Summary
This host is installed with Pidgin and is
prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers
to cause a denial of service (crash), disclosure of potentially sensitive information, disclose and manipulate certain data and spoofing attacks.
Impact Level: Application
Solution
Upgrade to Pidgin version 2.10.10 or later.
For updates refer http://www.pidgin.im/
Insight
Multiple errors exists due to,
- An error when parsing XMPP messages.
- An error when unpacking smiley themes.
- Improper verification of the Basic Constraints of an SSL certificate.
- An error when handling Groupwise message.
- An error when handling of an MXit emoticon.
Affected
Pidgin before version 2.10.10 on Windows.
Detection
Get the installed version with the help of
detect NVT and check the version is vulnerable or not.
References
- http://pidgin.im/news/security/?id=86
- http://pidgin.im/news/security/?id=87
- http://pidgin.im/news/security/?id=88
- http://pidgin.im/news/security/?id=89
- http://pidgin.im/news/security/?id=90
- http://www.osvdb.org/113631
- http://www.osvdb.org/113632
- http://www.osvdb.org/113633
- http://www.osvdb.org/113634
- http://www.osvdb.org/113635
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-3694, CVE-2014-3695, CVE-2014-3696, CVE-2014-3697, CVE-2014-3698 -
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N
Related Vulnerabilities
- Asterisk SIP REGISTER Response Username Enumeration Vulnerability
- Active Perl CGI.pm 'Set-Cookie' and 'P3P' HTTP Header Injection Vulnerability (Win)
- Apple Mac OS X Authentication Bypass Vulnerability
- Apple Safari 'setInterval()' Address Bar Spoofing Vulnerability (Win)
- Adobe Reader Plugin Signature Bypass Vulnerability (Linux)