Pidgin Multiple Vulnerabilities - Sep09 (Linux) Network Vulnerability

Summary

This host has Pidgin installed and is prone to multiple vulnerabilities.

Impact

Successful exploitation will let the attacker obtain sensitive information by sniffing XMPP sessions and cause application crash. Impact Level: Application

Solution

Upgrade to Pidgin version 2.6.1 http://pidgin.im/download

Insight

- The application connects to Jabberd servers that are not fully compliant with the XMPP specifications without encryption, even if the 'Require SSL/TLS' setting is configured. - An error ocurrs in compililg libpurple while processing malicious links received via the Yahoo Messenger protocol.

Affected

Pidgin version 2.6.0 on Linux

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542891
http://pidgin.im/news/security/?id=35
http://secunia.com/advisories/36384/
http://www.openwall.com/lists/oss-security/2009/08/19/2

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3025, CVE-2009-3026
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apple Remote Desktop Information Disclosure Vulnerability
Apache /server-info accessible
Adobe Digital Edition Information Disclosure Vulnerability (Windows)
Apple Mac OS X Denial of Service Vulnerability
Adobe Reader Information Disclosure & Code Execution Vulnerabilities (Linux)

Take action and discover your vulnerabilities