The host is installed with Pidgin and is prone to multiple vulnerabilities.

Successful exploitation will allow remote attackers to conduct denial of service or execute arbitrary programs or spoof iq traffic. Impact Level: System/Application

Upgrade to Pidgin version 2.10.8 or later, For updates refer to http://www.pidgin.im/

The flaws are due to an, - Improper validation of data by the Yahoo protocol plugin. - Improper validation of argument counts by IRC protocol plugin. - Improper validation of input to content-length header. - Integer signedness error in the 'MXit' functionality. - Integer overflow in 'ibpurple/protocols/gg/lib/http.c' in the 'Gadu-Gadu' (gg) parser. - Error due to incomplete fix for earlier flaw. - Integer overflow condition in the 'process_chunked_data' function in 'util.c'. - Error in 'STUN' protocol implementation in 'libpurple'. - Error in the 'XMPP' protocol plugin in 'libpurple'. - Error in the MSN module. - Improper validation of the length field in 'libpurple/protocols/yahoo/libymsg.c'. - Improper allocation of memory by 'util.c' in 'libpurple'. - Error in the libx11 library. - Multiple integer signedness errors in libpurple.

Pidgin version before 2.10.8.

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

• http://secunia.com/advisories/56693/
• http://www.osvdb.com/102616
• http://www.osvdb.com/102622
• http://www.pidgin.im/news/security/?id=70
• http://www.pidgin.im/news/security/?id=85

---

Updated on 2015-03-25