privileges. (CVE-2012-3374).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1500-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected finch, libpurple0 and / or pidgin packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:finch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpurple0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(10\\.04|11\\.04|11\\.10|12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 11.04 / 11.10 / 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"finch\", pkgver:\"1:2.6.6-1ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libpurple0\", pkgver:\"1:2.6.6-1ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"pidgin\", pkgver:\"1:2.6.6-1ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"finch\", pkgver:\"1:2.7.11-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libpurple0\", pkgver:\"1:2.7.11-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"pidgin\", pkgver:\"1:2.7.11-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"finch\", pkgver:\"1:2.10.0-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libpurple0\", pkgver:\"1:2.10.0-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"pidgin\", pkgver:\"1:2.10.0-0ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"finch\", pkgver:\"1:2.10.3-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libpurple0\", pkgver:\"1:2.10.3-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"pidgin\", pkgver:\"1:2.10.3-0ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"finch / libpurple0 / pidgin\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:14:00", "bulletinFamily": "scanner", "description": "Various remote triggerable crashes in pidgin have been fixed :\n\n - In some situations the MSN server sends text that isn't\n UTF-8 encoded, and Pidgin fails to verify the text's\n encoding. In some cases this can lead to a crash when\n attempting to display the text (). (CVE-2012-1178)\n\n - Incoming messages with certain characters or character\n encodings can cause clients to crash. (CVE-2012-1178 /\n CVE-2012-2318)\n\n - A series of specially crafted file transfer requests can\n cause clients to reference invalid memory. The user must\n have accepted one of the file transfer requests.\n (CVE-2012-2214)", "modified": "2012-06-25T00:00:00", "published": "2012-06-25T00:00:00", "id": "SUSE_FINCH-8131.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=59682", "title": "SuSE 10 Security Update : finch, libpurple, and pidgin (ZYPP Patch Number 8131)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59682);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2012/06/25 10:34:51 $\");\n\n script_cve_id(\"CVE-2012-1178\", \"CVE-2012-2214\", \"CVE-2012-2318\");\n\n script_name(english:\"SuSE 10 Security Update : finch, libpurple, and pidgin (ZYPP Patch Number 8131)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Various remote triggerable crashes in pidgin have been fixed :\n\n - In some situations the MSN server sends text that isn't\n UTF-8 encoded, and Pidgin fails to verify the text's\n encoding. In some cases this can lead to a crash when\n attempting to display the text (). (CVE-2012-1178)\n\n - Incoming messages with certain characters or character\n encodings can cause clients to crash. (CVE-2012-1178 /\n CVE-2012-2318)\n\n - A series of specially crafted file transfer requests can\n cause clients to reference invalid memory. The user must\n have accepted one of the file transfer requests.\n (CVE-2012-2214)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1178.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-2214.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-2318.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 8131.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"finch-2.6.6-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libpurple-2.6.6-0.16.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"pidgin-2.6.6-0.16.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:14:05", "bulletinFamily": "scanner", "description": "Updated pidgin packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nA flaw was found in the way the Pidgin MSN protocol plug-in processed\ntext that was not encoded in UTF-8. A remote attacker could use this\nflaw to crash Pidgin by sending a specially crafted MSN message.\n(CVE-2012-1178)\n\nAn input validation flaw was found in the way the Pidgin MSN protocol\nplug-in handled MSN notification messages. A malicious server or a\nremote attacker could use this flaw to crash Pidgin by sending a\nspecially crafted MSN notification message. (CVE-2012-2318)\n\nA buffer overflow flaw was found in the Pidgin MXit protocol plug-in.\nA remote attacker could use this flaw to crash Pidgin by sending a\nMXit message containing specially crafted emoticon tags.\n(CVE-2012-3374)\n\nRed Hat would like to thank the Pidgin project for reporting the\nCVE-2012-3374 issue. Upstream acknowledges Ulf Harnhammar as the\noriginal reporter of CVE-2012-3374.\n\nAll Pidgin users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Pidgin must be\nrestarted for this update to take effect.", "modified": "2018-11-10T00:00:00", "published": "2012-07-20T00:00:00", "id": "CENTOS_RHSA-2012-1102.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60067", "title": "CentOS 5 / 6 : pidgin (CESA-2012:1102)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1102 and \n# CentOS Errata and Security Advisory 2012:1102 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60067);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/10 11:49:30\");\n\n script_cve_id(\"CVE-2012-1178\", \"CVE-2012-2318\", \"CVE-2012-3374\");\n script_bugtraq_id(52475, 53400, 54322);\n script_xref(name:\"RHSA\", value:\"2012:1102\");\n\n script_name(english:\"CentOS 5 / 6 : pidgin (CESA-2012:1102)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated pidgin packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nA flaw was found in the way the Pidgin MSN protocol plug-in processed\ntext that was not encoded in UTF-8. A remote attacker could use this\nflaw to crash Pidgin by sending a specially crafted MSN message.\n(CVE-2012-1178)\n\nAn input validation flaw was found in the way the Pidgin MSN protocol\nplug-in handled MSN notification messages. A malicious server or a\nremote attacker could use this flaw to crash Pidgin by sending a\nspecially crafted MSN notification message. (CVE-2012-2318)\n\nA buffer overflow flaw was found in the Pidgin MXit protocol plug-in.\nA remote attacker could use this flaw to crash Pidgin by sending a\nMXit message containing specially crafted emoticon tags.\n(CVE-2012-3374)\n\nRed Hat would like to thank the Pidgin project for reporting the\nCVE-2012-3374 issue. Upstream acknowledges Ulf Harnhammar as the\noriginal reporter of CVE-2012-3374.\n\nAll Pidgin users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Pidgin must be\nrestarted for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-July/018756.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7ae4d08e\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-July/018757.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b7a5e015\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pidgin packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:finch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:finch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpurple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpurple-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpurple-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libpurple-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pidgin-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pidgin-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pidgin-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"finch-2.6.6-11.el5.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"finch-devel-2.6.6-11.el5.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libpurple-2.6.6-11.el5.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libpurple-devel-2.6.6-11.el5.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libpurple-perl-2.6.6-11.el5.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"libpurple-tcl-2.6.6-11.el5.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"pidgin-2.6.6-11.el5.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"pidgin-devel-2.6.6-11.el5.4\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"pidgin-perl-2.6.6-11.el5.4\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"finch-2.7.9-5.el6.2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"finch-devel-2.7.9-5.el6.2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libpurple-2.7.9-5.el6.2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libpurple-devel-2.7.9-5.el6.2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libpurple-perl-2.7.9-5.el6.2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libpurple-tcl-2.7.9-5.el6.2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"pidgin-2.7.9-5.el6.2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"pidgin-devel-2.7.9-5.el6.2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"pidgin-docs-2.7.9-5.el6.2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"pidgin-perl-2.7.9-5.el6.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:14:32", "bulletinFamily": "scanner", "description": "Pidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nA flaw was found in the way the Pidgin MSN protocol plug-in processed\ntext that was not encoded in UTF-8. A remote attacker could use this\nflaw to crash Pidgin by sending a specially crafted MSN message.\n(CVE-2012-1178)\n\nAn input validation flaw was found in the way the Pidgin MSN protocol\nplug-in handled MSN notification messages. A malicious server or a\nremote attacker could use this flaw to crash Pidgin by sending a\nspecially crafted MSN notification message. (CVE-2012-2318)\n\nA buffer overflow flaw was found in the Pidgin MXit protocol plug-in.\nA remote attacker could use this flaw to crash Pidgin by sending a\nMXit message containing specially crafted emoticon tags.\n(CVE-2012-3374)\n\nAll Pidgin users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Pidgin must be\nrestarted for this update to take effect.", "modified": "2018-12-31T00:00:00", "published": "2012-08-01T00:00:00", "id": "SL_20120719_PIDGIN_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=61370", "title": "Scientific Linux Security Update : pidgin on SL5.x, SL6.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61370);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/12/31 11:35:01\");\n\n script_cve_id(\"CVE-2012-1178\", \"CVE-2012-2318\", \"CVE-2012-3374\");\n\n script_name(english:\"Scientific Linux Security Update : pidgin on SL5.x, SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Pidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nA flaw was found in the way the Pidgin MSN protocol plug-in processed\ntext that was not encoded in UTF-8. A remote attacker could use this\nflaw to crash Pidgin by sending a specially crafted MSN message.\n(CVE-2012-1178)\n\nAn input validation flaw was found in the way the Pidgin MSN protocol\nplug-in handled MSN notification messages. A malicious server or a\nremote attacker could use this flaw to crash Pidgin by sending a\nspecially crafted MSN notification message. (CVE-2012-2318)\n\nA buffer overflow flaw was found in the Pidgin MXit protocol plug-in.\nA remote attacker could use this flaw to crash Pidgin by sending a\nMXit message containing specially crafted emoticon tags.\n(CVE-2012-3374)\n\nAll Pidgin users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Pidgin must be\nrestarted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1207&L=scientific-linux-errata&T=0&P=5724\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b520df42\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"finch-2.6.6-11.el5.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"finch-devel-2.6.6-11.el5.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libpurple-2.6.6-11.el5.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libpurple-devel-2.6.6-11.el5.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libpurple-perl-2.6.6-11.el5.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libpurple-tcl-2.6.6-11.el5.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"pidgin-2.6.6-11.el5.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"pidgin-debuginfo-2.6.6-11.el5.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"pidgin-devel-2.6.6-11.el5.4\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"pidgin-perl-2.6.6-11.el5.4\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"finch-2.7.9-5.el6.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"finch-devel-2.7.9-5.el6.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libpurple-2.7.9-5.el6.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libpurple-devel-2.7.9-5.el6.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libpurple-perl-2.7.9-5.el6.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libpurple-tcl-2.7.9-5.el6.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"pidgin-2.7.9-5.el6.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"pidgin-debuginfo-2.7.9-5.el6.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"pidgin-devel-2.7.9-5.el6.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"pidgin-docs-2.7.9-5.el6.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"pidgin-perl-2.7.9-5.el6.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:16:49", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2012:1102 :\n\nUpdated pidgin packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nA flaw was found in the way the Pidgin MSN protocol plug-in processed\ntext that was not encoded in UTF-8. A remote attacker could use this\nflaw to crash Pidgin by sending a specially crafted MSN message.\n(CVE-2012-1178)\n\nAn input validation flaw was found in the way the Pidgin MSN protocol\nplug-in handled MSN notification messages. A malicious server or a\nremote attacker could use this flaw to crash Pidgin by sending a\nspecially crafted MSN notification message. (CVE-2012-2318)\n\nA buffer overflow flaw was found in the Pidgin MXit protocol plug-in.\nA remote attacker could use this flaw to crash Pidgin by sending a\nMXit message containing specially crafted emoticon tags.\n(CVE-2012-3374)\n\nRed Hat would like to thank the Pidgin project for reporting the\nCVE-2012-3374 issue. Upstream acknowledges Ulf Harnhammar as the\noriginal reporter of CVE-2012-3374.\n\nAll Pidgin users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Pidgin must be\nrestarted for this update to take effect.", "modified": "2018-07-18T00:00:00", "published": "2013-07-12T00:00:00", "id": "ORACLELINUX_ELSA-2012-1102.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68584", "title": "Oracle Linux 6 : pidgin (ELSA-2012-1102)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:1102 and \n# Oracle Linux Security Advisory ELSA-2012-1102 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68584);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/18 17:43:57\");\n\n script_cve_id(\"CVE-2012-1178\", \"CVE-2012-2318\", \"CVE-2012-3374\");\n script_bugtraq_id(48425, 51010, 51070, 52475, 53400, 54322);\n script_xref(name:\"RHSA\", value:\"2012:1102\");\n\n script_name(english:\"Oracle Linux 6 : pidgin (ELSA-2012-1102)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:1102 :\n\nUpdated pidgin packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nA flaw was found in the way the Pidgin MSN protocol plug-in processed\ntext that was not encoded in UTF-8. A remote attacker could use this\nflaw to crash Pidgin by sending a specially crafted MSN message.\n(CVE-2012-1178)\n\nAn input validation flaw was found in the way the Pidgin MSN protocol\nplug-in handled MSN notification messages. A malicious server or a\nremote attacker could use this flaw to crash Pidgin by sending a\nspecially crafted MSN notification message. (CVE-2012-2318)\n\nA buffer overflow flaw was found in the Pidgin MXit protocol plug-in.\nA remote attacker could use this flaw to crash Pidgin by sending a\nMXit message containing specially crafted emoticon tags.\n(CVE-2012-3374)\n\nRed Hat would like to thank the Pidgin project for reporting the\nCVE-2012-3374 issue. Upstream acknowledges Ulf Harnhammar as the\noriginal reporter of CVE-2012-3374.\n\nAll Pidgin users should upgrade to these updated packages, which\ncontain backported patches to resolve these issues. Pidgin must be\nrestarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-July/002949.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pidgin packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:finch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:finch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libpurple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libpurple-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libpurple-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libpurple-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pidgin-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pidgin-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pidgin-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"finch-2.7.9-5.el6.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"finch-devel-2.7.9-5.el6.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libpurple-2.7.9-5.el6.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libpurple-devel-2.7.9-5.el6.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libpurple-perl-2.7.9-5.el6.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libpurple-tcl-2.7.9-5.el6.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"pidgin-2.7.9-5.el6.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"pidgin-devel-2.7.9-5.el6.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"pidgin-docs-2.7.9-5.el6.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"pidgin-perl-2.7.9-5.el6.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"finch / finch-devel / libpurple / libpurple-devel / libpurple-perl / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:15:30", "bulletinFamily": "scanner", "description": "Various remote triggerable crashes in pidgin have been fixed :\n\n - In some situations the MSN server sends text that isn't\n UTF-8 encoded, and Pidgin fails to verify the text's\n encoding. In some cases this can lead to a crash when\n attempting to display the text (). (CVE-2012-1178)\n\n - Incoming messages with certain characters or character\n encodings can cause clients to crash. (CVE-2012-1178 /\n CVE-2012-2318)\n\n - A series of specially crafted file transfer requests can\n cause clients to reference invalid memory. The user must\n have accepted one of the file transfer requests.\n (CVE-2012-2214)", "modified": "2013-10-25T00:00:00", "published": "2013-01-25T00:00:00", "id": "SUSE_11_FINCH-120515.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=64128", "title": "SuSE 11.1 Security Update : finch, libpurple and pidgin (SAT Patch Number 6294)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64128);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2013/10/25 23:41:53 $\");\n\n script_cve_id(\"CVE-2012-1178\", \"CVE-2012-2214\", \"CVE-2012-2318\");\n\n script_name(english:\"SuSE 11.1 Security Update : finch, libpurple and pidgin (SAT Patch Number 6294)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Various remote triggerable crashes in pidgin have been fixed :\n\n - In some situations the MSN server sends text that isn't\n UTF-8 encoded, and Pidgin fails to verify the text's\n encoding. In some cases this can lead to a crash when\n attempting to display the text (). (CVE-2012-1178)\n\n - Incoming messages with certain characters or character\n encodings can cause clients to crash. (CVE-2012-1178 /\n CVE-2012-2318)\n\n - A series of specially crafted file transfer requests can\n cause clients to reference invalid memory. The user must\n have accepted one of the file transfer requests.\n (CVE-2012-2214)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=752275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=760890\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=761155\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1178.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-2214.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-2318.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 6294.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:finch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libpurple\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libpurple-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libpurple-meanwhile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libpurple-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:pidgin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"finch-2.6.6-0.15.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libpurple-2.6.6-0.15.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libpurple-lang-2.6.6-0.15.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libpurple-meanwhile-2.6.6-0.15.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libpurple-tcl-2.6.6-0.15.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"pidgin-2.6.6-0.15.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-02T21:10:56", "bulletinFamily": "scanner", "description": "This host is installed with Pidgin and is prone to multiple\n denial of service vulnerabilities.", "modified": "2017-04-12T00:00:00", "published": "2012-03-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=802713", "id": "OPENVAS:802713", "title": "Pidgin Multiple Denial of Service Vulnerabilities (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_pidgin_mult_dos_vuln_win.nasl 5940 2017-04-12 09:02:05Z teissa $\n#\n# Pidgin Multiple Denial of Service Vulnerabilities (Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow attacker to crash the affected\n application, denying service to legitimate users.\n Impact Level: Application\";\ntag_affected = \"Pidgin version prior to 2.10.2 on Windows\";\ntag_insight = \"The flaws are due to\n - A NULL pointer dereference error within the 'get_iter_from_chatbuddy()'\n function when handling nickname changes in XMPP chat rooms.\n - An error within the 'msn_oim_report_to_user()' function when handling\n UTF-8 encoded message.\";\ntag_solution = \"Upgrade to Pidgin version 2.10.2 or later,\n For updates refer to http://pidgin.im/download\";\ntag_summary = \"This host is installed with Pidgin and is prone to multiple\n denial of service vulnerabilities.\";\n\nif(description)\n{\n script_id(802713);\n script_version(\"$Revision: 5940 $\");\n script_cve_id(\"CVE-2012-1178\", \"CVE-2011-4939\");\n script_bugtraq_id(52475, 52476);\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-12 11:02:05 +0200 (Wed, 12 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-19 17:45:29 +0530 (Mon, 19 Mar 2012)\");\n script_name(\"Pidgin Multiple Denial of Service Vulnerabilities (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/48303/\");\n script_xref(name : \"URL\" , value : \"http://pidgin.im/news/security/?id=61\");\n script_xref(name : \"URL\" , value : \"http://pidgin.im/news/security/?id=60\");\n script_xref(name : \"URL\" , value : \"http://developer.pidgin.im/ticket/14392\");\n script_xref(name : \"URL\" , value : \"http://developer.pidgin.im/ticket/14884\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"secpod_pidgin_detect_win.nasl\");\n script_require_keys(\"Pidgin/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Variable Initialization\npidginVer = \"\";\n\npidginVer = get_kb_item(\"Pidgin/Win/Ver\");\nif(pidginVer != NULL)\n{\n if(version_is_less(version:pidginVer, test_version:\"2.10.2\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:58:23", "bulletinFamily": "scanner", "description": "Check for the Version of pidgin", "modified": "2017-12-29T00:00:00", "published": "2012-08-03T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=831594", "id": "OPENVAS:831594", "title": "Mandriva Update for pidgin MDVSA-2012:029 (pidgin)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for pidgin MDVSA-2012:029 (pidgin)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been discovered and corrected in pidgin:\n\n The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin\n before 2.10.2 allows remote attackers to cause a denial of service\n (NULL pointer dereference and application crash) by changing a nickname\n while in an XMPP chat room (CVE-2011-4939).\n\n The msn_oim_report_to_user function in oim.c in the MSN protocol\n plugin in libpurple in Pidgin before 2.10.2 allows remote servers to\n cause a denial of service (application crash) via an OIM message that\n lacks UTF-8 encoding (CVE-2012-1178).\n\n This update provides pidgin 2.10.2, which is not vulnerable to\n these issues.\";\n\ntag_affected = \"pidgin on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:029\");\n script_id(831594);\n script_version(\"$Revision: 8257 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 09:52:35 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2011-4939\", \"CVE-2012-1178\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2012:029\");\n script_name(\"Mandriva Update for pidgin MDVSA-2012:029 (pidgin)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of pidgin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.10.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfinch0\", rpm:\"libfinch0~2.10.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple0\", rpm:\"libpurple0~2.10.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.10.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.10.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-bonjour\", rpm:\"pidgin-bonjour~2.10.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-client\", rpm:\"pidgin-client~2.10.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-gevolution\", rpm:\"pidgin-gevolution~2.10.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-i18n\", rpm:\"pidgin-i18n~2.10.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-meanwhile\", rpm:\"pidgin-meanwhile~2.10.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.10.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-plugins\", rpm:\"pidgin-plugins~2.10.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-silc\", rpm:\"pidgin-silc~2.10.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-tcl\", rpm:\"pidgin-tcl~2.10.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64finch0\", rpm:\"lib64finch0~2.10.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64purple0\", rpm:\"lib64purple0~2.10.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64purple-devel\", rpm:\"lib64purple-devel~2.10.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.10.2~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfinch0\", rpm:\"libfinch0~2.10.2~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple0\", rpm:\"libpurple0~2.10.2~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.10.2~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.10.2~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-bonjour\", rpm:\"pidgin-bonjour~2.10.2~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-client\", rpm:\"pidgin-client~2.10.2~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-gevolution\", rpm:\"pidgin-gevolution~2.10.2~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-i18n\", rpm:\"pidgin-i18n~2.10.2~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-meanwhile\", rpm:\"pidgin-meanwhile~2.10.2~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.10.2~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-plugins\", rpm:\"pidgin-plugins~2.10.2~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-silc\", rpm:\"pidgin-silc~2.10.2~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-tcl\", rpm:\"pidgin-tcl~2.10.2~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64finch0\", rpm:\"lib64finch0~2.10.2~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64purple0\", rpm:\"lib64purple0~2.10.2~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64purple-devel\", rpm:\"lib64purple-devel~2.10.2~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-22T16:43:43", "bulletinFamily": "scanner", "description": "This host is installed with Pidgin and is prone to multiple\n denial of service vulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2012-03-19T00:00:00", "id": "OPENVAS:1361412562310802713", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802713", "title": "Pidgin Multiple Denial of Service Vulnerabilities (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_pidgin_mult_dos_vuln_win.nasl 11857 2018-10-12 08:25:16Z cfischer $\n#\n# Pidgin Multiple Denial of Service Vulnerabilities (Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802713\");\n script_version(\"$Revision: 11857 $\");\n script_cve_id(\"CVE-2012-1178\", \"CVE-2011-4939\");\n script_bugtraq_id(52475, 52476);\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:25:16 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-19 17:45:29 +0530 (Mon, 19 Mar 2012)\");\n script_name(\"Pidgin Multiple Denial of Service Vulnerabilities (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/48303/\");\n script_xref(name:\"URL\", value:\"http://pidgin.im/news/security/?id=61\");\n script_xref(name:\"URL\", value:\"http://pidgin.im/news/security/?id=60\");\n script_xref(name:\"URL\", value:\"http://developer.pidgin.im/ticket/14392\");\n script_xref(name:\"URL\", value:\"http://developer.pidgin.im/ticket/14884\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"secpod_pidgin_detect_win.nasl\");\n script_mandatory_keys(\"Pidgin/Win/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker to crash the affected\n application, denying service to legitimate users.\");\n script_tag(name:\"affected\", value:\"Pidgin version prior to 2.10.2 on Windows\");\n script_tag(name:\"insight\", value:\"The flaws are due to\n\n - A NULL pointer dereference error within the 'get_iter_from_chatbuddy()'\n function when handling nickname changes in XMPP chat rooms.\n\n - An error within the 'msn_oim_report_to_user()' function when handling\n UTF-8 encoded message.\");\n script_tag(name:\"solution\", value:\"Upgrade to Pidgin version 2.10.2 or later.\");\n script_tag(name:\"summary\", value:\"This host is installed with Pidgin and is prone to multiple\n denial of service vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://pidgin.im/download\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\npidginVer = get_kb_item(\"Pidgin/Win/Ver\");\nif(pidginVer != NULL)\n{\n if(version_is_less(version:pidginVer, test_version:\"2.10.2\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-19T13:06:10", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2012-08-03T00:00:00", "id": "OPENVAS:1361412562310831594", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831594", "title": "Mandriva Update for pidgin MDVSA-2012:029 (pidgin)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for pidgin MDVSA-2012:029 (pidgin)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:029\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831594\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 09:52:35 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2011-4939\", \"CVE-2012-1178\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_xref(name:\"MDVSA\", value:\"2012:029\");\n script_name(\"Mandriva Update for pidgin MDVSA-2012:029 (pidgin)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'pidgin'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(2011\\.0|mes5\\.2)\");\n script_tag(name:\"affected\", value:\"pidgin on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities has been discovered and corrected in pidgin:\n\n The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin\n before 2.10.2 allows remote attackers to cause a denial of service\n (NULL pointer dereference and application crash) by changing a nickname\n while in an XMPP chat room (CVE-2011-4939).\n\n The msn_oim_report_to_user function in oim.c in the MSN protocol\n plugin in libpurple in Pidgin before 2.10.2 allows remote servers to\n cause a denial of service (application crash) via an OIM message that\n lacks UTF-8 encoding (CVE-2012-1178).\n\n This update provides pidgin 2.10.2, which is not vulnerable to\n these issues.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.10.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfinch0\", rpm:\"libfinch0~2.10.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple0\", rpm:\"libpurple0~2.10.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.10.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.10.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-bonjour\", rpm:\"pidgin-bonjour~2.10.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-client\", rpm:\"pidgin-client~2.10.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-gevolution\", rpm:\"pidgin-gevolution~2.10.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-i18n\", rpm:\"pidgin-i18n~2.10.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-meanwhile\", rpm:\"pidgin-meanwhile~2.10.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.10.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-plugins\", rpm:\"pidgin-plugins~2.10.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-silc\", rpm:\"pidgin-silc~2.10.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-tcl\", rpm:\"pidgin-tcl~2.10.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64finch0\", rpm:\"lib64finch0~2.10.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64purple0\", rpm:\"lib64purple0~2.10.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64purple-devel\", rpm:\"lib64purple-devel~2.10.2~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.10.2~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfinch0\", rpm:\"libfinch0~2.10.2~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple0\", rpm:\"libpurple0~2.10.2~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.10.2~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.10.2~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-bonjour\", rpm:\"pidgin-bonjour~2.10.2~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-client\", rpm:\"pidgin-client~2.10.2~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-gevolution\", rpm:\"pidgin-gevolution~2.10.2~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-i18n\", rpm:\"pidgin-i18n~2.10.2~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-meanwhile\", rpm:\"pidgin-meanwhile~2.10.2~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.10.2~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-plugins\", rpm:\"pidgin-plugins~2.10.2~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-silc\", rpm:\"pidgin-silc~2.10.2~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-tcl\", rpm:\"pidgin-tcl~2.10.2~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64finch0\", rpm:\"lib64finch0~2.10.2~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64purple0\", rpm:\"lib64purple0~2.10.2~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64purple-devel\", rpm:\"lib64purple-devel~2.10.2~0.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:30", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2017-04-13T00:00:00", "published": "2012-04-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=71286", "id": "OPENVAS:71286", "title": "FreeBSD Ports: libpurple", "type": "openvas", "sourceData": "#\n#VID 7289214f-7c55-11e1-ab3b-000bcdf0a03b\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 7289214f-7c55-11e1-ab3b-000bcdf0a03b\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: libpurple\n\nCVE-2012-1178\nThe msn_oim_report_to_user function in oim.c in the MSN protocol\nplugin in libpurple in Pidgin before 2.10.2 allows remote servers to\ncause a denial of service (application crash) via an OIM message that\nlacks UTF-8 encoding.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(71286);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2012-1178\");\n script_version(\"$Revision: 5950 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-13 11:02:06 +0200 (Thu, 13 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:59:26 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"FreeBSD Ports: libpurple\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\nvuln = 0;\ntxt = \"\";\nbver = portver(pkg:\"libpurple\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.10.2\")<0) {\n txt += \"Package libpurple version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt ));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-10-08T12:46:32", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "modified": "2018-10-05T00:00:00", "published": "2012-04-30T00:00:00", "id": "OPENVAS:136141256231071286", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071286", "title": "FreeBSD Ports: libpurple", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_libpurple.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from VID 7289214f-7c55-11e1-ab3b-000bcdf0a03b\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71286\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2012-1178\");\n script_version(\"$Revision: 11762 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:59:26 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"FreeBSD Ports: libpurple\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following package is affected: libpurple\n\nCVE-2012-1178\nThe msn_oim_report_to_user function in oim.c in the MSN protocol\nplugin in libpurple in Pidgin before 2.10.2 allows remote servers to\ncause a denial of service (application crash) via an OIM message that\nlacks UTF-8 encoding.\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"libpurple\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.10.2\")<0) {\n txt += \"Package libpurple version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:01:35", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1500-1", "modified": "2018-08-17T00:00:00", "published": "2012-07-10T00:00:00", "id": "OPENVAS:1361412562310841076", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841076", "title": "Ubuntu Update for pidgin USN-1500-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1500_1.nasl 11037 2018-08-17 11:51:16Z cfischer $\n#\n# Ubuntu Update for pidgin USN-1500-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\n\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1500-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841076\");\n script_version(\"$Revision: 11037 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-17 13:51:16 +0200 (Fri, 17 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-10 10:08:13 +0530 (Tue, 10 Jul 2012)\");\n script_cve_id(\"CVE-2011-4601\", \"CVE-2011-4602\", \"CVE-2011-4603\", \"CVE-2011-4922\",\n \"CVE-2011-4939\", \"CVE-2012-1178\", \"CVE-2012-2214\", \"CVE-2012-2318\",\n \"CVE-2012-3374\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"USN\", value:\"1500-1\");\n script_name(\"Ubuntu Update for pidgin USN-1500-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.04 LTS|12\\.04 LTS|11\\.10|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1500-1\");\n script_tag(name:\"affected\", value:\"pidgin on Ubuntu 12.04 LTS,\n Ubuntu 11.10,\n Ubuntu 11.04,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Evgeny Boger discovered that Pidgin incorrectly handled buddy list messages in\n the AIM and ICQ protocol handlers. A remote attacker could send a specially\n crafted message and cause Pidgin to crash, leading to a denial of service. This\n issue only affected Ubuntu 10.04 LTS, 11.04 and 11.10. (CVE-2011-4601)\n\n Thijs Alkemade discovered that Pidgin incorrectly handled malformed voice and\n video chat requests in the XMPP protocol handler. A remote attacker could send\n a specially crafted message and cause Pidgin to crash, leading to a denial of\n service. This issue only affected Ubuntu 10.04 LTS, 11.04 and 11.10.\n (CVE-2011-4602)\n\n Diego Bauche Madero discovered that Pidgin incorrectly handled UTF-8\n sequences in the SILC protocol handler. A remote attacker could send a\n specially crafted message and cause Pidgin to crash, leading to a denial\n of service. This issue only affected Ubuntu 10.04 LTS, 11.04 and 11.10.\n (CVE-2011-4603)\n\n Julia Lawall discovered that Pidgin incorrectly cleared memory contents used in\n cryptographic operations. An attacker could exploit this to read the memory\n contents, leading to an information disclosure. This issue only affected Ubuntu\n 10.04 LTS. (CVE-2011-4922)\n\n Clemens Huebner and Kevin Stange discovered that Pidgin incorrectly handled\n nickname changes inside chat rooms in the XMPP protocol handler. A remote\n attacker could exploit this by changing nicknames, leading to a denial of\n service. This issue only affected Ubuntu 11.10. (CVE-2011-4939)\n\n Thijs Alkemade discovered that Pidgin incorrectly handled off-line instant\n messages in the MSN protocol handler. A remote attacker could send a specially\n crafted message and cause Pidgin to crash, leading to a denial of service. This\n issue only affected Ubuntu 10.04 LTS, 11.04 and 11.10. (CVE-2012-1178)\n\n José Valentín Gutiérrez discovered that Pidgin incorrectly handled SOCKS5 proxy\n connections during file transfer requests in the XMPP protocol handler. A\n remote attacker could send a specially crafted request and cause Pidgin to\n crash, leading to a denial of service. This issue only affected Ubuntu 12.04\n LTS and 11.10. (CVE-2012-2214)\n\n Fabian Yamaguchi discovered that Pidgin incorrectly handled malformed messages\n in the MSN protocol handler. A remote attacker could send a specially crafted\n message and cause Pidgin to crash, leading to a denial of service.\n (CVE-2012-2318)\n\n Ulf Härnhammar discovered that Pidgin incorrectly handled messages with in-line\n images in the MXit protocol handler. A remote attacker could send a specially\n crafted message and possibly execute arbitrary code with user privileges.\n (CVE-2012-3374)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"finch\", ver:\"2.6.6-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpurple0\", ver:\"2.6.6-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pidgin\", ver:\"2.6.6-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"finch\", ver:\"2.10.3-0ubuntu1.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpurple0\", ver:\"2.10.3-0ubuntu1.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pidgin\", ver:\"2.10.3-0ubuntu1.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"finch\", ver:\"2.10.0-0ubuntu2.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpurple0\", ver:\"2.10.0-0ubuntu2.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pidgin\", ver:\"2.10.0-0ubuntu2.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"finch\", ver:\"2.7.11-1ubuntu2.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpurple0\", ver:\"2.7.11-1ubuntu2.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pidgin\", ver:\"2.7.11-1ubuntu2.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:19:59", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1500-1", "modified": "2017-12-01T00:00:00", "published": "2012-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=841076", "id": "OPENVAS:841076", "title": "Ubuntu Update for pidgin USN-1500-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1500_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for pidgin USN-1500-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Evgeny Boger discovered that Pidgin incorrectly handled buddy list messages in\n the AIM and ICQ protocol handlers. A remote attacker could send a specially\n crafted message and cause Pidgin to crash, leading to a denial of service. This\n issue only affected Ubuntu 10.04 LTS, 11.04 and 11.10. (CVE-2011-4601)\n\n Thijs Alkemade discovered that Pidgin incorrectly handled malformed voice and\n video chat requests in the XMPP protocol handler. A remote attacker could send\n a specially crafted message and cause Pidgin to crash, leading to a denial of\n service. This issue only affected Ubuntu 10.04 LTS, 11.04 and 11.10.\n (CVE-2011-4602)\n\n Diego Bauche Madero discovered that Pidgin incorrectly handled UTF-8\n sequences in the SILC protocol handler. A remote attacker could send a\n specially crafted message and cause Pidgin to crash, leading to a denial\n of service. This issue only affected Ubuntu 10.04 LTS, 11.04 and 11.10.\n (CVE-2011-4603)\n\n Julia Lawall discovered that Pidgin incorrectly cleared memory contents used in\n cryptographic operations. An attacker could exploit this to read the memory\n contents, leading to an information disclosure. This issue only affected Ubuntu\n 10.04 LTS. (CVE-2011-4922)\n\n Clemens Huebner and Kevin Stange discovered that Pidgin incorrectly handled\n nickname changes inside chat rooms in the XMPP protocol handler. A remote\n attacker could exploit this by changing nicknames, leading to a denial of\n service. This issue only affected Ubuntu 11.10. (CVE-2011-4939)\n\n Thijs Alkemade discovered that Pidgin incorrectly handled off-line instant\n messages in the MSN protocol handler. A remote attacker could send a specially\n crafted message and cause Pidgin to crash, leading to a denial of service. This\n issue only affected Ubuntu 10.04 LTS, 11.04 and 11.10. (CVE-2012-1178)\n\n José Valentín Gutiérrez discovered that Pidgin incorrectly handled SOCKS5 proxy\n connections during file transfer requests in the XMPP protocol handler. A\n remote attacker could send a specially crafted request and cause Pidgin to\n crash, leading to a denial of service. This issue only affected Ubuntu 12.04\n LTS and 11.10. (CVE-2012-2214)\n\n Fabian Yamaguchi discovered that Pidgin incorrectly handled malformed messages\n in the MSN protocol handler. A remote attacker could send a specially crafted\n message and cause Pidgin to crash, leading to a denial of service.\n (CVE-2012-2318)\n\n Ulf Härnhammar discovered that Pidgin incorrectly handled messages with in-line\n images in the MXit protocol handler. A remote attacker could send a specially\n crafted message and possibly execute arbitrary code with user privileges.\n (CVE-2012-3374)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1500-1\";\ntag_affected = \"pidgin on Ubuntu 12.04 LTS ,\n Ubuntu 11.10 ,\n Ubuntu 11.04 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1500-1/\");\n script_id(841076);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-10 10:08:13 +0530 (Tue, 10 Jul 2012)\");\n script_cve_id(\"CVE-2011-4601\", \"CVE-2011-4602\", \"CVE-2011-4603\", \"CVE-2011-4922\",\n \"CVE-2011-4939\", \"CVE-2012-1178\", \"CVE-2012-2214\", \"CVE-2012-2318\",\n \"CVE-2012-3374\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"1500-1\");\n script_name(\"Ubuntu Update for pidgin USN-1500-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"finch\", ver:\"2.6.6-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpurple0\", ver:\"2.6.6-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pidgin\", ver:\"2.6.6-1ubuntu4.5\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"finch\", ver:\"2.10.3-0ubuntu1.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpurple0\", ver:\"2.10.3-0ubuntu1.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pidgin\", ver:\"2.10.3-0ubuntu1.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"finch\", ver:\"2.10.0-0ubuntu2.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpurple0\", ver:\"2.10.0-0ubuntu2.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pidgin\", ver:\"2.10.0-0ubuntu2.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"finch\", ver:\"2.7.11-1ubuntu2.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libpurple0\", ver:\"2.7.11-1ubuntu2.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"pidgin\", ver:\"2.7.11-1ubuntu2.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-06T13:07:10", "bulletinFamily": "scanner", "description": "Check for the Version of pidgin", "modified": "2018-01-04T00:00:00", "published": "2012-07-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870795", "id": "OPENVAS:870795", "title": "RedHat Update for pidgin RHSA-2012:1102-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for pidgin RHSA-2012:1102-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Pidgin is an instant messaging program which can log in to multiple\n accounts on multiple instant messaging networks simultaneously.\n\n A flaw was found in the way the Pidgin MSN protocol plug-in processed text\n that was not encoded in UTF-8. A remote attacker could use this flaw to\n crash Pidgin by sending a specially-crafted MSN message. (CVE-2012-1178)\n\n An input validation flaw was found in the way the Pidgin MSN protocol\n plug-in handled MSN notification messages. A malicious server or a remote\n attacker could use this flaw to crash Pidgin by sending a specially-crafted\n MSN notification message. (CVE-2012-2318)\n\n A buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A\n remote attacker could use this flaw to crash Pidgin by sending a MXit\n message containing specially-crafted emoticon tags. (CVE-2012-3374)\n\n All Pidgin users should upgrade to these updated packages, which contain\n backported patches to resolve these issues. Pidgin must be restarted for\n this update to take effect.\";\n\ntag_affected = \"pidgin on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-July/msg00021.html\");\n script_id(870795);\n script_version(\"$Revision: 8285 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 07:29:16 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-23 10:46:39 +0530 (Mon, 23 Jul 2012)\");\n script_cve_id(\"CVE-2012-1178\", \"CVE-2012-2318\", \"CVE-2012-3374\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2012:1102-01\");\n script_name(\"RedHat Update for pidgin RHSA-2012:1102-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of pidgin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpurple\", rpm:\"libpurple~2.7.9~5.el6.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.7.9~5.el6.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-debuginfo\", rpm:\"pidgin-debuginfo~2.7.9~5.el6.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-06T13:06:42", "bulletinFamily": "scanner", "description": "Check for the Version of finch", "modified": "2018-01-05T00:00:00", "published": "2012-07-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881215", "id": "OPENVAS:881215", "title": "CentOS Update for finch CESA-2012:1102 centos5 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for finch CESA-2012:1102 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Pidgin is an instant messaging program which can log in to multiple\n accounts on multiple instant messaging networks simultaneously.\n\n A flaw was found in the way the Pidgin MSN protocol plug-in processed text\n that was not encoded in UTF-8. A remote attacker could use this flaw to\n crash Pidgin by sending a specially-crafted MSN message. (CVE-2012-1178)\n \n An input validation flaw was found in the way the Pidgin MSN protocol\n plug-in handled MSN notification messages. A malicious server or a remote\n attacker could use this flaw to crash Pidgin by sending a specially-crafted\n MSN notification message. (CVE-2012-2318)\n \n A buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A\n remote attacker could use this flaw to crash Pidgin by sending a MXit\n message containing specially-crafted emoticon tags. (CVE-2012-3374)\n \n Red Hat would like to thank the Pidgin project for reporting the\n CVE-2012-3374 issue. Upstream acknowledges Ulf H\u00e4rnhammar as the original\n reporter of CVE-2012-3374.\n \n All Pidgin users should upgrade to these updated packages, which contain\n backported patches to resolve these issues. Pidgin must be restarted for\n this update to take effect.\";\n\ntag_affected = \"finch on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-July/018756.html\");\n script_id(881215);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:47:59 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2012-1178\", \"CVE-2012-2318\", \"CVE-2012-3374\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2012:1102\");\n script_name(\"CentOS Update for finch CESA-2012:1102 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of finch\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"finch\", rpm:\"finch~2.6.6~11.el5.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"finch-devel\", rpm:\"finch-devel~2.6.6~11.el5.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple\", rpm:\"libpurple~2.6.6~11.el5.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-devel\", rpm:\"libpurple-devel~2.6.6~11.el5.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-perl\", rpm:\"libpurple-perl~2.6.6~11.el5.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpurple-tcl\", rpm:\"libpurple-tcl~2.6.6~11.el5.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin\", rpm:\"pidgin~2.6.6~11.el5.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-devel\", rpm:\"pidgin-devel~2.6.6~11.el5.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"pidgin-perl\", rpm:\"pidgin-perl~2.6.6~11.el5.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "seebug": [{"lastseen": "2017-11-19T17:54:38", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 52476\r\nCVE(CAN) ID: CVE-2011-4939\r\n\r\nPidgin\u662f\u4e00\u6b3e\u591a\u5408\u4e00\u4e16\u754c\u4e3b\u6d41\u5373\u65f6\u901a\u8baf\u8f6f\u4ef6\u96c6\u6210\u5de5\u5177\r\n\r\nPidgin 2.10.2\u4e4b\u524d\u7248\u672c\u4e2d\u7684gtkconv.c\u5185\u7684\u51fd\u6570pidgin_conv_chat_rename_user\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u53ef\u901a\u8fc7\u66f4\u6539XMPP\u804a\u5929\u5ba4\u5185\u7684\u6635\u79f0\uff0c\u88ab\u5229\u7528\u9020\u6210\u62d2\u7edd\u670d\u52a1\n0\nPidgin 2.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nPidgin\r\n------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://pidgin.im/pidgin/home/", "modified": "2012-03-21T00:00:00", "published": "2012-03-21T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-30201", "id": "SSV:30201", "type": "seebug", "title": "Pidgin 2.x XMPP\u534f\u8bae\u62d2\u7edd\u8bbf\u95ee\u6f0f\u6d1e", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2018-08-31T01:15:09", "bulletinFamily": "unix", "description": "\nUS-CERT reports:\n\nThe msn_oim_report_to_user function in oim.c in the MSN protocol\n\t plugin in libpurple in Pidgin before 2.10.2 allows remote servers\n\t to cause a denial of service (application crash) via an OIM message\n\t that lacks UTF-8 encoding.\n\n", "modified": "2012-03-15T00:00:00", "published": "2012-03-15T00:00:00", "id": "7289214F-7C55-11E1-AB3B-000BCDF0A03B", "href": "https://vuxml.freebsd.org/freebsd/7289214f-7c55-11e1-ab3b-000bcdf0a03b.html", "title": "libpurple -- Remote DoS via an MSN OIM message that lacks UTF-8 encoding", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:10:21", "bulletinFamily": "unix", "description": "Evgeny Boger discovered that Pidgin incorrectly handled buddy list messages in the AIM and ICQ protocol handlers. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS, 11.04 and 11.10. (CVE-2011-4601)\n\nThijs Alkemade discovered that Pidgin incorrectly handled malformed voice and video chat requests in the XMPP protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS, 11.04 and 11.10. (CVE-2011-4602)\n\nDiego Bauche Madero discovered that Pidgin incorrectly handled UTF-8 sequences in the SILC protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS, 11.04 and 11.10. (CVE-2011-4603)\n\nJulia Lawall discovered that Pidgin incorrectly cleared memory contents used in cryptographic operations. An attacker could exploit this to read the memory contents, leading to an information disclosure. This issue only affected Ubuntu 10.04 LTS. (CVE-2011-4922)\n\nClemens Huebner and Kevin Stange discovered that Pidgin incorrectly handled nickname changes inside chat rooms in the XMPP protocol handler. A remote attacker could exploit this by changing nicknames, leading to a denial of service. This issue only affected Ubuntu 11.10. (CVE-2011-4939)\n\nThijs Alkemade discovered that Pidgin incorrectly handled off-line instant messages in the MSN protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS, 11.04 and 11.10. (CVE-2012-1178)\n\nJos\u00e9 Valent\u00edn Guti\u00e9rrez discovered that Pidgin incorrectly handled SOCKS5 proxy connections during file transfer requests in the XMPP protocol handler. A remote attacker could send a specially crafted request and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 12.04 LTS and 11.10. (CVE-2012-2214)\n\nFabian Yamaguchi discovered that Pidgin incorrectly handled malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. (CVE-2012-2318)\n\nUlf H\u00e4rnhammar discovered that Pidgin incorrectly handled messages with in-line images in the MXit protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges. (CVE-2012-3374)", "modified": "2012-07-09T00:00:00", "published": "2012-07-09T00:00:00", "id": "USN-1500-1", "href": "https://usn.ubuntu.com/1500-1/", "title": "Pidgin vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-12-11T19:42:09", "bulletinFamily": "unix", "description": "Pidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nA flaw was found in the way the Pidgin MSN protocol plug-in processed text\nthat was not encoded in UTF-8. A remote attacker could use this flaw to\ncrash Pidgin by sending a specially-crafted MSN message. (CVE-2012-1178)\n\nAn input validation flaw was found in the way the Pidgin MSN protocol\nplug-in handled MSN notification messages. A malicious server or a remote\nattacker could use this flaw to crash Pidgin by sending a specially-crafted\nMSN notification message. (CVE-2012-2318)\n\nA buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A\nremote attacker could use this flaw to crash Pidgin by sending a MXit\nmessage containing specially-crafted emoticon tags. (CVE-2012-3374)\n\nRed Hat would like to thank the Pidgin project for reporting the\nCVE-2012-3374 issue. Upstream acknowledges Ulf Harnhammar as the original\nreporter of CVE-2012-3374.\n\nAll Pidgin users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. Pidgin must be restarted for\nthis update to take effect.\n", "modified": "2018-06-06T20:24:15", "published": "2012-07-19T04:00:00", "id": "RHSA-2012:1102", "href": "https://access.redhat.com/errata/RHSA-2012:1102", "type": "redhat", "title": "(RHSA-2012:1102) Moderate: pidgin security update", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T11:29:41", "bulletinFamily": "unix", "description": "Various remote triggerable crashes in pidgin have been\n fixed:\n\n * CVE-2012-1178: In some situations the MSN server\n sends text that isn't UTF-8 encoded, and Pidgin fails to\n verify the text's encoding. In some cases this can lead to\n a crash when attempting to display the text ().\n * CVE-2012-1178/CVE-2012-2318: Incoming messages with\n certain characters or character encodings can cause clients\n to crash.\n * CVE-2012-2214: A series of specially crafted file\n transfer requests can cause clients to reference invalid\n memory. The user must have accepted one of the file\n transfer requests.\n\n", "modified": "2012-06-22T19:08:37", "published": "2012-06-22T19:08:37", "id": "SUSE-SU-2012:0782-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00019.html", "type": "suse", "title": "Security update for finch, libpurple and pidgin (important)", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "centos": [{"lastseen": "2017-10-03T18:24:34", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2012:1102\n\n\nPidgin is an instant messaging program which can log in to multiple\naccounts on multiple instant messaging networks simultaneously.\n\nA flaw was found in the way the Pidgin MSN protocol plug-in processed text\nthat was not encoded in UTF-8. A remote attacker could use this flaw to\ncrash Pidgin by sending a specially-crafted MSN message. (CVE-2012-1178)\n\nAn input validation flaw was found in the way the Pidgin MSN protocol\nplug-in handled MSN notification messages. A malicious server or a remote\nattacker could use this flaw to crash Pidgin by sending a specially-crafted\nMSN notification message. (CVE-2012-2318)\n\nA buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A\nremote attacker could use this flaw to crash Pidgin by sending a MXit\nmessage containing specially-crafted emoticon tags. (CVE-2012-3374)\n\nRed Hat would like to thank the Pidgin project for reporting the\nCVE-2012-3374 issue. Upstream acknowledges Ulf Harnhammar as the original\nreporter of CVE-2012-3374.\n\nAll Pidgin users should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. Pidgin must be restarted for\nthis update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-July/018756.html\nhttp://lists.centos.org/pipermail/centos-announce/2012-July/018757.html\n\n**Affected packages:**\nfinch\nfinch-devel\nlibpurple\nlibpurple-devel\nlibpurple-perl\nlibpurple-tcl\npidgin\npidgin-devel\npidgin-docs\npidgin-perl\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-1102.html", "modified": "2012-07-19T13:05:02", "published": "2012-07-19T12:46:55", "href": "http://lists.centos.org/pipermail/centos-announce/2012-July/018756.html", "id": "CESA-2012:1102", "title": "finch, libpurple, pidgin security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:41:50", "bulletinFamily": "unix", "description": "[2.7.9-5.el6.2]\n- Add patch for CVE-2011-2485 (RH bug #837561).\n[2.7.9-5.el6.1]\n- Add patch for CVE-2012-1178 (RH bug #837560).\n- Add patch for CVE-2012-2318 (RH bug #837560).\n- Add patch for CVE-2012-3374 (RH bug #837560).\n[2.7.9-5.el6]\n- Add patch for CVE-2011-4602 (RH bug #766453).\n[2.7.9-4.el6]\n- Add patch for CVE-2011-4601 (RH bug #766453).", "modified": "2012-07-19T00:00:00", "published": "2012-07-19T00:00:00", "id": "ELSA-2012-1102", "href": "http://linux.oracle.com/errata/ELSA-2012-1102.html", "title": "pidgin security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:41:45", "bulletinFamily": "unix", "description": "[2.7.9-10.el6_4.1]\n- Fix spec file for disttag\n[2.7.9-10.el6]\n- Add patch for CVE-2013-0274 (RH bug #910653).\n[2.7.9-9.el6]\n- Add patch for CVE-2013-0273 (RH bug #910653).\n[2.7.9-8.el6]\n- Add patch for CVE-2013-0272 (RH bug #910653).\n[2.7.9-7.el6]\n- Add patch for CVE-2011-2485 (RH bug #837562).\n[2.7.9-6.el6]\n- Add patch for CVE-2012-1178 (RH bug #837560).\n- Add patch for CVE-2012-2318 (RH bug #837560).\n- Add patch for CVE-2012-3374 (RH bug #837560).", "modified": "2013-03-14T00:00:00", "published": "2013-03-14T00:00:00", "id": "ELSA-2013-0646", "href": "http://linux.oracle.com/errata/ELSA-2013-0646.html", "title": "pidgin security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}