exploit the possibilities
Showing 1 - 8 of 8 RSS Feed

CVE-2009-1373

Status Candidate

Overview

Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information.

Related Files

Mandriva Linux Security Advisory 2009-321
Posted Dec 7, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-321 - Security vulnerabilities have been identified and fixed in pidgin. This update provides pidgin 2.6.2, which is not vulnerable to these issues.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2008-2955, CVE-2008-2957, CVE-2008-3532, CVE-2009-1373, CVE-2009-1374, CVE-2009-1375, CVE-2009-1376, CVE-2009-1889, CVE-2009-2694, CVE-2009-2703, CVE-2009-3025, CVE-2009-3026, CVE-2009-3083, CVE-2009-3084, CVE-2009-3085
MD5 | 2a2486ce5662682926318a5feee5ba52
Mandriva Linux Security Advisory 2009-173
Posted Jul 29, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-173 - Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet. The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime protocol. Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows.

tags | advisory, remote, denial of service, overflow, arbitrary, protocol
systems | linux, mandriva
advisories | CVE-2009-1373, CVE-2009-1374, CVE-2009-1375, CVE-2009-1376
MD5 | 1f7428bede8c9956eee0f698cd1f3d80
Mandriva Linux Security Advisory 2009-147
Posted Jun 30, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-147 - Arbitrary code execution, denial of service, and overflows have been addressed in the latest Pidgin update.

tags | advisory, denial of service, overflow, arbitrary, code execution
systems | linux, mandriva
advisories | CVE-2009-1373, CVE-2009-1374, CVE-2009-1375, CVE-2009-1376
MD5 | bd7ab3a20dc88ac85fd03f2c1128bea6
Mandriva Linux Security Advisory 2009-140
Posted Jun 25, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-140 - Multiple security vulnerabilities have been identified and fixed in gaim. These include integer and buffer overflows.

tags | advisory, overflow, vulnerability
systems | linux, mandriva
advisories | CVE-2009-1373, CVE-2009-1376
MD5 | c5c23d7d3507364b21b0daece3caf8fc
Ubuntu Security Notice 781-2
Posted Jun 4, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-781-2 - It was discovered that Gaim did not properly handle certain malformed messages when sending a file using the XMPP protocol handler. If a user were tricked into sending a file, a remote attacker could send a specially crafted response and cause Gaim to crash, or possibly execute arbitrary code with user privileges. It was discovered that Gaim did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges.

tags | advisory, remote, arbitrary, protocol
systems | linux, ubuntu
advisories | CVE-2009-1373, CVE-2009-1376
MD5 | d74cb76df8b38e0209f284e5b01abe54
Ubuntu Security Notice 781-1
Posted Jun 4, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-781-1 - It was discovered that Pidgin did not properly handle certain malformed messages when sending a file using the XMPP protocol handler. If a user were tricked into sending a file, a remote attacker could send a specially crafted response and cause Pidgin to crash, or possibly execute arbitrary code with user privileges. It was discovered that Pidgin did not properly handle certain malformed messages in the QQ protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash. This issue only affected Ubuntu 8.10 and 9.04. It was discovered that Pidgin did not properly handle certain malformed messages in the XMPP and Sametime protocol handlers. A remote attacker could send a specially crafted message and cause Pidgin to crash. It was discovered that Pidgin did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges.

tags | advisory, remote, arbitrary, protocol
systems | linux, ubuntu
advisories | CVE-2009-1373, CVE-2009-1374, CVE-2009-1375, CVE-2009-1376
MD5 | a6eb12f8b58c9b78c48f4166060058d3
Gentoo Linux Security Advisory 200905-7
Posted May 26, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200905-07 - Multiple vulnerabilities in Pidgin might allow for the remote execution of arbitrary code or a Denial of Service. Versions less than 2.5.6 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2008-2927, CVE-2009-1373, CVE-2009-1374, CVE-2009-1375, CVE-2009-1376
MD5 | 2f42a882a3d29efd6aa7b350fa5f5e5a
Debian Linux Security Advisory 1805-1
Posted May 24, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1805-1 - Several vulnerabilities have been discovered in Pidgin, a graphical multi-protocol instant messaging client.

tags | advisory, vulnerability, protocol
systems | linux, debian
advisories | CVE-2009-1373, CVE-2009-1375, CVE-2009-1376
MD5 | 099ac930c7f745cca80f9f2ef9a38fb7
Page 1 of 1
Back1Next

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    12 Files
  • 19
    Sep 19th
    1 Files
  • 20
    Sep 20th
    1 Files
  • 21
    Sep 21st
    14 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close