Pidgin MSN Custom Smileys File Disclosure Vulnerability (Linux) Network Vulnerability

Summary

This host has Pidgin installed and is prone to File Disclosure vulnerability

Impact

Attackers can exploit this issue to gain knowledge of sensitive information via directory traversal attacks. Impact Level: Application

Solution

Apply the patch or upgrade to Pidgin version 2.6.5 http://pidgin.im/download http://developer.pidgin.im/viewmtn/revision/info/c64a1adc8bda2b4aeaae1f273541afbc4f71b810 ***** NOTE: Please ignore this warning if the patch is already applied. *****

Insight

This issue is due to an error in 'slp.c' within the 'MSN protocol plugin' in 'libpurple' when processing application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request.

Affected

Pidgin version prior to 2.6.4 on Linux.

References

http://secunia.com/advisories/37953/
http://www.pidgin.im/news/security/?id=42
http://www.vupen.com/english/advisories/2009/3662

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-0013
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Windows)
Adobe Digital Edition Information Disclosure Vulnerability (Windows)
Apple Safari Multiple Memory Corruption Vulnerabilities-02 Apr14 (Mac OS X)
Asterisk RTP Comfort Noise Processing Remote Denial of Service Vulnerability
Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Linux)

Take action and discover your vulnerabilities