Summary
This host has installed pidgin and is prone to Multiple Buffer Overflow Vulnerabilities
Impact
Successful exploits allow attackers to run arbitrary code, corrupt memory and cause cause denial of service.
Impact Level: Application
Solution
Upgrade to version 2.5.6 or later.
http://pidgin.im/download/
Insight
The multiple flaws are due to,
- a boundary error in the XMPP SOCKS5 'bytestream' server when initiating an outbound XMPP file transfer.
- a boundary error in the 'decrypt_out()' function while processing malicious QQ packet.
- a boundary error exists in the implementation of the 'PurpleCircBuffer' structure and can be exploited via vectors involving XMPP or Sametime protocol.
- a truncation error in function 'libpurple/protocols/msn/slplink.c' and 'libpurple/protocols/msnp9/slplink.c' when processing MSN SLP messages with a crafted offset value.
Affected
Pidgin version prior to 2.5.6 on Windows.
References
Severity
Classification
-
CVE CVE-2009-1373, CVE-2009-1374, CVE-2009-1375, CVE-2009-1376 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Reader 'Plug-in' Buffer Overflow Vulnerability (Mac OS X)
- Apple iTunes 'itms:' URI Stack Buffer Overflow Vulnerability
- Adobe Acrobat and Reader SING 'uniqueName' Buffer Overflow Vulnerability (Linux)
- Audacity Buffer Overflow Vulnerability (Linux)
- Bopup Communication Server Remote Buffer Overflow Vulnerability