Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.804314
Category:General
Title:Pidgin Multiple Vulnerabilities Feb 2014 (Windows)
Summary:The host is installed with Pidgin and is prone to multiple vulnerabilities.
Description:Summary:
The host is installed with Pidgin and is prone to multiple vulnerabilities.

Vulnerability Insight:
The flaws are due to an:

- Improper validation of data by the Yahoo protocol plugin.

- Improper validation of argument counts by IRC protocol plugin.

- Improper validation of input to content-length header.

- Integer signedness error in the 'MXit' functionality.

- Integer overflow in 'ibpurple/protocols/gg/lib/http.c' in the 'Gadu-Gadu'
(gg) parser.

- Error due to incomplete fix for earlier flaw.

- Integer overflow condition in the 'process_chunked_data' function in 'util.c'.

- Error in 'STUN' protocol implementation in 'libpurple'.

- Error in the 'XMPP' protocol plugin in 'libpurple'.

- Error in the MSN module.

- Improper validation of the length field in 'libpurple/protocols/yahoo/libymsg.c'.

- Improper allocation of memory by 'util.c' in 'libpurple'.

- Error in the libx11 library.

- Multiple integer signedness errors in libpurple.

Vulnerability Impact:
Successful exploitation will allow remote attackers to conduct denial of
service or execute arbitrary programs or spoof iq traffic.

Affected Software/OS:
Pidgin version before 2.10.8.

Solution:
Upgrade to Pidgin version 2.10.8 or later.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: BugTraq ID: 65492
BugTraq ID: 65243
BugTraq ID: 65189
BugTraq ID: 65188
BugTraq ID: 65192
BugTraq ID: 65195
Common Vulnerability Exposure (CVE) ID: CVE-2012-6152
RedHat Security Advisories: RHSA-2014:0139
https://rhn.redhat.com/errata/RHSA-2014-0139.html
SuSE Security Announcement: openSUSE-SU-2014:0239 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html
SuSE Security Announcement: openSUSE-SU-2014:0326 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html
http://www.ubuntu.com/usn/USN-2100-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-6477
Debian Security Information: DSA-2859 (Google Search)
http://www.debian.org/security/2014/dsa-2859
Common Vulnerability Exposure (CVE) ID: CVE-2013-6478
http://pidgin.im/pipermail/support/2013-March/012980.html
http://pidgin.im/pipermail/support/2013-March/012981.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-6479
Common Vulnerability Exposure (CVE) ID: CVE-2013-6481
Common Vulnerability Exposure (CVE) ID: CVE-2013-6482
Common Vulnerability Exposure (CVE) ID: CVE-2013-6483
Common Vulnerability Exposure (CVE) ID: CVE-2013-6484
Common Vulnerability Exposure (CVE) ID: CVE-2013-6485
http://www.securityfocus.com/bid/65243
Common Vulnerability Exposure (CVE) ID: CVE-2013-6486
http://www.securityfocus.com/bid/65189
Common Vulnerability Exposure (CVE) ID: CVE-2013-6487
http://www.securityfocus.com/bid/65188
Debian Security Information: DSA-2852 (Google Search)
http://www.debian.org/security/2014/dsa-2852
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128277.html
https://security.gentoo.org/glsa/201508-02
http://www.mandriva.com/security/advisories?name=MDVSA-2014:039
http://libgadu.net/releases/1.11.3.html
http://vrt-blog.snort.org/2014/01/vrt-2013-1001-cve-2013-6487-buffer.html
http://www.ubuntu.com/usn/USN-2101-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-6489
http://www.securityfocus.com/bid/65192
http://hg.pidgin.im/pidgin/main/rev/4c897372b5a4
Common Vulnerability Exposure (CVE) ID: CVE-2013-6490
http://www.securityfocus.com/bid/65195
Common Vulnerability Exposure (CVE) ID: CVE-2014-0020
CopyrightCopyright (C) 2014 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.