exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2009-1373

Status Candidate

Overview

Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information.

Related Files

Mandriva Linux Security Advisory 2009-321
Posted Dec 7, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-321 - Security vulnerabilities have been identified and fixed in pidgin. This update provides pidgin 2.6.2, which is not vulnerable to these issues.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2008-2955, CVE-2008-2957, CVE-2008-3532, CVE-2009-1373, CVE-2009-1374, CVE-2009-1375, CVE-2009-1376, CVE-2009-1889, CVE-2009-2694, CVE-2009-2703, CVE-2009-3025, CVE-2009-3026, CVE-2009-3083, CVE-2009-3084, CVE-2009-3085
SHA-256 | 7fa7a9e261705a1c8d79a87e1bd96c137a3fc7f7847a59247c6845386710d895
Mandriva Linux Security Advisory 2009-173
Posted Jul 29, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-173 - Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet. The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime protocol. Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows.

tags | advisory, remote, denial of service, overflow, arbitrary, protocol
systems | linux, mandriva
advisories | CVE-2009-1373, CVE-2009-1374, CVE-2009-1375, CVE-2009-1376
SHA-256 | 2b59c2d42635d453fe9cfa37545cf630aad2deaed3ed8ca7ed76ad685147da46
Mandriva Linux Security Advisory 2009-147
Posted Jun 30, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-147 - Arbitrary code execution, denial of service, and overflows have been addressed in the latest Pidgin update.

tags | advisory, denial of service, overflow, arbitrary, code execution
systems | linux, mandriva
advisories | CVE-2009-1373, CVE-2009-1374, CVE-2009-1375, CVE-2009-1376
SHA-256 | ec905f205027ef8376505e10bea5d0b6bda25d681844581a211815ee219627b4
Mandriva Linux Security Advisory 2009-140
Posted Jun 25, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-140 - Multiple security vulnerabilities have been identified and fixed in gaim. These include integer and buffer overflows.

tags | advisory, overflow, vulnerability
systems | linux, mandriva
advisories | CVE-2009-1373, CVE-2009-1376
SHA-256 | bde1a0669082b16d847d1bff535b714ea5b0668ec0d900ac0047e00a3076c148
Ubuntu Security Notice 781-2
Posted Jun 4, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-781-2 - It was discovered that Gaim did not properly handle certain malformed messages when sending a file using the XMPP protocol handler. If a user were tricked into sending a file, a remote attacker could send a specially crafted response and cause Gaim to crash, or possibly execute arbitrary code with user privileges. It was discovered that Gaim did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges.

tags | advisory, remote, arbitrary, protocol
systems | linux, ubuntu
advisories | CVE-2009-1373, CVE-2009-1376
SHA-256 | 959ae8eddaf8e4c73e6210d8d6f03aa37f29790fab59d7fbeb81aa87e655ad3a
Ubuntu Security Notice 781-1
Posted Jun 4, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-781-1 - It was discovered that Pidgin did not properly handle certain malformed messages when sending a file using the XMPP protocol handler. If a user were tricked into sending a file, a remote attacker could send a specially crafted response and cause Pidgin to crash, or possibly execute arbitrary code with user privileges. It was discovered that Pidgin did not properly handle certain malformed messages in the QQ protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash. This issue only affected Ubuntu 8.10 and 9.04. It was discovered that Pidgin did not properly handle certain malformed messages in the XMPP and Sametime protocol handlers. A remote attacker could send a specially crafted message and cause Pidgin to crash. It was discovered that Pidgin did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges.

tags | advisory, remote, arbitrary, protocol
systems | linux, ubuntu
advisories | CVE-2009-1373, CVE-2009-1374, CVE-2009-1375, CVE-2009-1376
SHA-256 | edcd25ea3a9efa771fd79ad6546263ae682ec7ea24fb292898ff40eeb7c0ca27
Gentoo Linux Security Advisory 200905-7
Posted May 26, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200905-07 - Multiple vulnerabilities in Pidgin might allow for the remote execution of arbitrary code or a Denial of Service. Versions less than 2.5.6 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2008-2927, CVE-2009-1373, CVE-2009-1374, CVE-2009-1375, CVE-2009-1376
SHA-256 | 256d008607e8ce04042b47a260060c410f5e6c429f1f4c3a80bb4141e839b483
Debian Linux Security Advisory 1805-1
Posted May 24, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1805-1 - Several vulnerabilities have been discovered in Pidgin, a graphical multi-protocol instant messaging client.

tags | advisory, vulnerability, protocol
systems | linux, debian
advisories | CVE-2009-1373, CVE-2009-1375, CVE-2009-1376
SHA-256 | cbce861a8fc059dce0e2e207159753b832372c40084d4da5642331a83f7f5a29
Page 1 of 1
Back1Next

File Archive:

November 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    16 Files
  • 2
    Nov 2nd
    17 Files
  • 3
    Nov 3rd
    17 Files
  • 4
    Nov 4th
    11 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    3 Files
  • 8
    Nov 8th
    59 Files
  • 9
    Nov 9th
    12 Files
  • 10
    Nov 10th
    6 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    1 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    9 Files
  • 15
    Nov 15th
    33 Files
  • 16
    Nov 16th
    53 Files
  • 17
    Nov 17th
    11 Files
  • 18
    Nov 18th
    14 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    26 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    10 Files
  • 24
    Nov 24th
    9 Files
  • 25
    Nov 25th
    11 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    20 Files
  • 29
    Nov 29th
    9 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close