exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2008-2927

Status Candidate

Overview

Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 and Adium before 1.3 allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, a different vulnerability than CVE-2008-2955.

Related Files

Mandriva Linux Security Advisory 2009-127
Posted Jun 4, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-127 - It was discovered that Gaim did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges.

tags | advisory, remote, arbitrary, protocol
systems | linux, mandriva
advisories | CVE-2008-2927
SHA-256 | c129ddafc8e6adbe84ce0db1d2f64f157d4c61e4660c21d8942f61dda334aa16
Gentoo Linux Security Advisory 200905-7
Posted May 26, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200905-07 - Multiple vulnerabilities in Pidgin might allow for the remote execution of arbitrary code or a Denial of Service. Versions less than 2.5.6 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2008-2927, CVE-2009-1373, CVE-2009-1374, CVE-2009-1375, CVE-2009-1376
SHA-256 | 256d008607e8ce04042b47a260060c410f5e6c429f1f4c3a80bb4141e839b483
Gentoo Linux Security Advisory 200901-13
Posted Jan 21, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200901-13 - Multiple vulnerabilities have been discovered in Pidgin, allowing for remote arbitrary code execution, denial of service and service spoofing. Versions less than 2.5.1 are affected.

tags | advisory, remote, denial of service, arbitrary, spoof, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2008-2927, CVE-2008-2955, CVE-2008-2957, CVE-2008-3532
SHA-256 | 5c8641ff9d8829a4bc791d6ebd5e292ed9e0f6181c8a3aa77d4706bac8585743
Ubuntu Security Notice 675-2
Posted Nov 24, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-675-2 - It was discovered that Gaim did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges.

tags | advisory, remote, arbitrary, protocol
systems | linux, ubuntu
advisories | CVE-2008-2927
SHA-256 | 7e9520c885b1e6091c3f2f1be79d8a8bb9debda71e26bf44b22d2c8e526f5f26
Ubuntu Security Notice 675-1
Posted Nov 24, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-675-1 - It was discovered that Pidgin did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges. It was discovered that Pidgin did not properly handle file transfers containing a long filename and special characters in the MSN protocol handler. A remote attacker could send a specially crafted filename in a file transfer request and cause Pidgin to crash, leading to a denial of service. It was discovered that Pidgin did not impose resource limitations in the UPnP service. A remote attacker could cause Pidgin to download arbitrary files and cause a denial of service from memory or disk space exhaustion. It was discovered that Pidgin did not validate SSL certificates when using a secure connection. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. This update alters Pidgin behaviour by asking users to confirm the validity of a certificate upon initial login.

tags | advisory, remote, denial of service, arbitrary, protocol
systems | linux, ubuntu
advisories | CVE-2008-2927, CVE-2008-2955, CVE-2008-2957, CVE-2008-3532
SHA-256 | e5e3001e6d6476f98054192d0fafe30602a1312ac464eec120826a1864a9cd0f
Zero Day Initiative Advisory 08-054
Posted Aug 29, 2008
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of messaging applications that make use of the libpurple library. User interaction is not required to exploit this vulnerability. The specific flaw exists in the implementation of the MSN protocol, specifically the handling of SLP messages. The function msn_slplink_process_msg() fails to properly validate an offset value specified in the SLP packet. By providing a specific value, an attacker can overflow a heap buffer resulting in arbitrary code execution.

tags | advisory, remote, overflow, arbitrary, code execution, protocol
advisories | CVE-2008-2927
SHA-256 | e15e4d5ffbe515920af88f4eecd3c1a6f1e9059e4b62cd784e5ab4422f7cbdf1
Debian Linux Security Advisory 1610-1
Posted Jul 15, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1610-1 - It was discovered that gaim, an multi-protocol instant messaging client, was vulnerable to several integer overflows in its MSN protocol handlers. These could allow a remote attacker to execute arbitrary code.

tags | advisory, remote, overflow, arbitrary, protocol
systems | linux, debian
advisories | CVE-2008-2927
SHA-256 | 9d3141af28bae1326f00185ef768c74fd57a4d5edab1be0c27617b9f59b0e9cc
Mandriva Linux Security Advisory 2008-143
Posted Jul 11, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - An integer overflow flaw was found in Pidgin's MSN protocol handler that could allow for the execution of arbitrary code if a user received a malicious MSN message. In addition, this update provides the ability to use ICQ networks again on Mandriva Linux 2008.0, as in MDVSA-2008:103 (updated pidgin for 2008.1). The updated packages have been patched to correct this issue.

tags | advisory, overflow, arbitrary, protocol
systems | linux, mandriva
advisories | CVE-2008-2927
SHA-256 | 7d84696431ca3cbdcdd7bc3811cc4ffa055ddcf1c20c7cb29c685bb32ae3d154
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    0 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close