Pidgin Multiple Vulnerabilities - Sep09 (Linux) Network Vulnerability

Summary

This host has Pidgin installed and is prone to multiple vulnerabilities.

Impact

Successful exploitation will let the attacker obtain sensitive information by sniffing XMPP sessions and cause application crash. Impact Level: Application

Solution

Upgrade to Pidgin version 2.6.1 http://pidgin.im/download

Insight

- The application connects to Jabberd servers that are not fully compliant with the XMPP specifications without encryption, even if the 'Require SSL/TLS' setting is configured. - An error ocurrs in compililg libpurple while processing malicious links received via the Yahoo Messenger protocol.

Affected

Pidgin version 2.6.0 on Linux

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542891
http://pidgin.im/news/security/?id=35
http://secunia.com/advisories/36384/
http://www.openwall.com/lists/oss-security/2009/08/19/2

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3025, CVE-2009-3026

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Linux)
Adobe Reader Plugin Signature Bypass Vulnerability (Mac OS X)
Apple Safari 'Webkit' Multiple Vulnerabilities-01 Mar14 (Mac OS X)
Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Windows)
Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Mac OS X)

Take action and discover your vulnerabilities