Summary
This host has installed pidgin and is prone to Multiple Buffer Overflow Vulnerabilities
Impact
Successful exploits allow attackers to run arbitrary code, corrupt memory and cause cause denial of service.
Impact Level: Application
Solution
Upgrade to version 2.5.6 or later.
http://pidgin.im/download/
Insight
The multiple flaws are due to,
- a boundary error in the XMPP SOCKS5 'bytestream' server when initiating an outbound XMPP file transfer.
- a boundary error in the 'decrypt_out()' function while processing malicious QQ packet.
- a boundary error exists in the implementation of the 'PurpleCircBuffer' structure and can be exploited via vectors involving XMPP or Sametime protocol.
- a truncation error in function 'libpurple/protocols/msn/slplink.c' and 'libpurple/protocols/msnp9/slplink.c' when processing MSN SLP messages with a crafted offset value.
Affected
Pidgin version prior to 2.5.6 on Linux.
References
Severity
Classification
-
CVE CVE-2009-1373, CVE-2009-1374, CVE-2009-1375, CVE-2009-1376 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Advantech Studio Multiple Buffer Overflow Vulnerabilities
- CA Internet Security Suite Plus 'KmxSbx.sys' Buffer Overflow Vulnerability
- Adobe Flash Professional JPG Object Processing BOF Vulnerability (Mac OS X)
- Adobe Photoshop Multiple Buffer Overflow Vulnerabilities
- CuteFTP Heap Based Buffer Overflow Vulnerability