9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
pidgin is vulnerable to arbitrary code execution. The vulnerability exists as it was discovered that on 32-bit platforms, the Red Hat Security Advisory RHSA-2008:0584 provided an incomplete fix for the integer overflow flaw affecting Pidginβs MSN protocol handler. If a Pidgin client receives a specially-crafted MSN message, it may be possible to execute arbitrary code with the permissions of the user running Pidgin.
debian.org/security/2009/dsa-1805
secunia.com/advisories/35188
secunia.com/advisories/35194
secunia.com/advisories/35202
secunia.com/advisories/35215
secunia.com/advisories/35294
secunia.com/advisories/35329
secunia.com/advisories/35330
secunia.com/advisories/37071
www.gentoo.org/security/en/glsa/glsa-200905-07.xml
www.mandriva.com/security/advisories?name=MDVSA-2009:140
www.mandriva.com/security/advisories?name=MDVSA-2009:173
www.pidgin.im/news/security/?id=32
www.redhat.com/security/updates/classification/#important
www.redhat.com/support/errata/RHSA-2009-1059.html
www.redhat.com/support/errata/RHSA-2009-1060.html
www.securityfocus.com/bid/35067
www.ubuntu.com/usn/USN-781-1
www.ubuntu.com/usn/USN-781-2
www.vupen.com/english/advisories/2009/1396
access.redhat.com/errata/RHSA-2009:1060
bugzilla.redhat.com/show_bug.cgi?id=500493
exchange.xforce.ibmcloud.com/vulnerabilities/50680
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10476
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18432
www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html
www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html
www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html