ID CVE-2013-0274
Summary upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network.
References
Vulnerable Configurations
  • Pidgin 2.10.6
    cpe:2.3:a:pidgin:pidgin:2.10.6
  • Pidgin 2.10.5
    cpe:2.3:a:pidgin:pidgin:2.10.5
  • Pidgin 2.10.3
    cpe:2.3:a:pidgin:pidgin:2.10.3
  • Pidgin 2.10.4
    cpe:2.3:a:pidgin:pidgin:2.10.4
  • Pidgin 2.10.0
    cpe:2.3:a:pidgin:pidgin:2.10.0
  • Pidgin 2.10.1
    cpe:2.3:a:pidgin:pidgin:2.10.1
  • Pidgin 2.10.2
    cpe:2.3:a:pidgin:pidgin:2.10.2
  • Pidgin 2.9.0
    cpe:2.3:a:pidgin:pidgin:2.9.0
  • Pidgin 2.8.0
    cpe:2.3:a:pidgin:pidgin:2.8.0
  • Pidgin 2.7.11
    cpe:2.3:a:pidgin:pidgin:2.7.11
  • Pidgin 2.7.1
    cpe:2.3:a:pidgin:pidgin:2.7.1
  • Pidgin 2.7.8
    cpe:2.3:a:pidgin:pidgin:2.7.8
  • Pidgin 2.7.2
    cpe:2.3:a:pidgin:pidgin:2.7.2
  • Pidgin 2.7.0
    cpe:2.3:a:pidgin:pidgin:2.7.0
  • Pidgin 2.7.3
    cpe:2.3:a:pidgin:pidgin:2.7.3
  • Pidgin 2.7.6
    cpe:2.3:a:pidgin:pidgin:2.7.6
  • Pidgin 2.7.10
    cpe:2.3:a:pidgin:pidgin:2.7.10
  • Pidgin 2.7.9
    cpe:2.3:a:pidgin:pidgin:2.7.9
  • Pidgin 2.7.7
    cpe:2.3:a:pidgin:pidgin:2.7.7
  • Pidgin 2.7.4
    cpe:2.3:a:pidgin:pidgin:2.7.4
  • Pidgin 2.7.5
    cpe:2.3:a:pidgin:pidgin:2.7.5
  • Pidgin 2.6.6
    cpe:2.3:a:pidgin:pidgin:2.6.6
  • Pidgin 2.6.5
    cpe:2.3:a:pidgin:pidgin:2.6.5
  • Pidgin 2.6.4
    cpe:2.3:a:pidgin:pidgin:2.6.4
  • Pidgin 2.6.1
    cpe:2.3:a:pidgin:pidgin:2.6.1
  • Pidgin 2.6.2
    cpe:2.3:a:pidgin:pidgin:2.6.2
  • Pidgin 2.6.0
    cpe:2.3:a:pidgin:pidgin:2.6.0
  • Pidgin 2.5.9
    cpe:2.3:a:pidgin:pidgin:2.5.9
  • Pidgin 2.5.8
    cpe:2.3:a:pidgin:pidgin:2.5.8
  • Pidgin 2.5.4
    cpe:2.3:a:pidgin:pidgin:2.5.4
  • Pidgin 2.5.2
    cpe:2.3:a:pidgin:pidgin:2.5.2
  • Pidgin 2.5.5
    cpe:2.3:a:pidgin:pidgin:2.5.5
  • Pidgin 2.5.3
    cpe:2.3:a:pidgin:pidgin:2.5.3
  • Pidgin 2.5.0
    cpe:2.3:a:pidgin:pidgin:2.5.0
  • Pidgin 2.5.1
    cpe:2.3:a:pidgin:pidgin:2.5.1
  • Pidgin 2.5.6
    cpe:2.3:a:pidgin:pidgin:2.5.6
  • Pidgin 2.5.6
    cpe:2.3:a:pidgin:pidgin:2.5.7
  • Pidgin 2.4.3
    cpe:2.3:a:pidgin:pidgin:2.4.3
  • Pidgin 2.4.1
    cpe:2.3:a:pidgin:pidgin:2.4.1
  • Pidgin 2.4.0
    cpe:2.3:a:pidgin:pidgin:2.4.0
  • Pidgin 2.4.2
    cpe:2.3:a:pidgin:pidgin:2.4.2
  • Pidgin 2.3.1
    cpe:2.3:a:pidgin:pidgin:2.3.1
  • Pidgin 2.3.0
    cpe:2.3:a:pidgin:pidgin:2.3.0
  • Pidgin 2.2.0
    cpe:2.3:a:pidgin:pidgin:2.2.0
  • Pidgin 2.2.1
    cpe:2.3:a:pidgin:pidgin:2.2.1
  • Pidgin 2.2.2
    cpe:2.3:a:pidgin:pidgin:2.2.2
  • Pidgin 2.1.1
    cpe:2.3:a:pidgin:pidgin:2.1.1
  • Pidgin 2.1.0
    cpe:2.3:a:pidgin:pidgin:2.1.0
  • Pidgin 2.0.1
    cpe:2.3:a:pidgin:pidgin:2.0.1
  • Pidgin 2.0.2
    cpe:2.3:a:pidgin:pidgin:2.0.2
  • Pidgin 2.0.0
    cpe:2.3:a:pidgin:pidgin:2.0.0
CVSS
Base: 2.9 (as of 18-02-2013 - 11:04)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
ADJACENT_NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_FINCH-8475.NASL
    description pidgin was updated to fix 4 security issues : - Fixed a crash when receiving UPnP responses with abnormally long values. (CVE-2013-0274, bnc#804742) - Fixed a crash in Sametime protocol when a malicious server sends us an abnormally long user ID. (CVE-2013-0273, bnc#804742) - Fixed a bug where the MXit server or a man-in-the-middle could potentially send specially crafted data that could overflow a buffer and lead to a crash or remote code execution. (CVE-2013-0272, bnc#804742) - Fixed a bug where a remote MXit user could possibly specify a local file path to be written to. (CVE-2013-0271, bnc#804742)
    last seen 2019-02-21
    modified 2013-03-05
    plugin id 65026
    published 2013-03-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65026
    title SuSE 10 Security Update : pidgin (ZYPP Patch Number 8475)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-231.NASL
    description Pidgin was updated to 2.10.7 to fix various security issues and the bug that IRC did not work at all in 12.3. Changes : - Add pidgin-irc-sasl.patch: link irc module to SASL. Allows the IRC module to be loaded (bnc#806975). - Update to version 2.10.7 (bnc#804742) : + Alien hatchery : - No changes + General : - The configure script will now exit with status 1 when specifying invalid protocol plugins using the --with-static-prpls and --with-dynamic-prpls arguments. (pidgin.im#15316) + libpurple : - Fix a crash when receiving UPnP responses with abnormally long values. (CVE-2013-0274) - Don't link directly to libgcrypt when building with GnuTLS support. (pidgin.im#15329) - Fix UPnP mappings on routers that return empty elements in their response. (pidgin.im#15373) - Tcl plugin uses saner, race-free plugin loading. - Fix the Tcl signals-test plugin for savedstatus-changed. (pidgin.im#15443) + Pidgin : - Make Pidgin more friendly to non-X11 GTK+, such as MacPorts' +no_x11 variant. + Gadu-Gadu : - Fix a crash at startup with large contact list. Avatar support for buddies will be disabled until 3.0.0. (pidgin.im#15226, pidgin.im#14305) + IRC : - Support for SASL authentication. (pidgin.im#13270) - Print topic setter information at channel join. (pidgin.im#13317) + MSN : - Fix SSL certificate issue when signing into MSN for some users. - Fix a crash when removing a user before its icon is loaded. (pidgin.im#15217) + MXit : - Fix a bug where a remote MXit user could possibly specify a local file path to be written to. (CVE-2013-0271) - Fix a bug where the MXit server or a man-in-the-middle could potentially send specially crafted data that could overflow a buffer and lead to a crash or remote code execution. (CVE-2013-0272) - Display farewell messages in a different colour to distinguish them from normal messages. - Add support for typing notification. - Add support for the Relationship Status profile attribute. - Remove all reference to Hidden Number. - Ignore new invites to join a GroupChat if you're already joined, or still have a pending invite. - The buddy's name was not centered vertically in the buddy-list if they did not have a status-message or mood set. - Fix decoding of font-size changes in the markup of received messages. - Increase the maximum file size that can be transferred to 1 MB. - When setting an avatar image, no longer downscale it to 96x96. + Sametime : - Fix a crash in Sametime when a malicious server sends us an abnormally long user ID. (CVE-2013-0273) + Yahoo! : - Fix a double-free in profile/picture loading code. (pidgin.im#15053) - Fix retrieving server-side buddy aliases. (pidgin.im#15381) + Plugins : - The Voice/Video Settings plugin supports using the sndio GStreamer backends. (pidgin.im#14414) - Fix a crash in the Contact Availability Detection plugin. (pidgin.im#15327) - Make the Message Notification plugin more friendly to non-X11 GTK+, such as MacPorts' +no_x11 variant. + Windows-Specific Changes : - Compile with secure flags (pidgin.im#15290) - Installer downloads GTK+ Runtime and Debug Symbols more securely. (pidgin.im#15277) - Updates to a number of dependencies, some of which have security related fixes. (pidgin.im#14571, pidgin.im#15285, pidgin.im#15286) . ATK 1.32.0-2 . Cyrus SASL 2.1.25 . expat 2.1.0-1 . freetype 2.4.10-1 . gettext 0.18.1.1-2 . Glib 2.28.8-1 . libpng 1.4.12-1 . libxml2 2.9.0-1 . NSS 3.13.6 and NSPR 4.9.2 . Pango 1.29.4-1 . SILC 1.1.10 . zlib 1.2.5-2 - Patch libmeanwhile (sametime library) to fix crash. (pidgin.im#12637)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74934
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74934
    title openSUSE Security Update : pidgin (openSUSE-SU-2013:0511-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20130314_PIDGIN_ON_SL5_X.NASL
    description A stack-based buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially crafted HTTP request. (CVE-2013-0272) A buffer overflow flaw was found in the Pidgin Sametime protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially crafted username. (CVE-2013-0273) A buffer overflow flaw was found in the way Pidgin processed certain UPnP responses. A remote attacker could send a specially crafted UPnP response that, when processed, would crash Pidgin. (CVE-2013-0274) Pidgin must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 65565
    published 2013-03-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65565
    title Scientific Linux Security Update : pidgin on SL5.x, SL6.x i386/x86_64
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS11_PIDGIN_20140731.NASL
    description The remote Solaris system is missing necessary patches to address security updates : - The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service (application crash) via crafted byte sequences. (CVE-2012-6152) - The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted (1) mxit or (2) mxit/imagestrips pathname. (CVE-2013-0271) - Buffer overflow in http.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.7 allows remote servers to execute arbitrary code via a long HTTP header. (CVE-2013-0272) - sametime.c in the Sametime protocol plugin in libpurple in Pidgin before 2.10.7 does not properly terminate long user IDs, which allows remote servers to cause a denial of service (application crash) via a crafted packet. (CVE-2013-0273) - upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network. (CVE-2013-0274) - Multiple integer signedness errors in libpurple in Pidgin before 2.10.8 allow remote attackers to cause a denial of service (application crash) via a crafted timestamp value in an XMPP message. (CVE-2013-6477) - gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with underlying library support for wide Pango layouts, which allows user-assisted remote attackers to cause a denial of service (application crash) via a long URL that is examined with a tooltip. (CVE-2013-6478) - util.c in libpurple in Pidgin before 2.10.8 does not properly allocate memory for HTTP responses that are inconsistent with the Content-Length header, which allows remote HTTP servers to cause a denial of service (application crash) via a crafted response. (CVE-2013-6479) - libpurple/protocols/yahoo/libymsg.c in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (crash) via a Yahoo! P2P message with a crafted length field, which triggers a buffer over-read. (CVE-2013-6481) - Pidgin before 2.10.8 allows remote MSN servers to cause a denial of service (NULL pointer dereference and crash) via a crafted (1) SOAP response, (2) OIM XML response, or (3) Content-Length header. (CVE-2013-6482) - The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consistent with the to address in an iq request, which allows remote attackers to spoof iq traffic or cause a denial of service (NULL pointer dereference and application crash) via a crafted reply. (CVE-2013-6483) - The STUN protocol implementation in libpurple in Pidgin before 2.10.8 allows remote STUN servers to cause a denial of service (out-of-bounds write operation and application crash) by triggering a socket read error. (CVE-2013-6484) - Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows remote HTTP servers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid chunk-size field in chunked transfer-coding data. (CVE-2013-6485) - gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attackers to execute arbitrary programs via a message containing a file: URL that is improperly handled during construction of an explorer.exe command. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3185. (CVE-2013-6486) - Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) parser in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a large Content-Length value, which triggers a buffer overflow. (CVE-2013-6487) - Integer signedness error in the MXit functionality in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (segmentation fault) via a crafted emoticon value, which triggers an integer overflow and a buffer overflow. (CVE-2013-6489) - The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Content-Length header, which triggers a buffer overflow. (CVE-2013-6490) - The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not validate argument counts, which allows remote IRC servers to cause a denial of service (application crash) via a crafted message. (CVE-2014-0020)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 80740
    published 2015-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80740
    title Oracle Solaris Third-Party Patch Update : pidgin (multiple_vulnerabilities_in_pidgin2)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2013-044-01.NASL
    description New pidgin packages are available for Slackware 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues.
    last seen 2019-02-21
    modified 2013-06-01
    plugin id 64622
    published 2013-02-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64622
    title Slackware 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : pidgin (SSA:2013-044-01)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-177.NASL
    description pidgin was updated to fix security issues : - Fix a crash when receiving UPnP responses with abnormally long values. (CVE-2013-0274) - Fix a crash in Sametime when a malicious server sends us an abnormally long user ID. (CVE-2013-0273) - Fix a bug where the MXit server or a man-in-the-middle could potentially send specially crafted data that could overflow a buffer and lead to a crash or remote code execution.(CVE-2013-0272) - Fix a bug where a remote MXit user could possibly specify a local file path to be written to. (CVE-2013-0271)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74915
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74915
    title openSUSE Security Update : pidgin (openSUSE-SU-2013:0405-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-0646.NASL
    description From Red Hat Security Advisory 2013:0646 : Updated pidgin packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A stack-based buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially crafted HTTP request. (CVE-2013-0272) A buffer overflow flaw was found in the Pidgin Sametime protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially crafted username. (CVE-2013-0273) A buffer overflow flaw was found in the way Pidgin processed certain UPnP responses. A remote attacker could send a specially crafted UPnP response that, when processed, would crash Pidgin. (CVE-2013-0274) Red Hat would like to thank the Pidgin project for reporting the above issues. Upstream acknowledges Daniel Atallah as the original reporter of CVE-2013-0272. All Pidgin users should upgrade to these updated packages, which contain backported patches to resolve these issues. Pidgin must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68791
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68791
    title Oracle Linux 6 : pidgin (ELSA-2013-0646)
  • NASL family Windows
    NASL id PIDGIN_2_10_7.NASL
    description The version of Pidgin installed on the remote host is earlier than 2.10.7. It is, therefore, potentially affected by the following vulnerabilities : - An error exists related to the 'MXit' plugin and the saving of images that could allow arbitrary files to be overwritten. (CVE-2013-0271) - A stack-based buffer overflow exists in the function 'mxit_cb_http_read' in the file 'libpurple/protocols/mxit/http.c' that could allow arbitrary code execution when handling certain HTTP headers. (CVE-2013-0272) - An error exists in the function 'mw_prpl_normalize' in the file 'libpurple/protocols/sametime/sametime.c' that could allow denial of service attacks when handling user IDs longer than 4096 bytes. (CVE-2013-0273) - Errors exist in the functions 'upnp_parse_description_cb', 'purple_upnp_discover_send_broadcast', 'looked_up_public_ip_cb', 'looked_up_internal_ip_cb', 'purple_upnp_set_port_mapping', and 'purple_upnp_remove_port_mapping' in the file 'libpurple/upnp.c' that could allow denial of service attacks when handling certain UPnP response messages. (CVE-2013-0274)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 64670
    published 2013-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64670
    title Pidgin < 2.10.7 Multiple Vulnerabilities
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1746-1.NASL
    description Chris Wysopal discovered that Pidgin incorrectly handled file transfers in the MXit protocol handler. A remote attacker could use this issue to create or overwrite arbitrary files. This issue only affected Ubuntu 11.10, Ubuntu 12.04 LTS and Ubuntu 12.10. (CVE-2013-0271) It was discovered that Pidgin incorrectly handled long HTTP headers in the MXit protocol handler. A malicious remote server could use this issue to execute arbitrary code. (CVE-2013-0272) It was discovered that Pidgin incorrectly handled long user IDs in the Sametime protocol handler. A malicious remote server could use this issue to cause Pidgin to crash, resulting in a denial of service. (CVE-2013-0273) It was discovered that Pidgin incorrectly handled long strings when processing UPnP responses. A remote attacker could use this issue to cause Pidgin to crash, resulting in a denial of service. (CVE-2013-0274). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 64890
    published 2013-02-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64890
    title Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : pidgin vulnerabilities (USN-1746-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-0646.NASL
    description Updated pidgin packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A stack-based buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially crafted HTTP request. (CVE-2013-0272) A buffer overflow flaw was found in the Pidgin Sametime protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially crafted username. (CVE-2013-0273) A buffer overflow flaw was found in the way Pidgin processed certain UPnP responses. A remote attacker could send a specially crafted UPnP response that, when processed, would crash Pidgin. (CVE-2013-0274) Red Hat would like to thank the Pidgin project for reporting the above issues. Upstream acknowledges Daniel Atallah as the original reporter of CVE-2013-0272. All Pidgin users should upgrade to these updated packages, which contain backported patches to resolve these issues. Pidgin must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 65561
    published 2013-03-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65561
    title RHEL 5 / 6 : pidgin (RHSA-2013:0646)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_FINCH-130227.NASL
    description pidgin was updated to fix 4 security issues : - Fixed a crash when receiving UPnP responses with abnormally long values. (CVE-2013-0274, bnc#804742) - Fixed a crash in Sametime protocol when a malicious server sends us an abnormally long user ID. (CVE-2013-0273, bnc#804742) - Fixed a bug where the MXit server or a man-in-the-middle could potentially send specially crafted data that could overflow a buffer and lead to a crash or remote code execution. (CVE-2013-0272, bnc#804742) - Fixed a bug where a remote MXit user could possibly specify a local file path to be written to. (CVE-2013-0271, bnc#804742)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 65024
    published 2013-03-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65024
    title SuSE 11.2 Security Update : pidgin (SAT Patch Number 7429)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_549787C1891611E2854968B599B52A02.NASL
    description Pidgin reports : libpurple Fix a crash when receiving UPnP responses with abnormally long values. MXit Fix two bugs where a remote MXit user could possibly specify a local file path to be written to. Fix a bug where the MXit server or a man-in-the-middle could potentially send specially crafted data that could overflow a buffer and lead to a crash or remote code execution. Sametime Fix a crash in Sametime when a malicious server sends us an abnormally long user ID.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 65184
    published 2013-03-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65184
    title FreeBSD : libpurple -- multiple vulnerabilities (549787c1-8916-11e2-8549-68b599b52a02)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-0646.NASL
    description Updated pidgin packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A stack-based buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially crafted HTTP request. (CVE-2013-0272) A buffer overflow flaw was found in the Pidgin Sametime protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially crafted username. (CVE-2013-0273) A buffer overflow flaw was found in the way Pidgin processed certain UPnP responses. A remote attacker could send a specially crafted UPnP response that, when processed, would crash Pidgin. (CVE-2013-0274) Red Hat would like to thank the Pidgin project for reporting the above issues. Upstream acknowledges Daniel Atallah as the original reporter of CVE-2013-0272. All Pidgin users should upgrade to these updated packages, which contain backported patches to resolve these issues. Pidgin must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 65555
    published 2013-03-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65555
    title CentOS 5 / 6 : pidgin (CESA-2013:0646)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201405-22.NASL
    description The remote host is affected by the vulnerability described in GLSA-201405-22 (Pidgin: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Pidgin. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the Pidgin process, cause a Denial of Service condition, overwrite files, or spoof traffic. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 74064
    published 2014-05-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74064
    title GLSA-201405-22 : Pidgin: Multiple vulnerabilities
oval via4
accepted 2013-09-30T04:00:55.947-04:00
class vulnerability
contributors
name Shane Shaffer
organization G2, Inc.
definition_extensions
comment Pidgin is installed
oval oval:org.mitre.oval:def:12366
description upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network.
family windows
id oval:org.mitre.oval:def:18221
status accepted
submitted 2013-08-16T15:36:10.221-04:00
title upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network
version 4
redhat via4
advisories
bugzilla
id 910042
title CVE-2013-0274 pidgin: missing nul termination of long values in UPnP responses
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment finch is earlier than 0:2.6.6-17.el5_9.1
          oval oval:com.redhat.rhsa:tst:20130646004
        • comment finch is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080584016
      • AND
        • comment finch-devel is earlier than 0:2.6.6-17.el5_9.1
          oval oval:com.redhat.rhsa:tst:20130646012
        • comment finch-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080584014
      • AND
        • comment libpurple is earlier than 0:2.6.6-17.el5_9.1
          oval oval:com.redhat.rhsa:tst:20130646006
        • comment libpurple is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080584020
      • AND
        • comment libpurple-devel is earlier than 0:2.6.6-17.el5_9.1
          oval oval:com.redhat.rhsa:tst:20130646008
        • comment libpurple-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080584018
      • AND
        • comment libpurple-perl is earlier than 0:2.6.6-17.el5_9.1
          oval oval:com.redhat.rhsa:tst:20130646016
        • comment libpurple-perl is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080584010
      • AND
        • comment libpurple-tcl is earlier than 0:2.6.6-17.el5_9.1
          oval oval:com.redhat.rhsa:tst:20130646018
        • comment libpurple-tcl is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080584012
      • AND
        • comment pidgin is earlier than 0:2.6.6-17.el5_9.1
          oval oval:com.redhat.rhsa:tst:20130646002
        • comment pidgin is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080584008
      • AND
        • comment pidgin-devel is earlier than 0:2.6.6-17.el5_9.1
          oval oval:com.redhat.rhsa:tst:20130646010
        • comment pidgin-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080584024
      • AND
        • comment pidgin-perl is earlier than 0:2.6.6-17.el5_9.1
          oval oval:com.redhat.rhsa:tst:20130646014
        • comment pidgin-perl is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080584022
  • AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment finch is earlier than 0:2.7.9-10.el6_4.1
          oval oval:com.redhat.rhsa:tst:20130646036
        • comment finch is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100890020
      • AND
        • comment finch-devel is earlier than 0:2.7.9-10.el6_4.1
          oval oval:com.redhat.rhsa:tst:20130646028
        • comment finch-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100890012
      • AND
        • comment libpurple is earlier than 0:2.7.9-10.el6_4.1
          oval oval:com.redhat.rhsa:tst:20130646034
        • comment libpurple is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100890008
      • AND
        • comment libpurple-devel is earlier than 0:2.7.9-10.el6_4.1
          oval oval:com.redhat.rhsa:tst:20130646026
        • comment libpurple-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100890016
      • AND
        • comment libpurple-perl is earlier than 0:2.7.9-10.el6_4.1
          oval oval:com.redhat.rhsa:tst:20130646030
        • comment libpurple-perl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100890014
      • AND
        • comment libpurple-tcl is earlier than 0:2.7.9-10.el6_4.1
          oval oval:com.redhat.rhsa:tst:20130646038
        • comment libpurple-tcl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100890022
      • AND
        • comment pidgin is earlier than 0:2.7.9-10.el6_4.1
          oval oval:com.redhat.rhsa:tst:20130646024
        • comment pidgin is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100890006
      • AND
        • comment pidgin-devel is earlier than 0:2.7.9-10.el6_4.1
          oval oval:com.redhat.rhsa:tst:20130646042
        • comment pidgin-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100890018
      • AND
        • comment pidgin-docs is earlier than 0:2.7.9-10.el6_4.1
          oval oval:com.redhat.rhsa:tst:20130646032
        • comment pidgin-docs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100890024
      • AND
        • comment pidgin-perl is earlier than 0:2.7.9-10.el6_4.1
          oval oval:com.redhat.rhsa:tst:20130646040
        • comment pidgin-perl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100890010
rhsa
id RHSA-2013:0646
released 2013-03-14
severity Moderate
title RHSA-2013:0646: pidgin security update (Moderate)
rpms
  • finch-0:2.6.6-17.el5_9.1
  • finch-devel-0:2.6.6-17.el5_9.1
  • libpurple-0:2.6.6-17.el5_9.1
  • libpurple-devel-0:2.6.6-17.el5_9.1
  • libpurple-perl-0:2.6.6-17.el5_9.1
  • libpurple-tcl-0:2.6.6-17.el5_9.1
  • pidgin-0:2.6.6-17.el5_9.1
  • pidgin-devel-0:2.6.6-17.el5_9.1
  • pidgin-perl-0:2.6.6-17.el5_9.1
  • finch-0:2.7.9-10.el6_4.1
  • finch-devel-0:2.7.9-10.el6_4.1
  • libpurple-0:2.7.9-10.el6_4.1
  • libpurple-devel-0:2.7.9-10.el6_4.1
  • libpurple-perl-0:2.7.9-10.el6_4.1
  • libpurple-tcl-0:2.7.9-10.el6_4.1
  • pidgin-0:2.7.9-10.el6_4.1
  • pidgin-devel-0:2.7.9-10.el6_4.1
  • pidgin-docs-0:2.7.9-10.el6_4.1
  • pidgin-perl-0:2.7.9-10.el6_4.1
refmap via4
confirm
suse
  • SUSE-SU-2013:0388
  • openSUSE-SU-2013:0405
  • openSUSE-SU-2013:0407
ubuntu USN-1746-1
Last major update 02-11-2013 - 23:29
Published 16-02-2013 - 16:55
Last modified 18-09-2017 - 21:35
Back to Top