Summary
This host has Pidgin installed and is prone to multiple Denial of Service vulnerabilities.
Vulnerabilities Insight:
- An error in libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple can trigger a NULL-pointer dereference when processing TOPIC messages which lack a topic string.
- An error in the 'msn_slp_sip_recv' function in libpurple/protocols/msn/slp.c in the MSN protocol can trigger a NULL-pointer dereference via an SLP invite message missing expected fields.
- An error in the 'msn_slp_process_msg' function in libpurple/protocols/msn/ slpcall.c in the MSN protocol when converting the encoding of a handwritten message can be exploited by improper utilisation of uninitialised variables.
- An error in the XMPP protocol plugin in libpurple is fails to handle an error IQ stanza during an attempted fetch of a custom smiley is processed via XHTML-IM content with cid: images.
Impact
Attackers can exploit this issue to execute arbitrary code, corrupt memory and cause the application to crash.
Impact Level: System/Application
Solution
Upgrade to Pidgin version 2.6.2
http://pidgin.im/download
Affected
Pidgin version prior to 2.6.2 on Windows.
References
Severity
Classification
-
CVE CVE-2009-2703, CVE-2009-3083, CVE-2009-3084, CVE-2009-3085 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Eggdrop Server Module Message Handling Remote Buffer Overflow Vulnerability
- freeFTPD PORT Command Denial of Service Vulnerability
- Firefox Browser Libxul Memory Leak Remote DoS Vulnerability - Linux
- Apple Safari Denial Of Service Vulnerability - Jul09
- freeSSHd Pre-Authentication Error Remote DoS Vulnerability