Summary
This host is installed with Pidgin and is
prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers
to cause a denial of service (crash), disclosure of potentially sensitive information, disclose and manipulate certain data and spoofing attacks.
Impact Level: Application
Solution
Upgrade to Pidgin version 2.10.10 or later.
For updates refer http://www.pidgin.im/
Insight
Multiple errors exists due to,
- An error when parsing XMPP messages.
- An error when unpacking smiley themes.
- Improper verification of the Basic Constraints of an SSL certificate.
- An error when handling Groupwise message.
- An error when handling of an MXit emoticon.
Affected
Pidgin before version 2.10.10 on Windows.
Detection
Get the installed version with the help of
detect NVT and check the version is vulnerable or not.
References
- http://pidgin.im/news/security/?id=86
- http://pidgin.im/news/security/?id=87
- http://pidgin.im/news/security/?id=88
- http://pidgin.im/news/security/?id=89
- http://pidgin.im/news/security/?id=90
- http://www.osvdb.org/113631
- http://www.osvdb.org/113632
- http://www.osvdb.org/113633
- http://www.osvdb.org/113634
- http://www.osvdb.org/113635
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-3694, CVE-2014-3695, CVE-2014-3696, CVE-2014-3697, CVE-2014-3698 -
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N
Related Vulnerabilities
- Apple iTunes Insecure Permissions Privilege Escalation Vulnerability (Mac OS X)
- Adobe Digital Edition Information Disclosure Vulnerability (Windows)
- Apple Safari Webkit Multiple Vulnerabilities - March 2011
- Arora Common Name SSL Certificate Spoofing Vulnerability (Linux)
- Apple Safari 'Webkit' Information Disclosure Vulnerability (Win)