ID CVE-2011-4922
Summary cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents.
References
Vulnerable Configurations
  • Pidgin 2.7.9
    cpe:2.3:a:pidgin:pidgin:2.7.9
  • Pidgin 2.7.8
    cpe:2.3:a:pidgin:pidgin:2.7.8
  • Pidgin 2.7.7
    cpe:2.3:a:pidgin:pidgin:2.7.7
  • Pidgin 2.7.6
    cpe:2.3:a:pidgin:pidgin:2.7.6
  • Pidgin 2.7.5
    cpe:2.3:a:pidgin:pidgin:2.7.5
  • Pidgin 2.7.4
    cpe:2.3:a:pidgin:pidgin:2.7.4
  • Pidgin 2.7.3
    cpe:2.3:a:pidgin:pidgin:2.7.3
  • Pidgin 2.7.2
    cpe:2.3:a:pidgin:pidgin:2.7.2
  • Pidgin 2.7.1
    cpe:2.3:a:pidgin:pidgin:2.7.1
  • Pidgin 2.7.0
    cpe:2.3:a:pidgin:pidgin:2.7.0
  • Pidgin 2.6.6
    cpe:2.3:a:pidgin:pidgin:2.6.6
  • Pidgin 2.6.5
    cpe:2.3:a:pidgin:pidgin:2.6.5
  • Pidgin 2.6.4
    cpe:2.3:a:pidgin:pidgin:2.6.4
  • Pidgin 2.6.1
    cpe:2.3:a:pidgin:pidgin:2.6.1
  • Pidgin 2.6.2
    cpe:2.3:a:pidgin:pidgin:2.6.2
  • Pidgin 2.6.0
    cpe:2.3:a:pidgin:pidgin:2.6.0
  • Pidgin 2.5.9
    cpe:2.3:a:pidgin:pidgin:2.5.9
  • Pidgin 2.5.8
    cpe:2.3:a:pidgin:pidgin:2.5.8
  • Pidgin 2.5.4
    cpe:2.3:a:pidgin:pidgin:2.5.4
  • Pidgin 2.5.2
    cpe:2.3:a:pidgin:pidgin:2.5.2
  • Pidgin 2.5.5
    cpe:2.3:a:pidgin:pidgin:2.5.5
  • Pidgin 2.5.3
    cpe:2.3:a:pidgin:pidgin:2.5.3
  • Pidgin 2.5.0
    cpe:2.3:a:pidgin:pidgin:2.5.0
  • Pidgin 2.5.1
    cpe:2.3:a:pidgin:pidgin:2.5.1
  • Pidgin 2.5.6
    cpe:2.3:a:pidgin:pidgin:2.5.6
  • Pidgin 2.5.6
    cpe:2.3:a:pidgin:pidgin:2.5.7
  • Pidgin 2.4.3
    cpe:2.3:a:pidgin:pidgin:2.4.3
  • Pidgin 2.4.1
    cpe:2.3:a:pidgin:pidgin:2.4.1
  • Pidgin 2.4.0
    cpe:2.3:a:pidgin:pidgin:2.4.0
  • Pidgin 2.4.2
    cpe:2.3:a:pidgin:pidgin:2.4.2
  • Pidgin 2.3.1
    cpe:2.3:a:pidgin:pidgin:2.3.1
  • Pidgin 2.3.0
    cpe:2.3:a:pidgin:pidgin:2.3.0
  • Pidgin 2.2.0
    cpe:2.3:a:pidgin:pidgin:2.2.0
  • Pidgin 2.2.1
    cpe:2.3:a:pidgin:pidgin:2.2.1
  • Pidgin 2.2.2
    cpe:2.3:a:pidgin:pidgin:2.2.2
  • Pidgin 2.10.3
    cpe:2.3:a:pidgin:pidgin:2.10.3
  • Pidgin 2.1.1
    cpe:2.3:a:pidgin:pidgin:2.1.1
  • Pidgin 2.10.4
    cpe:2.3:a:pidgin:pidgin:2.10.4
  • Pidgin 2.10.0
    cpe:2.3:a:pidgin:pidgin:2.10.0
  • Pidgin 2.10.1
    cpe:2.3:a:pidgin:pidgin:2.10.1
  • Pidgin 2.10.2
    cpe:2.3:a:pidgin:pidgin:2.10.2
  • Pidgin 2.1.0
    cpe:2.3:a:pidgin:pidgin:2.1.0
  • Pidgin 2.0.1
    cpe:2.3:a:pidgin:pidgin:2.0.1
  • Pidgin 2.0.2
    cpe:2.3:a:pidgin:pidgin:2.0.2
  • Pidgin 2.0.0
    cpe:2.3:a:pidgin:pidgin:2.0.0
CVSS
Base: 2.1 (as of 08-08-2012 - 14:02)
Impact:
Exploitability:
CWE CWE-200
CAPEC
  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
  • Reusing Session IDs (aka Session Replay)
    This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.
  • Using Slashes in Alternate Encoding
    This attack targets the encoding of the Slash characters. An attacker would try to exploit common filtering problems related to the use of the slashes characters to gain access to resources on the target host. Directory-driven systems, such as file systems and databases, typically use the slash character to indicate traversal between directories or other container components. For murky historical reasons, PCs (and, as a result, Microsoft OSs) choose to use a backslash, whereas the UNIX world typically makes use of the forward slash. The schizophrenic result is that many MS-based systems are required to understand both forms of the slash. This gives the attacker many opportunities to discover and abuse a number of common filtering problems. The goal of this pattern is to discover server software that only applies filters to one version, but not the other.
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1500-1.NASL
    description Evgeny Boger discovered that Pidgin incorrectly handled buddy list messages in the AIM and ICQ protocol handlers. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS, 11.04 and 11.10. (CVE-2011-4601) Thijs Alkemade discovered that Pidgin incorrectly handled malformed voice and video chat requests in the XMPP protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS, 11.04 and 11.10. (CVE-2011-4602) Diego Bauche Madero discovered that Pidgin incorrectly handled UTF-8 sequences in the SILC protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS, 11.04 and 11.10. (CVE-2011-4603) Julia Lawall discovered that Pidgin incorrectly cleared memory contents used in cryptographic operations. An attacker could exploit this to read the memory contents, leading to an information disclosure. This issue only affected Ubuntu 10.04 LTS. (CVE-2011-4922) Clemens Huebner and Kevin Stange discovered that Pidgin incorrectly handled nickname changes inside chat rooms in the XMPP protocol handler. A remote attacker could exploit this by changing nicknames, leading to a denial of service. This issue only affected Ubuntu 11.10. (CVE-2011-4939) Thijs Alkemade discovered that Pidgin incorrectly handled off-line instant messages in the MSN protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 10.04 LTS, 11.04 and 11.10. (CVE-2012-1178) Jose Valentin Gutierrez discovered that Pidgin incorrectly handled SOCKS5 proxy connections during file transfer requests in the XMPP protocol handler. A remote attacker could send a specially crafted request and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 12.04 LTS and 11.10. (CVE-2012-2214) Fabian Yamaguchi discovered that Pidgin incorrectly handled malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. (CVE-2012-2318) Ulf Harnhammar discovered that Pidgin incorrectly handled messages with in-line images in the MXit protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges. (CVE-2012-3374). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 59903
    published 2012-07-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59903
    title Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : pidgin vulnerabilities (USN-1500-1)
  • NASL family Windows
    NASL id PIDGIN_2_7_10.NASL
    description The version of Pidgin installed on the remote host is earlier than 2.7.10. Such versions are potentially affected by an information disclosure vulnerability because the application does not properly clear certain data structures used in 'libpurple/cipher.c' prior to freeing. An attacker, exploiting this flaw, could potentially extract partial information from memory regions freed by libpurple.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 52042
    published 2011-02-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52042
    title Pidgin < 2.7.10 Information Disclosure
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2011-0616.NASL
    description Updated pidgin packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. Multiple NULL pointer dereference flaws were found in the way the Pidgin Yahoo! Messenger Protocol plug-in handled malformed YMSG packets. A remote attacker could use these flaws to crash Pidgin via a specially crafted notification message. (CVE-2011-1091) Red Hat would like to thank the Pidgin project for reporting these issues. Upstream acknowledges Marius Wachtler as the original reporter. This update also fixes the following bugs : * Previous versions of the pidgin package did not properly clear certain data structures used in libpurple/cipher.c when attempting to free them. Partial information could potentially be extracted from the incorrectly cleared regions of the previously freed memory. With this update, data structures are properly cleared when freed. (BZ#684685) * This erratum upgrades Pidgin to upstream version 2.7.9. For a list of all changes addressed in this upgrade, refer to http://developer.pidgin.im/wiki/ChangeLog (BZ#616917) * Some incomplete translations for the kn_IN and ta_IN locales have been corrected. (BZ#633860, BZ#640170) Users of pidgin should upgrade to these updated packages, which resolve these issues. Pidgin must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 54598
    published 2011-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=54598
    title RHEL 6 : pidgin (RHSA-2011:0616)
oval via4
accepted 2013-09-30T04:00:56.350-04:00
class vulnerability
contributors
name Shane Shaffer
organization G2, Inc.
definition_extensions
comment Pidgin is installed
oval oval:org.mitre.oval:def:12366
description cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents.
family windows
id oval:org.mitre.oval:def:18223
status accepted
submitted 2013-08-16T15:36:10.221-04:00
title cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents
version 4
redhat via4
advisories
bugzilla
id 684685
title CVE-2011-4922 Cipher API information disclosure in pidgin
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhsa:tst:20100842001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhsa:tst:20100842002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhsa:tst:20100842003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhsa:tst:20100842004
  • OR
    • AND
      • comment finch is earlier than 0:2.7.9-3.el6
        oval oval:com.redhat.rhsa:tst:20110616009
      • comment finch is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100890020
    • AND
      • comment finch-devel is earlier than 0:2.7.9-3.el6
        oval oval:com.redhat.rhsa:tst:20110616019
      • comment finch-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100890012
    • AND
      • comment libpurple is earlier than 0:2.7.9-3.el6
        oval oval:com.redhat.rhsa:tst:20110616021
      • comment libpurple is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100890008
    • AND
      • comment libpurple-devel is earlier than 0:2.7.9-3.el6
        oval oval:com.redhat.rhsa:tst:20110616023
      • comment libpurple-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100890016
    • AND
      • comment libpurple-perl is earlier than 0:2.7.9-3.el6
        oval oval:com.redhat.rhsa:tst:20110616013
      • comment libpurple-perl is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100890014
    • AND
      • comment libpurple-tcl is earlier than 0:2.7.9-3.el6
        oval oval:com.redhat.rhsa:tst:20110616007
      • comment libpurple-tcl is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100890022
    • AND
      • comment pidgin is earlier than 0:2.7.9-3.el6
        oval oval:com.redhat.rhsa:tst:20110616005
      • comment pidgin is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100890006
    • AND
      • comment pidgin-devel is earlier than 0:2.7.9-3.el6
        oval oval:com.redhat.rhsa:tst:20110616011
      • comment pidgin-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100890018
    • AND
      • comment pidgin-docs is earlier than 0:2.7.9-3.el6
        oval oval:com.redhat.rhsa:tst:20110616017
      • comment pidgin-docs is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100890024
    • AND
      • comment pidgin-perl is earlier than 0:2.7.9-3.el6
        oval oval:com.redhat.rhsa:tst:20110616015
      • comment pidgin-perl is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100890010
rhsa
id RHSA-2011:0616
released 2011-05-19
severity Low
title RHSA-2011:0616: pidgin security and bug fix update (Low)
rpms
  • finch-0:2.7.9-3.el6
  • finch-devel-0:2.7.9-3.el6
  • libpurple-0:2.7.9-3.el6
  • libpurple-devel-0:2.7.9-3.el6
  • libpurple-perl-0:2.7.9-3.el6
  • libpurple-tcl-0:2.7.9-3.el6
  • pidgin-0:2.7.9-3.el6
  • pidgin-devel-0:2.7.9-3.el6
  • pidgin-docs-0:2.7.9-3.el6
  • pidgin-perl-0:2.7.9-3.el6
refmap via4
confirm
mlist [oss-security] 20120104 Re: CVE request: Pidgin
Last major update 02-11-2013 - 23:19
Published 08-08-2012 - 06:26
Last modified 18-09-2017 - 21:34
Back to Top