Summary
This host has Pidgin installed and is prone to multiple Denial of Service vulnerabilities.
Vulnerabilities Insight:
- An error in libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple can trigger a NULL-pointer dereference when processing TOPIC messages which lack a topic string.
- An error in the 'msn_slp_sip_recv' function in libpurple/protocols/msn/slp.c in the MSN protocol can trigger a NULL-pointer dereference via an SLP invite message missing expected fields.
- An error in the 'msn_slp_process_msg' function in libpurple/protocols/msn/ slpcall.c in the MSN protocol when converting the encoding of a handwritten message can be exploited by improper utilisation of uninitialised variables.
- An error in the XMPP protocol plugin in libpurple is fails to handle an error IQ stanza during an attempted fetch of a custom smiley is processed via XHTML-IM content with cid: images.
Impact
Attackers can exploit this issue to execute arbitrary code, corrupt memory and cause the application to crash.
Impact Level: System/Application
Solution
Upgrade to Pidgin version 2.6.2
http://pidgin.im/download
Affected
Pidgin version prior to 2.6.2 on Linux.
References
Severity
Classification
-
CVE CVE-2009-2703, CVE-2009-3083, CVE-2009-3084, CVE-2009-3085 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities