what you don't know can hurt you
Showing 1 - 4 of 4 RSS Feed

CVE-2009-3026

Status Candidate

Overview

protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption and allows remote attackers to sniff sessions.

Related Files

Ubuntu Security Notice 886-1
Posted Jan 18, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 886-1 - It was discovered that Pidgin did not properly handle certain topic messages in the IRC protocol handler, enforce the "require TLS/SSL" setting when connecting to certain older Jabber servers, did not properly handle certain SLP invite messages in the MSN protocol handler, did not properly handle certain errors in the XMPP protocol handler, did not properly handle malformed contact-list data in the OSCAR protocol handler and did not properly handle custom smiley requests in the MSN protocol handler.

tags | advisory, protocol
systems | linux, ubuntu
advisories | CVE-2008-2955, CVE-2009-1376, CVE-2009-2703, CVE-2009-3026, CVE-2009-3083, CVE-2009-3085, CVE-2009-3615, CVE-2010-0013
MD5 | 0b4090a2dd3eb5bfecd488bb6a25d408
Mandriva Linux Security Advisory 2009-321
Posted Dec 7, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-321 - Security vulnerabilities have been identified and fixed in pidgin. This update provides pidgin 2.6.2, which is not vulnerable to these issues.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2008-2955, CVE-2008-2957, CVE-2008-3532, CVE-2009-1373, CVE-2009-1374, CVE-2009-1375, CVE-2009-1376, CVE-2009-1889, CVE-2009-2694, CVE-2009-2703, CVE-2009-3025, CVE-2009-3026, CVE-2009-3083, CVE-2009-3084, CVE-2009-3085
MD5 | 2a2486ce5662682926318a5feee5ba52
Gentoo Linux Security Advisory 200910-2
Posted Oct 23, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 200910-2 - Multiple vulnerabilities have been discovered in Pidgin, leading to the remote execution of arbitrary code, unauthorized information disclosure, or Denial of Service. Versions less than 2.5.9-r1 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability, info disclosure
systems | linux, gentoo
advisories | CVE-2009-1376, CVE-2009-1889, CVE-2009-2694, CVE-2009-3026
MD5 | f95b0cceac8b6a1952e1d478ee365438
Mandriva Linux Security Advisory 2009-230
Posted Sep 11, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-230 - Security vulnerabilities has been identified and fixed in pidgin.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2009-2694, CVE-2009-3025, CVE-2009-3026, CVE-2009-2703, CVE-2009-3083, CVE-2009-3084, CVE-2009-3085
MD5 | d0c25cdbd2c8b90bad6c088ecb6806a8
Page 1 of 1
Back1Next

File Archive:

March 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    2 Files
  • 2
    Mar 2nd
    18 Files
  • 3
    Mar 3rd
    15 Files
  • 4
    Mar 4th
    12 Files
  • 5
    Mar 5th
    19 Files
  • 6
    Mar 6th
    8 Files
  • 7
    Mar 7th
    1 Files
  • 8
    Mar 8th
    1 Files
  • 9
    Mar 9th
    11 Files
  • 10
    Mar 10th
    15 Files
  • 11
    Mar 11th
    9 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    13 Files
  • 14
    Mar 14th
    10 Files
  • 15
    Mar 15th
    13 Files
  • 16
    Mar 16th
    27 Files
  • 17
    Mar 17th
    15 Files
  • 18
    Mar 18th
    23 Files
  • 19
    Mar 19th
    25 Files
  • 20
    Mar 20th
    10 Files
  • 21
    Mar 21st
    6 Files
  • 22
    Mar 22nd
    1 Files
  • 23
    Mar 23rd
    22 Files
  • 24
    Mar 24th
    15 Files
  • 25
    Mar 25th
    22 Files
  • 26
    Mar 26th
    20 Files
  • 27
    Mar 27th
    15 Files
  • 28
    Mar 28th
    10 Files
  • 29
    Mar 29th
    1 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close