Pidgin MSN SLP Message Integer Overflow Vulnerabilities (Linux) Network Vulnerability

Summary

The host is running Pidgin, which is prone to integer overflow vulnerability.

Impact

Remote attacker can execute arbitrary code by sending specially crafted SLP message with the privilege of a user. Impact Level : SYSTEM

Solution

Upgrade to Pidgin Version 2.4.3, http://www.pidgin.im/download/

Insight

The flaw is due to errors in the msn_slplink_process_msg function in libpurple/protocols/msnp9/slplink.c and libpurple/protocols/msn/slplink.c files, which fails to perform adequate boundary checks on user-supplied data.

Affected

Pidgin Version prior to 2.4.3 on Linux (All).

References

http://www.pidgin.im/news/security/?id=24

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-2927

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe Flash Player/Air Multiple Vulnerabilities -feb10 (Win)
Apple Mac OS X Denial of Service Vulnerability
Adobe Reader Multiple Unspecified Vulnerabilities Jun06 (Mac OS X)
Adobe Reader Unspecified Vulnerability (Windows)
Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities