what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed

CVE-2009-1376

Status Candidate

Overview

Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927.

Related Files

Ubuntu Security Notice 886-1
Posted Jan 18, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 886-1 - It was discovered that Pidgin did not properly handle certain topic messages in the IRC protocol handler, enforce the "require TLS/SSL" setting when connecting to certain older Jabber servers, did not properly handle certain SLP invite messages in the MSN protocol handler, did not properly handle certain errors in the XMPP protocol handler, did not properly handle malformed contact-list data in the OSCAR protocol handler and did not properly handle custom smiley requests in the MSN protocol handler.

tags | advisory, protocol
systems | linux, ubuntu
advisories | CVE-2008-2955, CVE-2009-1376, CVE-2009-2703, CVE-2009-3026, CVE-2009-3083, CVE-2009-3085, CVE-2009-3615, CVE-2010-0013
SHA-256 | 1937188a7228cf7d3965e317d6df8276fcbc3f19dd39e90885336e6ce8c82d07
Mandriva Linux Security Advisory 2009-321
Posted Dec 7, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-321 - Security vulnerabilities have been identified and fixed in pidgin. This update provides pidgin 2.6.2, which is not vulnerable to these issues.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2008-2955, CVE-2008-2957, CVE-2008-3532, CVE-2009-1373, CVE-2009-1374, CVE-2009-1375, CVE-2009-1376, CVE-2009-1889, CVE-2009-2694, CVE-2009-2703, CVE-2009-3025, CVE-2009-3026, CVE-2009-3083, CVE-2009-3084, CVE-2009-3085
SHA-256 | 7fa7a9e261705a1c8d79a87e1bd96c137a3fc7f7847a59247c6845386710d895
Gentoo Linux Security Advisory 200910-2
Posted Oct 23, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 200910-2 - Multiple vulnerabilities have been discovered in Pidgin, leading to the remote execution of arbitrary code, unauthorized information disclosure, or Denial of Service. Versions less than 2.5.9-r1 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability, info disclosure
systems | linux, gentoo
advisories | CVE-2009-1376, CVE-2009-1889, CVE-2009-2694, CVE-2009-3026
SHA-256 | e779f111b1348b505f287d3b122922b47e53deed021d9b1d7f32a5e7bd682180
Mandriva Linux Security Advisory 2009-173
Posted Jul 29, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-173 - Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet. The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime protocol. Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows.

tags | advisory, remote, denial of service, overflow, arbitrary, protocol
systems | linux, mandriva
advisories | CVE-2009-1373, CVE-2009-1374, CVE-2009-1375, CVE-2009-1376
SHA-256 | 2b59c2d42635d453fe9cfa37545cf630aad2deaed3ed8ca7ed76ad685147da46
Mandriva Linux Security Advisory 2009-147
Posted Jun 30, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-147 - Arbitrary code execution, denial of service, and overflows have been addressed in the latest Pidgin update.

tags | advisory, denial of service, overflow, arbitrary, code execution
systems | linux, mandriva
advisories | CVE-2009-1373, CVE-2009-1374, CVE-2009-1375, CVE-2009-1376
SHA-256 | ec905f205027ef8376505e10bea5d0b6bda25d681844581a211815ee219627b4
Mandriva Linux Security Advisory 2009-140
Posted Jun 25, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-140 - Multiple security vulnerabilities have been identified and fixed in gaim. These include integer and buffer overflows.

tags | advisory, overflow, vulnerability
systems | linux, mandriva
advisories | CVE-2009-1373, CVE-2009-1376
SHA-256 | bde1a0669082b16d847d1bff535b714ea5b0668ec0d900ac0047e00a3076c148
Zero Day Initiative Advisory 09-031
Posted Jun 9, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-031 - This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of messaging applications that make use of the libpurple library. User interaction is not required to exploit this vulnerability. The specific flaw exists in the implementation of the MSN protocol, specifically the handling of SLP messages. The function msn_slplink_process_msg() fails to properly validate an offset value specified in the SLP packet. By providing a specific value, an attacker can overflow a heap buffer resulting in arbitrary code execution.

tags | advisory, remote, overflow, arbitrary, code execution, protocol
advisories | CVE-2009-1376
SHA-256 | 286f5573fcf8c6351e406eab363184ebc1f7e8a3742b6d01a9ca6c90a0e3992d
Ubuntu Security Notice 781-2
Posted Jun 4, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-781-2 - It was discovered that Gaim did not properly handle certain malformed messages when sending a file using the XMPP protocol handler. If a user were tricked into sending a file, a remote attacker could send a specially crafted response and cause Gaim to crash, or possibly execute arbitrary code with user privileges. It was discovered that Gaim did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges.

tags | advisory, remote, arbitrary, protocol
systems | linux, ubuntu
advisories | CVE-2009-1373, CVE-2009-1376
SHA-256 | 959ae8eddaf8e4c73e6210d8d6f03aa37f29790fab59d7fbeb81aa87e655ad3a
Ubuntu Security Notice 781-1
Posted Jun 4, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-781-1 - It was discovered that Pidgin did not properly handle certain malformed messages when sending a file using the XMPP protocol handler. If a user were tricked into sending a file, a remote attacker could send a specially crafted response and cause Pidgin to crash, or possibly execute arbitrary code with user privileges. It was discovered that Pidgin did not properly handle certain malformed messages in the QQ protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash. This issue only affected Ubuntu 8.10 and 9.04. It was discovered that Pidgin did not properly handle certain malformed messages in the XMPP and Sametime protocol handlers. A remote attacker could send a specially crafted message and cause Pidgin to crash. It was discovered that Pidgin did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges.

tags | advisory, remote, arbitrary, protocol
systems | linux, ubuntu
advisories | CVE-2009-1373, CVE-2009-1374, CVE-2009-1375, CVE-2009-1376
SHA-256 | edcd25ea3a9efa771fd79ad6546263ae682ec7ea24fb292898ff40eeb7c0ca27
Gentoo Linux Security Advisory 200905-7
Posted May 26, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200905-07 - Multiple vulnerabilities in Pidgin might allow for the remote execution of arbitrary code or a Denial of Service. Versions less than 2.5.6 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2008-2927, CVE-2009-1373, CVE-2009-1374, CVE-2009-1375, CVE-2009-1376
SHA-256 | 256d008607e8ce04042b47a260060c410f5e6c429f1f4c3a80bb4141e839b483
Debian Linux Security Advisory 1805-1
Posted May 24, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1805-1 - Several vulnerabilities have been discovered in Pidgin, a graphical multi-protocol instant messaging client.

tags | advisory, vulnerability, protocol
systems | linux, debian
advisories | CVE-2009-1373, CVE-2009-1375, CVE-2009-1376
SHA-256 | cbce861a8fc059dce0e2e207159753b832372c40084d4da5642331a83f7f5a29
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close