Showing 1 - 4 of 4

CVE-2009-3026

Status Candidate

Overview

protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption and allows remote attackers to sniff sessions.

Related Files

Ubuntu Security Notice 886-1: Posted Jan 18, 2010; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 886-1 - It was discovered that Pidgin did not properly handle certain topic messages in the IRC protocol handler, enforce the "require TLS/SSL" setting when connecting to certain older Jabber servers, did not properly handle certain SLP invite messages in the MSN protocol handler, did not properly handle certain errors in the XMPP protocol handler, did not properly handle malformed contact-list data in the OSCAR protocol handler and did not properly handle custom smiley requests in the MSN protocol handler.; tags | advisory, protocol; systems | linux, ubuntu; advisories | CVE-2008-2955, CVE-2009-1376, CVE-2009-2703, CVE-2009-3026, CVE-2009-3083, CVE-2009-3085, CVE-2009-3615, CVE-2010-0013; SHA-256 | 1937188a7228cf7d3965e317d6df8276fcbc3f19dd39e90885336e6ce8c82d07; Download | Favorite | View

Mandriva Linux Security Advisory 2009-321: Posted Dec 7, 2009; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2009-321 - Security vulnerabilities have been identified and fixed in pidgin. This update provides pidgin 2.6.2, which is not vulnerable to these issues.; tags | advisory, vulnerability; systems | linux, mandriva; advisories | CVE-2008-2955, CVE-2008-2957, CVE-2008-3532, CVE-2009-1373, CVE-2009-1374, CVE-2009-1375, CVE-2009-1376, CVE-2009-1889, CVE-2009-2694, CVE-2009-2703, CVE-2009-3025, CVE-2009-3026, CVE-2009-3083, CVE-2009-3084, CVE-2009-3085; SHA-256 | 7fa7a9e261705a1c8d79a87e1bd96c137a3fc7f7847a59247c6845386710d895; Download | Favorite | View

Gentoo Linux Security Advisory 200910-2: Posted Oct 23, 2009; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 200910-2 - Multiple vulnerabilities have been discovered in Pidgin, leading to the remote execution of arbitrary code, unauthorized information disclosure, or Denial of Service. Versions less than 2.5.9-r1 are affected.; tags | advisory, remote, denial of service, arbitrary, vulnerability, info disclosure; systems | linux, gentoo; advisories | CVE-2009-1376, CVE-2009-1889, CVE-2009-2694, CVE-2009-3026; SHA-256 | e779f111b1348b505f287d3b122922b47e53deed021d9b1d7f32a5e7bd682180; Download | Favorite | View

Mandriva Linux Security Advisory 2009-230: Posted Sep 11, 2009; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2009-230 - Security vulnerabilities has been identified and fixed in pidgin.; tags | advisory, vulnerability; systems | linux, mandriva; advisories | CVE-2009-2694, CVE-2009-3025, CVE-2009-3026, CVE-2009-2703, CVE-2009-3083, CVE-2009-3084, CVE-2009-3085; SHA-256 | 21e4fec4f4426731e84e353e4f3e1e763c7511c9995ae7f25519ceb23e1e4370; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 240 files
indoushka 173 files
Jay Turla 150 files
Ubuntu 78 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,114)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,123)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (389)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,209)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,823)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,848)
UNIX (9,455)
UnixWare (188)
Windows (6,772)
Other

CVE-2009-3026

Overview

Related Files

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems