Summary
The host is running Pidgin, which is prone to integer overflow vulnerability.
Impact
Remote attacker can execute arbitrary code by sending specially crafted SLP message with the privilege of a user.
Impact Level : SYSTEM
Solution
Upgrade to Pidgin Version 2.4.3,
http://www.pidgin.im/download/
Insight
The flaw is due to errors in the msn_slplink_process_msg function in libpurple/protocols/msnp9/slplink.c and libpurple/protocols/msn/slplink.c files, which fails to perform adequate boundary checks on user-supplied data.
Affected
Pidgin Version prior to 2.4.3 on Linux (All).
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-2927 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities