Mandriva Linux Security Advisory 2009-127 - It was discovered that Gaim did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges.
c129ddafc8e6adbe84ce0db1d2f64f157d4c61e4660c21d8942f61dda334aa16Gentoo Linux Security Advisory GLSA 200905-07 - Multiple vulnerabilities in Pidgin might allow for the remote execution of arbitrary code or a Denial of Service. Versions less than 2.5.6 are affected.
256d008607e8ce04042b47a260060c410f5e6c429f1f4c3a80bb4141e839b483Gentoo Linux Security Advisory GLSA 200901-13 - Multiple vulnerabilities have been discovered in Pidgin, allowing for remote arbitrary code execution, denial of service and service spoofing. Versions less than 2.5.1 are affected.
5c8641ff9d8829a4bc791d6ebd5e292ed9e0f6181c8a3aa77d4706bac8585743Ubuntu Security Notice USN-675-2 - It was discovered that Gaim did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges.
7e9520c885b1e6091c3f2f1be79d8a8bb9debda71e26bf44b22d2c8e526f5f26Ubuntu Security Notice USN-675-1 - It was discovered that Pidgin did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges. It was discovered that Pidgin did not properly handle file transfers containing a long filename and special characters in the MSN protocol handler. A remote attacker could send a specially crafted filename in a file transfer request and cause Pidgin to crash, leading to a denial of service. It was discovered that Pidgin did not impose resource limitations in the UPnP service. A remote attacker could cause Pidgin to download arbitrary files and cause a denial of service from memory or disk space exhaustion. It was discovered that Pidgin did not validate SSL certificates when using a secure connection. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. This update alters Pidgin behaviour by asking users to confirm the validity of a certificate upon initial login.
e5e3001e6d6476f98054192d0fafe30602a1312ac464eec120826a1864a9cd0fA vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of messaging applications that make use of the libpurple library. User interaction is not required to exploit this vulnerability. The specific flaw exists in the implementation of the MSN protocol, specifically the handling of SLP messages. The function msn_slplink_process_msg() fails to properly validate an offset value specified in the SLP packet. By providing a specific value, an attacker can overflow a heap buffer resulting in arbitrary code execution.
e15e4d5ffbe515920af88f4eecd3c1a6f1e9059e4b62cd784e5ab4422f7cbdf1Debian Security Advisory 1610-1 - It was discovered that gaim, an multi-protocol instant messaging client, was vulnerable to several integer overflows in its MSN protocol handlers. These could allow a remote attacker to execute arbitrary code.
9d3141af28bae1326f00185ef768c74fd57a4d5edab1be0c27617b9f59b0e9ccMandriva Linux Security Advisory - An integer overflow flaw was found in Pidgin's MSN protocol handler that could allow for the execution of arbitrary code if a user received a malicious MSN message. In addition, this update provides the ability to use ICQ networks again on Mandriva Linux 2008.0, as in MDVSA-2008:103 (updated pidgin for 2008.1). The updated packages have been patched to correct this issue.
7d84696431ca3cbdcdd7bc3811cc4ffa055ddcf1c20c7cb29c685bb32ae3d154
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed