Summary
The host is running Pidgin, which is prone to integer overflow vulnerability.
Impact
Remote attacker can execute arbitrary code by sending specially crafted SLP message with the privilege of a user.
Impact Level : SYSTEM
Solution
Upgrade to Pidgin Version 2.4.3,
http://www.pidgin.im/download/
Insight
The flaw is due to errors in the msn_slplink_process_msg function in libpurple/protocols/msnp9/slplink.c and libpurple/protocols/msn/slplink.c files, which fails to perform adequate boundary checks on user-supplied data.
Affected
Pidgin Version prior to 2.4.3 on Linux (All).
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-2927 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apple Safari libxml Denial of Service Vulnerability
- Asterisk Missing ACL Check Remote Security Bypass Vulnerability
- Apple Safari Multiple Memory Corruption Vulnerabilities-02 Apr14 (Mac OS X)
- Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Windows)
- Apache Tomcat Multiple Vulnerabilities-01 (Nov14)