Summary
This host has installed pidgin and is prone to Multiple Buffer Overflow Vulnerabilities
Impact
Successful exploits allow attackers to run arbitrary code, corrupt memory and cause cause denial of service.
Impact Level: Application
Solution
Upgrade to version 2.5.6 or later.
http://pidgin.im/download/
Insight
The multiple flaws are due to,
- a boundary error in the XMPP SOCKS5 'bytestream' server when initiating an outbound XMPP file transfer.
- a boundary error in the 'decrypt_out()' function while processing malicious QQ packet.
- a boundary error exists in the implementation of the 'PurpleCircBuffer' structure and can be exploited via vectors involving XMPP or Sametime protocol.
- a truncation error in function 'libpurple/protocols/msn/slplink.c' and 'libpurple/protocols/msnp9/slplink.c' when processing MSN SLP messages with a crafted offset value.
Affected
Pidgin version prior to 2.5.6 on Linux.
References
Severity
Classification
-
CVE CVE-2009-1373, CVE-2009-1374, CVE-2009-1375, CVE-2009-1376 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Beatport Player '.m3u' File Buffer Overflow Vulnerability
- DesignWorks Professional '.cct' File BOF Vulnerability
- Adobe Photoshop Multiple Buffer Overflow Vulnerabilities
- Adobe Reader 'XFDF' File Buffer Overflow Vulnerability (Linux)
- Adobe Photoshop PNG Image Processing Buffer Overflow Vulnerabilities (Mac OS X)