Pidgin vulnerabilities

2008-11-2400:00:00

ubuntu.com

8.3 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.107 Low

EPSS

Percentile

95.0%

JSON

Releases

Ubuntu 8.04
Ubuntu 7.10

Packages

pidgin -

Details

It was discovered that Pidgin did not properly handle certain malformed
messages in the MSN protocol handler. A remote attacker could send a specially
crafted message and possibly execute arbitrary code with user privileges.
(CVE-2008-2927)

It was discovered that Pidgin did not properly handle file transfers containing
a long filename and special characters in the MSN protocol handler. A remote
attacker could send a specially crafted filename in a file transfer request
and cause Pidgin to crash, leading to a denial of service. (CVE-2008-2955)

It was discovered that Pidgin did not impose resource limitations in the UPnP
service. A remote attacker could cause Pidgin to download arbitrary files
and cause a denial of service from memory or disk space exhaustion.
(CVE-2008-2957)

It was discovered that Pidgin did not validate SSL certificates when using a
secure connection. If a remote attacker were able to perform a
machine-in-the-middle attack, this flaw could be exploited to view sensitive
information. This update alters Pidgin behaviour by asking users to confirm
the validity of a certificate upon initial login. (CVE-2008-3532)

OSVersionArchitecturePackageVersionFilename
Ubuntu8.04noarchpidgin< 1:2.4.1-1ubuntu2.2UNKNOWN
Ubuntu8.04noarchfinch< 1:2.4.1-1ubuntu2.2UNKNOWN
Ubuntu8.04noarchlibpurple0< 1:2.4.1-1ubuntu2.2UNKNOWN
Ubuntu8.04noarchpidgin-dbg< 1:2.4.1-1ubuntu2.2UNKNOWN
Ubuntu7.10noarchpidgin< 1:2.2.1-1ubuntu4.3UNKNOWN
Ubuntu7.10noarchfinch< 1:2.2.1-1ubuntu4.3UNKNOWN
Ubuntu7.10noarchlibpurple0< 1:2.2.1-1ubuntu4.3UNKNOWN
Ubuntu7.10noarchpidgin< dbg-1:2.2.1-1ubuntu4.3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	8.04	noarch	pidgin	< 1:2.4.1-1ubuntu2.2	UNKNOWN
Ubuntu	8.04	noarch	finch	< 1:2.4.1-1ubuntu2.2	UNKNOWN
Ubuntu	8.04	noarch	libpurple0	< 1:2.4.1-1ubuntu2.2	UNKNOWN
Ubuntu	8.04	noarch	pidgin-dbg	< 1:2.4.1-1ubuntu2.2	UNKNOWN
Ubuntu	7.10	noarch	pidgin	< 1:2.2.1-1ubuntu4.3	UNKNOWN
Ubuntu	7.10	noarch	finch	< 1:2.2.1-1ubuntu4.3	UNKNOWN
Ubuntu	7.10	noarch	libpurple0	< 1:2.2.1-1ubuntu4.3	UNKNOWN
Ubuntu	7.10	noarch	pidgin	< dbg-1:2.2.1-1ubuntu4.3	UNKNOWN