ID CVE-2009-1373
Summary Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information.
References
Vulnerable Configurations
  • Pidgin 2.4.3
    cpe:2.3:a:pidgin:pidgin:2.4.3
  • Pidgin 2.1.1
    cpe:2.3:a:pidgin:pidgin:2.1.1
  • Pidgin 2.0.1
    cpe:2.3:a:pidgin:pidgin:2.0.1
  • Pidgin 2.0.2
    cpe:2.3:a:pidgin:pidgin:2.0.2
  • Pidgin 2.0.0
    cpe:2.3:a:pidgin:pidgin:2.0.0
  • Pidgin 2.4.0
    cpe:2.3:a:pidgin:pidgin:2.4.0
  • Pidgin 2.4.1
    cpe:2.3:a:pidgin:pidgin:2.4.1
  • Pidgin 2.2.0
    cpe:2.3:a:pidgin:pidgin:2.2.0
  • Pidgin 2.4.2
    cpe:2.3:a:pidgin:pidgin:2.4.2
  • Pidgin 2.3.1
    cpe:2.3:a:pidgin:pidgin:2.3.1
  • Pidgin 2.1.0
    cpe:2.3:a:pidgin:pidgin:2.1.0
  • Pidgin 2.3.0
    cpe:2.3:a:pidgin:pidgin:2.3.0
  • Pidgin 2.2.1
    cpe:2.3:a:pidgin:pidgin:2.2.1
  • Pidgin 2.2.2
    cpe:2.3:a:pidgin:pidgin:2.2.2
  • cpe:2.3:a:pidgin:pidgin:2.0.2:-:linux
    cpe:2.3:a:pidgin:pidgin:2.0.2:-:linux
  • Pidgin 2.5.5
    cpe:2.3:a:pidgin:pidgin:2.5.5
  • Pidgin 2.5.4
    cpe:2.3:a:pidgin:pidgin:2.5.4
  • Pidgin 2.5.3
    cpe:2.3:a:pidgin:pidgin:2.5.3
  • Pidgin 2.5.2
    cpe:2.3:a:pidgin:pidgin:2.5.2
  • Pidgin 2.5.1
    cpe:2.3:a:pidgin:pidgin:2.5.1
  • Pidgin 2.5.0
    cpe:2.3:a:pidgin:pidgin:2.5.0
CVSS
Base: 7.1 (as of 26-05-2009 - 12:17)
Impact:
Exploitability:
CWE CWE-119
CAPEC
  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
  • Overflow Binary Resource File
    An attack of this type exploits a buffer overflow vulnerability in the handling of binary resources. Binary resources may include music files like MP3, image files like JPEG files, and any other binary file. These attacks may pass unnoticed to the client machine through normal usage of files, such as a browser loading a seemingly innocent JPEG file. This can allow the attacker access to the execution stack and execute arbitrary code in the target process. This attack pattern is a variant of standard buffer overflow attacks using an unexpected vector (binary files) to wrap its attack and open up a new attack vector. The attacker is required to either directly serve the binary content to the victim, or place it in a locale like a MP3 sharing application, for the victim to download. The attacker then is notified upon the download or otherwise locates the vulnerability opened up by the buffer overflow.
  • Buffer Overflow via Symbolic Links
    This type of attack leverages the use of symbolic links to cause buffer overflows. An attacker can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.
  • Overflow Variables and Tags
    This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The attacker crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.
  • Buffer Overflow via Parameter Expansion
    In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
  • Buffer Overflow in an API Call
    This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An attacker who has access to an API may try to embed malicious code in the API function call and exploit a buffer overflow vulnerability in the function's implementation. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.
  • Buffer Overflow in Local Command-Line Utilities
    This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root.
Access
VectorComplexityAuthentication
NETWORK HIGH SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-781-2.NASL
    description It was discovered that Gaim did not properly handle certain malformed messages when sending a file using the XMPP protocol handler. If a user were tricked into sending a file, a remote attacker could send a specially crafted response and cause Gaim to crash, or possibly execute arbitrary code with user privileges. (CVE-2009-1373) It was discovered that Gaim did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges. (CVE-2009-1376). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 39313
    published 2009-06-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39313
    title Ubuntu 6.06 LTS : gaim vulnerabilities (USN-781-2)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-321.NASL
    description Security vulnerabilities has been identified and fixed in pidgin : The NSS plugin in libpurple in Pidgin 2.4.1 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service. (CVE-2008-3532) Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function. (CVE-2008-2955) The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL. (CVE-2008-2957) Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third-party information (CVE-2009-1373). Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet (CVE-2009-1374). The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime protocol (CVE-2009-1375). Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927 (CVE-2009-1376). The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets the ICQWebMessage message type as the ICQSMS message type, which allows remote attackers to cause a denial of service (application crash) via a crafted ICQ web message that triggers allocation of a large amount of memory (CVE-2009-1889). The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376 (CVE-2009-2694). Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to cause a denial of service (crash) via a link in a Yahoo IM (CVE-2009-3025) protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the require TLS/SSL preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption and allows remote attackers to sniff sessions (CVE-2009-3026). libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string (CVE-2009-2703). The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain required fields, as demonstrated by a malformed message from a KMess client (CVE-2009-3083). The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized variable and the incorrect UTF16-LE charset name (CVE-2009-3084). The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images (CVE-2009-3085). This update provides pidgin 2.6.2, which is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 43024
    published 2009-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43024
    title Mandriva Linux Security Advisory : pidgin (MDVSA-2009:321)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2009-1060.NASL
    description Updated pidgin packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A buffer overflow flaw was found in the way Pidgin initiates file transfers when using the Extensible Messaging and Presence Protocol (XMPP). If a Pidgin client initiates a file transfer, and the remote target sends a malformed response, it could cause Pidgin to crash or, potentially, execute arbitrary code with the permissions of the user running Pidgin. This flaw only affects accounts using XMPP, such as Jabber and Google Talk. (CVE-2009-1373) A denial of service flaw was found in Pidgin's QQ protocol decryption handler. When the QQ protocol decrypts packet information, heap data can be overwritten, possibly causing Pidgin to crash. (CVE-2009-1374) A flaw was found in the way Pidgin's PurpleCircBuffer object is expanded. If the buffer is full when more data arrives, the data stored in this buffer becomes corrupted. This corrupted data could result in confusing or misleading data being presented to the user, or possibly crash Pidgin. (CVE-2009-1375) It was discovered that on 32-bit platforms, the Red Hat Security Advisory RHSA-2008:0584 provided an incomplete fix for the integer overflow flaw affecting Pidgin's MSN protocol handler. If a Pidgin client receives a specially crafted MSN message, it may be possible to execute arbitrary code with the permissions of the user running Pidgin. (CVE-2009-1376) Note: By default, when using an MSN account, only users on your buddy list can send you messages. This prevents arbitrary MSN users from exploiting this flaw. All Pidgin users should upgrade to these updated packages, which contain backported patches to resolve these issues. Pidgin must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 43751
    published 2010-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43751
    title CentOS 4 / 5 : pidgin (CESA-2009:1060)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_B1CA65E65AAF11DEBC9B0030843D3802.NASL
    description Secunia reports : Some vulnerabilities and weaknesses have been reported in Pidgin, which can be exploited by malicious people to cause a DoS or to potentially compromise a user's system. A truncation error in the processing of MSN SLP messages can be exploited to cause a buffer overflow. A boundary error in the XMPP SOCKS5 'bytestream' server when initiating an outgoing file transfer can be exploited to cause a buffer overflow. A boundary error exists in the implementation of the 'PurpleCircBuffer' structure. This can be exploited to corrupt memory and cause a crash via specially crafted XMPP or Sametime packets. A boundary error in the 'decrypt_out()' function can be exploited to cause a stack-based buffer overflow with 8 bytes and crash the application via a specially crafted QQ packet.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 39426
    published 2009-06-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39426
    title FreeBSD : pidgin -- multiple vulnerabilities (b1ca65e6-5aaf-11de-bc9b-0030843d3802)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_FINCH-090708.NASL
    description Several bugfixes were done for the Instant Messenger Pidgin : - Malformed responses to file transfers could cause a buffer overflow in pidgin (CVE-2009-1373) and specially crafted packets could crash it (CVE-2009-1375). - The fix against integer overflows in the msn protocol handling was incomplete (CVE-2009-1376). - Fixed misparsing ICQ message as SMS DoS (CVE-2009-1889, Pidgin#9483). Also the Yahoo IM protocol was made to work again.
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 40338
    published 2009-07-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40338
    title openSUSE Security Update : finch (finch-1088)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1805.NASL
    description Several vulnerabilities have been discovered in Pidgin, a graphical multi-protocol instant messaging client. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-1373 A buffer overflow in the Jabber file transfer code may lead to denial of service or the execution of arbitrary code. - CVE-2009-1375 Memory corruption in an internal library may lead to denial of service. - CVE-2009-1376 The patch provided for the security issue tracked as CVE-2008-2927 - integer overflows in the MSN protocol handler - was found to be incomplete. The old stable distribution (etch) is affected under the source package name gaim. However, due to build problems the updated packages couldn't be released along with the stable version. It will be released once the build problem is resolved.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 38878
    published 2009-05-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38878
    title Debian DSA-1805-1 : pidgin - several vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_FINCH-6351.NASL
    description Several bugfixes were done for the Instant Messenger Pidgin : - Malformed responses to file transfers could cause a buffer overflow in pidgin (CVE-2009-1373) and specially crafted packets could crash it (CVE-2009-1375). - The fix against integer overflows in the msn protocol handling was incomplete (CVE-2009-1376). - Fixed misparsing ICQ message as SMS DoS (CVE-2009-1889, Pidgin#9483). Also the Yahoo IM protocol was made to work again.
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 41999
    published 2009-10-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41999
    title openSUSE 10 Security Update : finch (finch-6351)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1060.NASL
    description Updated pidgin packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A buffer overflow flaw was found in the way Pidgin initiates file transfers when using the Extensible Messaging and Presence Protocol (XMPP). If a Pidgin client initiates a file transfer, and the remote target sends a malformed response, it could cause Pidgin to crash or, potentially, execute arbitrary code with the permissions of the user running Pidgin. This flaw only affects accounts using XMPP, such as Jabber and Google Talk. (CVE-2009-1373) A denial of service flaw was found in Pidgin's QQ protocol decryption handler. When the QQ protocol decrypts packet information, heap data can be overwritten, possibly causing Pidgin to crash. (CVE-2009-1374) A flaw was found in the way Pidgin's PurpleCircBuffer object is expanded. If the buffer is full when more data arrives, the data stored in this buffer becomes corrupted. This corrupted data could result in confusing or misleading data being presented to the user, or possibly crash Pidgin. (CVE-2009-1375) It was discovered that on 32-bit platforms, the Red Hat Security Advisory RHSA-2008:0584 provided an incomplete fix for the integer overflow flaw affecting Pidgin's MSN protocol handler. If a Pidgin client receives a specially crafted MSN message, it may be possible to execute arbitrary code with the permissions of the user running Pidgin. (CVE-2009-1376) Note: By default, when using an MSN account, only users on your buddy list can send you messages. This prevents arbitrary MSN users from exploiting this flaw. All Pidgin users should upgrade to these updated packages, which contain backported patches to resolve these issues. Pidgin must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 38872
    published 2009-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38872
    title RHEL 4 / 5 : pidgin (RHSA-2009:1060)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_FINCH-090709.NASL
    description Several bugfixes were done for the Instant Messenger Pidgin : - Malformed responses to file transfers could cause a buffer overflow in pidgin (CVE-2009-1373) and specially crafted packets could crash it. (CVE-2009-1375) - The fix against integer overflows in the msn protocol handling was incomplete. (CVE-2009-1376) - Fixed misparsing ICQ message as SMS DoS (CVE-2009-1889, Pidgin#9483). Also the Yahoo IM protocol was made to work again.
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 41388
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41388
    title SuSE 11 Security Update : pidgin (SAT Patch Number 1094)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-5552.NASL
    description This is a bugfix & security fix release of Pidgin. The full ChangeLog is available at http://developer.pidgin.im/wiki/ChangeLog Details of the security fixes included are available at http://www.pidgin.im/news/security/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 38995
    published 2009-06-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38995
    title Fedora 9 : pidgin-2.5.6-1.fc9 (2009-5552)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1059.NASL
    description An updated pidgin package that fixes two security issues is now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A buffer overflow flaw was found in the way Pidgin initiates file transfers when using the Extensible Messaging and Presence Protocol (XMPP). If a Pidgin client initiates a file transfer, and the remote target sends a malformed response, it could cause Pidgin to crash or, potentially, execute arbitrary code with the permissions of the user running Pidgin. This flaw only affects accounts using XMPP, such as Jabber and Google Talk. (CVE-2009-1373) It was discovered that on 32-bit platforms, the Red Hat Security Advisory RHSA-2008:0584 provided an incomplete fix for the integer overflow flaw affecting Pidgin's MSN protocol handler. If a Pidgin client receives a specially crafted MSN message, it may be possible to execute arbitrary code with the permissions of the user running Pidgin. (CVE-2009-1376) Note: By default, when using an MSN account, only users on your buddy list can send you messages. This prevents arbitrary MSN users from exploiting this flaw. All Pidgin users should upgrade to this update package, which contains backported patches to resolve these issues. Pidgin must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 38871
    published 2009-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38871
    title RHEL 3 : pidgin (RHSA-2009:1059)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-5583.NASL
    description This is a bugfix & security fix release of Pidgin. The full ChangeLog is available at http://developer.pidgin.im/wiki/ChangeLog Details of the security fixes included are available at http://www.pidgin.im/news/security/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 38996
    published 2009-06-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38996
    title Fedora 11 : pidgin-2.5.6-1.fc11 (2009-5583)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-781-1.NASL
    description It was discovered that Pidgin did not properly handle certain malformed messages when sending a file using the XMPP protocol handler. If a user were tricked into sending a file, a remote attacker could send a specially crafted response and cause Pidgin to crash, or possibly execute arbitrary code with user privileges. (CVE-2009-1373) It was discovered that Pidgin did not properly handle certain malformed messages in the QQ protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash. This issue only affected Ubuntu 8.10 and 9.04. (CVE-2009-1374) It was discovered that Pidgin did not properly handle certain malformed messages in the XMPP and Sametime protocol handlers. A remote attacker could send a specially crafted message and cause Pidgin to crash. (CVE-2009-1375) It was discovered that Pidgin did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges. (CVE-2009-1376). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 39312
    published 2009-06-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39312
    title Ubuntu 8.04 LTS / 8.10 / 9.04 : pidgin vulnerabilities (USN-781-1)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2009-146-01.NASL
    description New pidgin packages are available for Slackware 12.0, 12.1, 12.2, and -current to fix security issues.
    last seen 2018-09-01
    modified 2016-12-09
    plugin id 38915
    published 2009-05-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38915
    title Slackware 12.0 / 12.1 / 12.2 / current : pidgin (SSA:2009-146-01)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2009-1059.NASL
    description From Red Hat Security Advisory 2009:1059 : An updated pidgin package that fixes two security issues is now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A buffer overflow flaw was found in the way Pidgin initiates file transfers when using the Extensible Messaging and Presence Protocol (XMPP). If a Pidgin client initiates a file transfer, and the remote target sends a malformed response, it could cause Pidgin to crash or, potentially, execute arbitrary code with the permissions of the user running Pidgin. This flaw only affects accounts using XMPP, such as Jabber and Google Talk. (CVE-2009-1373) It was discovered that on 32-bit platforms, the Red Hat Security Advisory RHSA-2008:0584 provided an incomplete fix for the integer overflow flaw affecting Pidgin's MSN protocol handler. If a Pidgin client receives a specially crafted MSN message, it may be possible to execute arbitrary code with the permissions of the user running Pidgin. (CVE-2009-1376) Note: By default, when using an MSN account, only users on your buddy list can send you messages. This prevents arbitrary MSN users from exploiting this flaw. All Pidgin users should upgrade to this update package, which contains backported patches to resolve these issues. Pidgin must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67862
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67862
    title Oracle Linux 3 : pidgin (ELSA-2009-1059)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_GAIM-6350.NASL
    description - malformed responses to file transfers could cause a buffer overflow in pidgin. (CVE-2009-1373) - the fix against integer overflows in the msn protocol handling was incomplete. (CVE-2009-1376) - certain ICQ message types could crash pidgin. (CVE-2009-1889)
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 51744
    published 2011-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51744
    title SuSE 10 Security Update : gaim (ZYPP Patch Number 6350)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-147.NASL
    description Security vulnerabilities has been identified and fixed in pidgin : Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third-party information (CVE-2009-1373). Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet (CVE-2009-1374). The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime protocol (CVE-2009-1375). Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927 (CVE-2009-1376). This update provides pidgin 2.5.8, which is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 39582
    published 2009-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39582
    title Mandriva Linux Security Advisory : pidgin (MDVSA-2009:147)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-5597.NASL
    description This is a bugfix & security fix release of Pidgin. The full ChangeLog is available at http://developer.pidgin.im/wiki/ChangeLog Details of the security fixes included are available at http://www.pidgin.im/news/security/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 38997
    published 2009-06-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38997
    title Fedora 10 : pidgin-2.5.6-1.fc10 (2009-5597)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200905-07.NASL
    description The remote host is affected by the vulnerability described in GLSA-200905-07 (Pidgin: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Pidgin: Veracode reported a boundary error in the 'XMPP SOCKS5 bytestream server' when initiating an outgoing file transfer (CVE-2009-1373). Ka-Hing Cheung reported a heap corruption flaw in the QQ protocol handler (CVE-2009-1374). A memory corruption flaw in 'PurpleCircBuffer' was disclosed by Josef Andrysek (CVE-2009-1375). The previous fix for CVE-2008-2927 contains a cast from uint64 to size_t, possibly leading to an integer overflow (CVE-2009-1376, GLSA 200901-13). Impact : A remote attacker could send specially crafted messages or files using the MSN, XMPP or QQ protocols, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. NOTE: Successful exploitation might require the victim's interaction. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 38909
    published 2009-05-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38909
    title GLSA-200905-07 : Pidgin: Multiple vulnerabilities
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2009-1059.NASL
    description An updated pidgin package that fixes two security issues is now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A buffer overflow flaw was found in the way Pidgin initiates file transfers when using the Extensible Messaging and Presence Protocol (XMPP). If a Pidgin client initiates a file transfer, and the remote target sends a malformed response, it could cause Pidgin to crash or, potentially, execute arbitrary code with the permissions of the user running Pidgin. This flaw only affects accounts using XMPP, such as Jabber and Google Talk. (CVE-2009-1373) It was discovered that on 32-bit platforms, the Red Hat Security Advisory RHSA-2008:0584 provided an incomplete fix for the integer overflow flaw affecting Pidgin's MSN protocol handler. If a Pidgin client receives a specially crafted MSN message, it may be possible to execute arbitrary code with the permissions of the user running Pidgin. (CVE-2009-1376) Note: By default, when using an MSN account, only users on your buddy list can send you messages. This prevents arbitrary MSN users from exploiting this flaw. All Pidgin users should upgrade to this update package, which contains backported patches to resolve these issues. Pidgin must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 38868
    published 2009-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38868
    title CentOS 3 : pidgin (CESA-2009:1059)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20090522_PIDGIN_ON_SL3_X.NASL
    description A buffer overflow flaw was found in the way Pidgin initiates file transfers when using the Extensible Messaging and Presence Protocol (XMPP). If a Pidgin client initiates a file transfer, and the remote target sends a malformed response, it could cause Pidgin to crash or, potentially, execute arbitrary code with the permissions of the user running Pidgin. This flaw only affects accounts using XMPP, such as Jabber and Google Talk. (CVE-2009-1373) A denial of service flaw was found in Pidgin's QQ protocol decryption handler. When the QQ protocol decrypts packet information, heap data can be overwritten, possibly causing Pidgin to crash. (CVE-2009-1374) A flaw was found in the way Pidgin's PurpleCircBuffer object is expanded. If the buffer is full when more data arrives, the data stored in this buffer becomes corrupted. This corrupted data could result in confusing or misleading data being presented to the user, or possibly crash Pidgin. (CVE-2009-1375) If a Pidgin client receives a specially crafted MSN message, it may be possible to execute arbitrary code with the permissions of the user running Pidgin. (CVE-2009-1376) Note: By default, when using an MSN account, only users on your buddy list can send you messages. This prevents arbitrary MSN users from exploiting this flaw. Pidgin must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60589
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60589
    title Scientific Linux Security Update : pidgin on SL3.x, SL4.x, SL5.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_FINCH-6342.NASL
    description Several bugfixes were done for the Instant Messenger Pidgin : - Malformed responses to file transfers could cause a buffer overflow in pidgin (CVE-2009-1373) and specially crafted packets could crash it. (CVE-2009-1375) - The fix against integer overflows in the msn protocol handling was incomplete. (CVE-2009-1376) - Fixed misparsing ICQ message as SMS DoS (CVE-2009-1889, Pidgin#9483). Also the Yahoo IM protocol was made to work again.
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 51723
    published 2011-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51723
    title SuSE 10 Security Update : pidgin (ZYPP Patch Number 6342)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2009-1060.NASL
    description From Red Hat Security Advisory 2009:1060 : Updated pidgin packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A buffer overflow flaw was found in the way Pidgin initiates file transfers when using the Extensible Messaging and Presence Protocol (XMPP). If a Pidgin client initiates a file transfer, and the remote target sends a malformed response, it could cause Pidgin to crash or, potentially, execute arbitrary code with the permissions of the user running Pidgin. This flaw only affects accounts using XMPP, such as Jabber and Google Talk. (CVE-2009-1373) A denial of service flaw was found in Pidgin's QQ protocol decryption handler. When the QQ protocol decrypts packet information, heap data can be overwritten, possibly causing Pidgin to crash. (CVE-2009-1374) A flaw was found in the way Pidgin's PurpleCircBuffer object is expanded. If the buffer is full when more data arrives, the data stored in this buffer becomes corrupted. This corrupted data could result in confusing or misleading data being presented to the user, or possibly crash Pidgin. (CVE-2009-1375) It was discovered that on 32-bit platforms, the Red Hat Security Advisory RHSA-2008:0584 provided an incomplete fix for the integer overflow flaw affecting Pidgin's MSN protocol handler. If a Pidgin client receives a specially crafted MSN message, it may be possible to execute arbitrary code with the permissions of the user running Pidgin. (CVE-2009-1376) Note: By default, when using an MSN account, only users on your buddy list can send you messages. This prevents arbitrary MSN users from exploiting this flaw. All Pidgin users should upgrade to these updated packages, which contain backported patches to resolve these issues. Pidgin must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67863
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67863
    title Oracle Linux 4 : pidgin (ELSA-2009-1060)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_FINCH-090709.NASL
    description Several bugfixes were done for the Instant Messenger Pidgin : - Malformed responses to file transfers could cause a buffer overflow in pidgin (CVE-2009-1373) and specially crafted packets could crash it (CVE-2009-1375). - The fix against integer overflows in the msn protocol handling was incomplete (CVE-2009-1376). - Fixed misparsing ICQ message as SMS DoS (CVE-2009-1889, Pidgin#9483). Also the Yahoo IM protocol was made to work again.
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 40336
    published 2009-07-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40336
    title openSUSE Security Update : finch (finch-1088)
  • NASL family Windows
    NASL id PIDGIN_2_5_6.NASL
    description The remote host is running Pidgin earlier than 2.5.6. Such versions are reportedly affected by multiple buffer overflow vulnerabilities : - A buffer overflow is possible when initiating a file transfer to a malicious buddy over XMPP. (CVE-2009-1373) - A buffer overflow issue in the 'decrypt_out()' function can be exploited through specially crafted 'QQ' packets. (CVE-2009-1374) - A buffer maintained by PurpleCircBuffer which is used by XMPP and Sametime protocol plugins can be corrupted if it's exactly full and then more bytes are added to it. (CVE-2009-1375) - An integer-overflow issue exists in the application due to an incorrect typecasting of 'int64' to 'size_t'. (CVE-2009-1376)
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 38866
    published 2009-05-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38866
    title Pidgin < 2.5.6 Multiple Buffer Overflows
oval via4
  • accepted 2013-09-30T04:00:40.809-04:00
    class vulnerability
    contributors
    name Shane Shaffer
    organization G2, Inc.
    definition_extensions
    comment Pidgin is installed
    oval oval:org.mitre.oval:def:12366
    description Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information.
    family windows
    id oval:org.mitre.oval:def:17722
    status accepted
    submitted 2013-08-16T15:36:10.221-04:00
    title Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information
    version 4
  • accepted 2013-04-29T04:18:08.466-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information.
    family unix
    id oval:org.mitre.oval:def:9005
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information.
    version 24
redhat via4
advisories
  • rhsa
    id RHSA-2009:1059
  • rhsa
    id RHSA-2009:1060
rpms
  • pidgin-0:1.5.1-3.el3
  • finch-0:2.5.5-2.el4
  • finch-devel-0:2.5.5-2.el4
  • libpurple-0:2.5.5-2.el4
  • libpurple-devel-0:2.5.5-2.el4
  • libpurple-perl-0:2.5.5-2.el4
  • libpurple-tcl-0:2.5.5-2.el4
  • pidgin-0:2.5.5-2.el4
  • pidgin-devel-0:2.5.5-2.el4
  • pidgin-perl-0:2.5.5-2.el4
  • finch-0:2.5.5-3.el5
  • finch-devel-0:2.5.5-3.el5
  • libpurple-0:2.5.5-3.el5
  • libpurple-devel-0:2.5.5-3.el5
  • libpurple-perl-0:2.5.5-3.el5
  • libpurple-tcl-0:2.5.5-3.el5
  • pidgin-0:2.5.5-3.el5
  • pidgin-devel-0:2.5.5-3.el5
  • pidgin-perl-0:2.5.5-3.el5
refmap via4
bid 35067
confirm
debian DSA-1805
fedora
  • FEDORA-2009-5552
  • FEDORA-2009-5583
  • FEDORA-2009-5597
gentoo GLSA-200905-07
mandriva
  • MDVSA-2009:140
  • MDVSA-2009:173
secunia
  • 35188
  • 35194
  • 35202
  • 35215
  • 35294
  • 35329
  • 35330
ubuntu
  • USN-781-1
  • USN-781-2
vupen ADV-2009-1396
xf pidgin-xmppsocks5-bo(50682)
Last major update 02-11-2013 - 22:49
Published 26-05-2009 - 11:30
Last modified 28-09-2017 - 21:34
Back to Top