Summary
This host has Pidgin installed and is prone to File Disclosure vulnerability
Impact
Attackers can exploit this issue to gain knowledge of sensitive information via directory traversal attacks.
Impact Level: Application
Solution
Apply the patch or upgrade to Pidgin version 2.6.5 http://pidgin.im/download
http://developer.pidgin.im/viewmtn/revision/info/c64a1adc8bda2b4aeaae1f273541afbc4f71b810
*****
NOTE: Please ignore this warning if the patch is already applied.
*****
Insight
This issue is due to an error in 'slp.c' within the 'MSN protocol plugin' in 'libpurple' when processing application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request.
Affected
Pidgin version prior to 2.6.4 on Linux.
References
Severity
Classification
-
CVE CVE-2010-0013 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Linux)
- Apache /server-info accessible
- Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Mac OS X)
- Apple iTunes Tutorials Window Security Bypass Vulnerability (Windows)
- Adobe Flash Player Unspecified Cross-Site Scripting Vulnerability June-2011 (Linux)