Pardus Linux Security Advisory - A security issue has been reported in Pidgin, which can be exploited by malicious people to conduct spoofing attacks.
7d7a06f428bc233a170e7d397bec843735ab8315661364f2f678d387383c4d48------------------------------------------------------------------------
Pardus Linux Security Advisory 2008-18 security@pardus.org.tr
------------------------------------------------------------------------
Date: 2008-08-07
Severity: 2
Type: Remote
------------------------------------------------------------------------
Summary
=======
A security issue has been reported in Pidgin, which can be exploited by
malicious people to conduct spoofing attacks.
Description
===========
The problem is that the certificate presented by e.g. a Jabber server at
the beginning of an SSL session is not verified. This can be exploited
to spoof valid servers via a man-in-the-middle attack.
Successful exploitation requires that Pidgin is configured to use the
NSS plugin.
Affected packages:
Pardus 2008:
pidgin, all before 2.4.3-21-3
Pardus 2007:
pidgin, all before 2.4.3-21-14
Resolution
==========
There are update(s) for pidgin. You can update them via Package Manager
or with a single command from console:
Pardus 2008:
pisi up pidgin
Pardus 2007:
pisi up pidgin
References
==========
* http://secunia.com/advisories/31390/
* http://developer.pidgin.im/ticket/6500
------------------------------------------------------------------------
--
Pınar Yanardağ
http://pinguar.org
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed