Summary
The remote host is missing an update to the system as announced in the referenced advisory.
Solution
Update your system with the appropriate patches or software upgrades.
http://secunia.com/advisories/36384/
http://www.pidgin.im/news/security/?id=34
http://www.vuxml.org/freebsd/59e7af2d-8db7-11de-883b-001e3300a30d.html
Insight
The following packages are affected:
pidgin
libpurple
finch
CVE-2009-2694
The msn_slplink_process_msg function in
libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.
Severity
Classification
-
CVE CVE-2009-2694 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities