Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:20895
HistoryAug 25, 2011 - 12:00 a.m.

Pidgin拒绝服务和安全绕过漏洞

2011-08-2500:00:00
Root
www.seebug.org
8

0.11 Low

EPSS

Percentile

94.6%

JSON

Bugtraq ID: 49268
CVE ID:CVE-2011-2943

Pidgin是一款多协议即时通信软件。
Pidgin存在安全漏洞,允许恶意攻击者进行拒绝服务或任意代码执行攻击。
1)当处理昵称中包含特殊字符的WHO应答时IRC协议插件存在错误,可被利用触发空指针引用。
2)解析HTTP 100应答时MSN协议插件存在错误,可被利用使应用程序崩溃。
成功利用漏洞需要HTTP连接方法启用(默认禁用)并使用恶意服务器。
3)Pidgin支持IM会话中使用URL处理器,windows平台下直接把URL提交给ShellExecute API,并以当前用户运行。当通过file:// URL传递,放在WEBDAV/SMB共享上的恶意可执行文件可被装载并执行。

Pidgin 2.x
厂商解决方案
Pidgin 2.10.0已经修复此漏洞,建议用户下载使用:
http://pidgin.im/

Related

prion 1
ubuntucve 1
cve 1
debiancve 1
openvas 4
securityvulns 1
nessus 2
prion
prion
Null pointer dereference
2011-08-29 17:55:00
ubuntucve
ubuntucve
CVE-2011-2943
2011-08-29 00:00:00
cve
cve
CVE-2011-2943
2011-08-29 17:55:00
debiancve
debiancve
CVE-2011-2943
2011-08-29 17:55:00
openvas
openvas
Pidgin Libpurple Protocol Plugins Denial of Service Vulnerabilities - Windows
2011-09-09 00:00:00
Mandriva Update for pidgin MDVSA-2011:132 (pidgin)
2011-09-12 00:00:00
Pidgin Libpurple Protocol Plugins Denial of Service Vulnerabilities (Windows)
2011-09-09 00:00:00
securityvulns
securityvulns
Pidgin code execution
2011-08-30 00:00:00
nessus
nessus
Pidgin < 2.10.0 Multiple Vulnerabilities
2011-08-22 00:00:00
Mandriva Linux Security Advisory : pidgin (MDVSA-2011:132-1)
2011-09-07 00:00:00

0.11 Low

EPSS

Percentile

94.6%

JSON
Related for SSV:20895
prion1ubuntucve1cve1debiancve1openvas4securityvulns1nessus2